On Fri, 9 Jun 2006, E Mintz wrote:
> How about some real-world, application specific exploits?
There's an example of a XSS that can be used to compromise Cisco Web VPN
session in the text.
> So, please show me an example of an actual compromise and I'll listen.
> Otherwise, put up, or shut up!
bingo,
right on target.. see tor is tor not without any reason. its the reason that must go first tor will follow later ;)
joel.
On 6/8/06, Eliah Kagan <[EMAIL PROTECTED]> wrote:
On 6/8/06, John Sprocket wrote:> but like all tools it's a double-edged sword and is easy to abuse.
> saying "do not
On 6/8/06, John Sprocket wrote:
but like all tools it's a double-edged sword and is easy to abuse.
saying "do not bother. you're fighting against privacy, find a better
way" is not solving the problem but obviously avoiding it in the
first place. again the original problem is of identifying a tor
<> Hi Thierry,
It is conceptually different than AV or AS products, which is which is why I
fall back to analogies. Even experienced security folk automatically
categorize something new with existing products, and presuppose there is
nothing new under the sun.
If you generally categorize any
[Full-Disclosure] Mailing List Charter
John Cartwright <[EMAIL PROTECTED]>
- Introduction & Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with secur
In-depth protocol mechanics analysis, at the 802.11 MAC and PHY layers, with
emphasis on research and implementation of Denial of Service and disruption
exploits of a wireless cell and active 802.11 stations on the cell.
http://www.amilabs.com/HTM/HTM80211.pdf
Enjoy
__
I might be answered a troll, again, but I totally fail to see your point.
I am of course aware of my limited brain capacity.
My first reaction to the post was intresting, let's see the responses.
And I guess that it was the point of the post.
I would have expected "ha ha ha, you're smoked"-
And
Dear Bill Stout,
Your are posting to Full-disclosure, not your average mailinglist, you
don't need stories about toddlers and gloves, or "shots". ;)
>If you see a toddler
>about to touch a dead animal, it's best they're wearing gloves rather
>than being up to date on their shots.
First it'
Yes the title is really incorrect.
Should be "Can the security industry be trusted ?"
Aaron
- Original Message -
From: "Patrick Nolan" <[EMAIL PROTECTED]>
To: "'Full Disclosure'"
Sent: Thursday, June 08, 2006 9:30 PM
Subject: RE: [Full-disclosure] NewsForge Article: Can the malware
"Web VPN" or "SSL VPN" is a term used to denote methods for accessing
company's internal applications with a bare WWW browser, with the use of
browser-based SSO authentication and SSL tunneling. As opposed to IPSec,
no additional software or configuration is required, and hence, corporate
users can
Aside of the quality of the article, the title of the article is a misnomer.
The "malware industry" would represent authors of malware, something that
the named organizations are not part of:
"players like McAfee, Symantec, and dozens of other firms fight for a
share of a market worth tens-of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1094-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
June 8th, 2006
Quite a good article :-
http://software.newsforge.com/article.pl?sid=06/06/06/1832223&from=rss
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Hi Joxean,
I can open any spyware, virus, or other malware in my browser and not
infect my computer. This is as a local administrator, with
Active-X/Java/Javascript enabled in the browser. Also, I can open any
infected downloaded file (as long as it's in the GreenBorder files
directory) and not
Hi,
>We don't determine what application running in the virtual environment
>is malicious or not, so therefore this is not a replacement for
>signature based protection systems. Most anything can run in the
>environment, it just can't modify local resources. This is great
>protection for 0-day e
Hi list,
I am trying to exploit a stack overflow in an
application under Windows XP SP2.
The problem is that the content of the buffer I can
overflow is converted to Unicode, so I just can
control 2 of 4 bytes of the overwritten SEH handler
pointer.
I have read all papers related to Unicode shellc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1093-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 8th, 2006
Title: Want to test this desktop barrier? (Unauthorized offer) 0day protection
Hello All,
We have an early release of consumer desktop safety software that I’d like some feedback on.
http://www.greenborder.com/earlyaccess/
Our software runs on XP SP2, and creates an application-level vir
Here is another proof of concept for IE only, it allows the characters
to be entered in a arbitrary order, since it repositions the caret to
make the characters drop in the right place.
Just open this HTML in IE and bash on the keyboard a bit.
- Bart
var targetFile = "c
This "flaw" also affects DWL-7100 (tested) and most likely DWL-7000 and possibly other ap:s. D-Link has no fw updates since 1.5 yrs back for the 7100/7000-series. Time to get one out now...
/N
On 6/7/06, news <[EMAIL PROTECTED]> wrote:
INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORYhttp://www
rPath Security Advisory: 2006-0098-1
Published: 2006-06-08
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Local System User Deterministic Privilege Escalation
Updated Versions:
gdm=/[EMAIL PROTECTED]:devel//1/2.8.0.8-0.1-1
References:
http://www.cve.mitre.org/cgi
===
Ubuntu Security Notice USN-291-1 June 08, 2006
freetype vulnerabilities
CVE-2006-0747, CVE-2006-1861, CVE-2006-2493, CVE-2006-2661
===
A security issue affects the foll
===
Ubuntu Security Notice USN-290-1 June 08, 2006
awstats vulnerability
CVE-2006-2644
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
tor is a problem in some cases and a solution in others. a solutionfor privacy, no doubt. a problem for someone who doesn'twant their users to have privacy when they're communicating withequipment that they own/maintain.
i use tor for privacy reasons (since early 2005), and it does it well.i have n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1092-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 8th, 2006
===
Ubuntu Security Notice USN-289-1 June 08, 2006
tiff vulnerabilities
CVE-2006-2193, CVE-2006-2656
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.0
yeah,
its when people see tor and tor like projects as a problem than
a solution that they cant focus on the bigger issue. If profiling, and
other privacy threatning features are "disencouraged".. if the concept
of using "scarce" resources like ipaddress.. etc for "addressing"
network users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1091-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 8th, 2006
and no 0days
where the f**k are the 31ee7 k0d3z???
- Original Message -
From: "Aaron Gray" <[EMAIL PROTECTED]>
To: "n3td3v" <[EMAIL PROTECTED]>;
Sent: Wednesday, June 07, 2006 6:07 PM
Subject: Re: [Full-disclosure] n3td3v agenda revealed
n3td3v,
Intro:
We, the n3td3v group h
Looked up the regular number in Google. It is a list phone number as follows
R L Rollins, (636) 527-0586, 445 Westglen Village Dr, Ballwin, MO 63021
I have no idea if he works for Google but I don't think that someone would
use their real name and real home phone number in a scam.
Maybe you
30 matches
Mail list logo