Gadi Evron wrote:
Therefore, how many times does one have to refresh the page and listen
to the Captcha to be able to simply learn to identify the Captcha by
say, an MD5 hash of the audio for each letter?
That is just a bad implementation, when done well audio Captchas are
probably as secure
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 971-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 14th, 2006
did someone tried to perform a sound bruteforce attack against something
like a voice-password protected PDA?
/JA
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
On Mon, 2006-02-13 at 03:27 -0800, yogesh choubey wrote:
Hi Aditya,
i am yogesh , want to know more about winpcap.
how it works?still after reading from site winpcap ,i
am not able to get depper in it.please helpme by
providing some document.
Thanks Regards
Yogesh Kumar
The documentation
Stelian Ene wrote:
Gadi Evron wrote:
Therefore, how many times does one have to refresh the page and listen
to the Captcha to be able to simply learn to identify the Captcha by
say, an MD5 hash of the audio for each letter?
That is just a bad implementation, when done well audio Captchas
Steven M. Christey wrote:
Hey Steve! :)
It's not necessarily that 0-days are a myth, it's that people have
been using the term 0-day to mean two separate things:
0days are not a myth on their own.
They are live and kickin`! :)
- in-the-wild hacks of live systems using vulnerabilities
(*) Of course, it's better to use sound sources that are hard to
identify, and are ideally not available to the attacker; else he could
obtain the same sounds and subtract them from the audio. I think some
random pitch shifting (tremolo) would help against this.
OK. Use voice
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
0day just mean the day released, its mostly a term used in the warez
scene to qualify new app/mp3 cracked each days, as exploits released
each days ...
Gadi Evron wrote:
Steven M. Christey wrote:
Hey Steve! :)
It's not necessarily that 0-days
I've received two messages in the past few hours from 59.144.22.69,
pretending to be from [EMAIL PROTECTED] Both contain a binhex'd
UPX packed SCR attachment. Is it just me?
Headers below:
Return-Path: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received:
Just to be clear and because I've received a few replies, I realize that
fyodor didn't send these messages. I wasn't born yesterday ;)
I found the coincidence of me joining the list a week ago and someone
forging trojans to me from fyodor to be interesting and I was wondering
if anyone else was
I am trying to perform a man in the middle attack on a local client application.
The application client (VB application) uses a client side certificate located on a smart card (GEMPLUS) to encrypt co communication with the server (Java servlet).
AllI know is that the application accesses a url
Check out flowbits.
The first rule would get flowbits:noalert; flowbits:set,google.user.agent;
And the second rule would get flowbits:isset,google.user.agent;
That way the alert for the first rule would be suppressed and the
second rule would only trigger if the first one occured previously.
On
The first rule would get flowbits:noalert; flowbits:set,google.user.agent;
And the second rule would get flowbits:isset,google.user.agent;
Is that global (if #1, then always #2), or is it per-IP ?
I verified I can block the SSL session setup using the snort sig I
posted the other day .. but
Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
iDefense Security Advisory 02.14.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393
February 14, 2006
I. BACKGROUND
Windows Media Player is a full featured Audio/Visual playback
application offered by
I believe it is per TCP session, but don't quote me on that. Actually
now that i think about it, if it indeed is per TCP session then the
second rule will not trigger, since the SSL connection will be a part
of a different session.
I am not 100% sure though. Try it out and let us know. You
Official page : http://www.solucija.com/home/snews/
XSS in comments :
just post some comment with scriptalert('XSS TEST by
securitydot.net');/script
FIX : put this on 423 line
$r = str_replace (,lt,$r);
$r = str_replace (,lg,$r);
Injection through categories :
Things for a security company not to do in a webapp:
1. Do not auto-populate form fields on the page with customer names.
2. If you ignore rule number 1, don't use a simple, predictable id
for said auto-population.
https://download.foundstone.com/?o=^2155
Rinse, increment, and repeat for a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
First, sorry if this has been mentioned before. I've searched and
haven't found any mention, but it seems too obvious to have not
already been reported.
Basically, client gets etag from server, client sends etag to server
next time it connects,
[EMAIL PROTECTED] wrote:
Things for a security company not to do in a webapp:
1. Do not auto-populate form fields on the page with customer names.
2. If you ignore rule number 1, don't use a simple, predictable id
for said auto-population.
https://download.foundstone.com/?o=^2155
LOL,
And while we're at it...
https://download.foundstone.com/?o=;scriptalert(xss)/script
PGP.sig
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
[EMAIL PROTECTED] wrote:
https://download.foundstone.com/?o=^2155
Now that's just plain sloppy.
But at least it's SSL-secured.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
Warning: this post is being X-posted.
Blog/web spam is not the next spam medium, it is spam plain and simple.
People, including some anti spam experts, just don't realize how big it
all is. It's not only about spam, it is about spyware, bots and breaking
into computers.
How about I provide
EEYEB-20051017 Windows Media Player BMP Heap Overflow
Release Date:
February 14, 2006
Date Reported:
October 17, 2005
Patch Development Time (In Days):
60
Severity:
High (Remote Code Execution)
Vendor:
Microsoft
Systems Affected:
Microsoft Windows Media Player 7.1 through 10
Windows NT
*Maxxuss does it again! OSx86 10.4.4 Security Broken!
http://www.hackinthebox.org/modules.php?op=modloadname=Newsfile=articlesid=19342mode=threadorder=0thold=0*
Happy Valentines Day... from Maxxuss. The hacking guru has announced
preliminary patches for Apple's latest release of OS X for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 972-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 15th, 2006
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 973-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 15th, 2006
26 matches
Mail list logo