Glenn,
There are a few parts of this I am confused on.
>In the cert is a private key. If the system were required to contact a
>"backend" server first, passing it perhaps a cipher containing its
>serial number encrypted with its private key and its identity, the
When you say pass a 'cipher' do
On Wed, 26 Apr 2006, Larry Seltzer wrote:
> It wasn't my analogy. I was criticizing it.
Larry,
Sorry if I criticized you undeservedly, then. That exchange of mails was
unclear at best, however. In this particular branch of this (silly)
thread:
1) Tim Bilbro blasted me for disclosing a problem a
It mean nothing when you publish some bug without any info about where the problom is.So that the Vendor of IE will not give you any response.
jkl2007
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1045-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 27th, 2006
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Game's up, n3td3v. You can quit hiding behind your fake Yahoo account
now. Go away kid, before you hurt somebody.
owned!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> The bubbles
> were kind of painful, I have to give him credits for finding a 0day to
> cause pain to some remote guy using only email.
>
Now *that* is comedy.
Don "north" Bailey
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.0.6 (Build 606
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Robert Lemos wrote:
> Hi, Matt, thanks for this. Another 50 bucks is in the mail. This is
> exactly what I need to make the Securityfocus homepage exciting again.
This Lemos spoof is rather entertaining, but not the least bit
convincing. There a
> I do plan on releasing (more) multiple Google vulnerabilities soon, to
keep in line with my past reputation.
I promised not to reply to n3td3v related posts any more, but this one
sentence became an exception because of the cola that found its way out
through my nose when I read it and bursted
On 4/26/06, Krpata, Tyler <[EMAIL PROTECTED]> wrote:
> Well gee, aren't you going to post an Official Netdev Critical Emergency
> Security Advisory about this one or what?
Not this one, since its not security related.
However, I have a passion for hacking web applications, and corporate
backyard
> V. VENDOR RESPONSE
>
> * Microsoft was informed of this vulnerability on October 20, 2005.
>
> * As part of its December patch cycle, Microsoft issued the incomplete
> MS05-054 patch which plugged a specific instance of this issue that had
> been previously reported by Secunia.
>
> * MS05-054 doe
Consider the following attempt at el-cheapo (no hardware) authentication
(which occurred to me recently while reading some ads):
It is possible to imagine an authentication scheme that wants to use
something like a certificate with signing, encrypting random nonces
etc., to verify that someone
Your blog seems to suggest that you are also quite severely mistaken in
regard to my identity.
"Secunia did not notify Microsoft ahead of time in order to allow for
them to patch it before it became public. [...] Microsoft chided
Zalewski [from Secunia] for jumping the gun and posting his find
On Wed, 26 Apr 2006 17:56:26 -0500
"John Lightfoot" <[EMAIL PROTECTED]> wrote:
> Peter Besenbruch wrote:
>
>
> Clueless people will always be with us. No OS is going to keep them safe,
> but some may do a better job than others. You seem successful in managing
> Windows boxes, but my experience
Peter Besenbruch wrote:
Clueless people will always be with us. No OS is going to keep them safe,
but some may do a better job than others. You seem successful in managing
Windows boxes, but my experience is the opposite. Those daughters who kept
getting their computer infected? They never were t
Pavel Kankovsky wrote:
On Tue, 25 Apr 2006, Paul Schmehl wrote:
We haven't had a Windows box hacked in a long time.
Does it include Windoze boxes possesed by malware? Such a box is not
hacked in a strict sense but the difference is almost irrelevant (esp.
when backdoors have become a standa
On Tue, 25 Apr 2006, Paul Schmehl wrote:
> We haven't had a Windows box hacked in a long time.
Does it include Windoze boxes possesed by malware? Such a box is not
hacked in a strict sense but the difference is almost irrelevant (esp.
when backdoors have become a standard feature of malware).
On Wed, 26 Apr 2006 [EMAIL PROTECTED] wrote:
> There aren't people out there looking to exploit the flaws in your car in
> order to drive it where they want it to go. It's a lousy analogy.
Larry,
Microsoft Internet Explorer is not a car. Were it a car, it still wouldn't
be yours more than it wou
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Tim Bilbro wrote:
> You do a disservice to all IT shops by announcing these vulnerabilities
> before contacting the vendor.
I think lame inaccurate "blogging" causes more harm than research and
result dissemination.
Seriously - those who think
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Microsoft Internet Explorer User Interface Race Condition
I. SYNOPSIS
Affected Systems:
* Windows 98
* Windows 98 Second Edition
* Windows Millennium Edition
* Windows 2000
* Windows XP
* Windows S
Hi Larry,
Take the Miller Analogy Test (MAT) and let me know how you make out.
The analogy was as a consumer paying for a product and having the flaws be
public, for public safety. The products improve as the flaws are
discovered, publicized and corrected. The government has departments, like
I'm just going to give up. I am wasting too much time and jumping through too
many loops to get anything done. I will just watch my credit report and file a
complaint to the Department Of Higher Education and then leave it at that. I
have better things to do with my time than practically begging
Well gee, aren't you going to post an Official Netdev Critical Emergency
Security Advisory about this one or what?
-Original Message-
From: n3td3v [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 26, 2006 5:32 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] n3td3v outs
Off-topic but made me smile
http://groups.google.com/group/Google-Groups-Basics/browse_thread/thread/72934247c4d21eb0
Regards,
n3td3v
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and spo
Dear Michal Zalewski,
MZ> But that's for you to figure out what's wrong in that picture.
Let's say your far away from Danemark ? ;)
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
___
Full-Dis
On Wed, 26 Apr 2006, Tim Bilbro wrote:
> If you think you are helping, you are wrong.
Dear Tim Bilbro CISSP MCSE,
Your blog seems to suggest that you are also quite severely mistaken in
regard to my identity.
"Secunia did not notify Microsoft ahead of time in order to allow for
them to patc
On Wed, 26 Apr 2006, Tim Bilbro wrote:
> You do a disservice to all IT shops by announcing these vulnerabilities
> before contacting the vendor.
How were you impacted? What were your damages? The only loss that could
possibly occur to you or your company was the time you wasted to write
this rant
Hi Tim,
Perhaps instead of viewing this as breaking into locked doors and look
at it as consumer product information, such as problems with my
automobile, it would not appear as such a big deal. I like product recalls
and keeping vendors honest. Product safety has improved significantly ove
Full disclosure goes both ways.
Anyone who feels I have done them harm or who thinks I have something to hide
should speak up now and make their record.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brad Astrowsky
Sent: Wednesday, April 26, 2006 10:44
CrYpTiC MauleR wrote:
Forgot to say that the VP of Software Dev who is in charge of the site said he
would do an emergency fix in 6 hours to fix the problem. As I expected the
problem is still there. Either he is a moron and didn't understand me or they
just tried to give the impression they
On Wed, 26 Apr 2006 12:52:49 PDT, [EMAIL PROTECTED] said:
> If you didnt break the law who cares.
If there's a knock at the door, and 3 agents come in with handcuffs, evidence
bags, a warrant for your arrest, and a search warrant to confiscate your
computer, and you have to make bail and hire a la
Title: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability
You do a disservice to all IT shops by announcing these vulnerabilities before contacting the vendor. I am sure it would not generate as much web traffic to your site, but it is only fair and right to allow at least some amou
==
Secunia Research 26/04/2006
- SpeedProject Products ACE Archive Handling Buffer Overflow -
==
Table of Contents
Affected Software..
If you didnt break the law who cares.
On Wed, 26 Apr 2006 11:30:02 -0700 CrYpTiC MauleR
<[EMAIL PROTECTED]> wrote:
>After reading http://www.securityfocus.com/news/11389 it made me
>think twice about actually going public with my school's security
>hole by having school notify students, parents
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo CrYpTiC!
On Wed, 26 Apr 2006, CrYpTiC MauleR wrote:
> Forgot to say that the VP of Software Dev who is in charge of the site s
> aid he would do an emergency fix in 6 hours to fix the problem. As I exp
> ected the problem is still there. Either he
Juniper Networks SSL-VPN Client Buffer Overflow
Release Date:
April 25, 2006
Date Reported:
February 27, 2006
Patch Development Time (In Days):
57 Days
Severity:
High (Remote Code Execution)
Vendor:
Juniper Networks
Software Affected:
Juniper SSL-VPN JuniperSetup Control
Operating Systems Af
Forgot to say that the VP of Software Dev who is in charge of the site said he
would do an emergency fix in 6 hours to fix the problem. As I expected the
problem is still there. Either he is a moron and didn't understand me or they
just tried to give the impression they were fixing it. So sad to
Your list troll was pretty lol.I commend you.On 4/26/06, CrYpTiC MauleR <[EMAIL PROTECTED]
> wrote:After reading http://www.securityfocus.com/news/11389
it made me think twice about actually going public with my school's security hole by having school notify students, parents and/or faculty at ris
CrYpTiC MauleR wrote:
After reading http://www.securityfocus.com/news/11389 it made me think twice
about actually going public with my school's security hole by having school
notify students, parents and/or faculty at risk due to it.
I mean I didnt access any records, just knew that it was po
After reading http://www.securityfocus.com/news/11389 it made me think twice
about actually going public with my school's security hole by having school
notify students, parents and/or faculty at risk due to it.
I mean I didnt access any records, just knew that it was possible for someone
to ac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1044-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 26th, 2006
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200604-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory:
Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
Advisory ID: cisco-sa-20060126-vpn
http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml
Revision 2.0
Last Updated 26 April 2006 1600 UTC (GMT)
For
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1044-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 26th, 2006
The recent Oracle exploit posted to Bugtraq
(http://www.securityfocus.com/archive/1/431353) is actually an 0day and has
no patch. The patch for 10g Release 2 for April 2006 Critical Patch Update
does _not_ contain a fix for the specific flaw that the exploit takes
advantage of. As it happens - thi
"Knock knock"[EMAIL PROTECTED] or [EMAIL PROTECTED] : "who's there?"FBI: "We're here to clean the "gene" pool."On 4/25/06,
MR BABS <[EMAIL PROTECTED]> wrote:
These files are worthless, they aren't even classified.Thanks alot for the offer asshole. Spam -> Full Disclosure.
On 4/25/06,
[EMAIL PROTE
Dave "No, not that one" Korn wrote:
> Sol Invictus wrote:
>> "I also remember LSD pesters Microsoft and they were rapidly sold
>> out."
>> I knew those guys were on something when they created Windows!!! They
>> had Dealers sell out of LSD ROFLMAO
>>
>
> Don't talk crazy. Everyone k
How did this get from a bunch of euro cock smokers selling out to
Microsoft to arguing over an old, and amusing, quote?
On Tue, 25 Apr 2006 23:03:33 -0700 [EMAIL PROTECTED] wrote:
>On Wed, 26 Apr 2006 09:22:30 +0400, Raoul Nakhmanson-Kulish said:
>> Hello, [EMAIL PROTECTED]
>>
>> > There are tw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1043-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 26th, 2006
50 matches
Mail list logo