Alexander Hristov wrote:
Author:JAAScois
Date: 25.6.2006
Type: Heap Overflow
Product: http://live.com , http://messenger.msn.com
Patch: N/A
Link :
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1108/exploit.html
This is most definitely *not* a heap overflow. B
what is this ASCII Master ?//
On Thu Jun 22 13:30:00 2006, ASCII Master <[EMAIL PROTECTED]> wrote:
This is the ASCII Master in full effect.___Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and spon
ERNW Security Advisory 01-2006
Buffer Overflow in Algorithmic Researchs PrivateWire Online Registration
Facility
Author:
Michael Thumann
Homepage: http://www.ernw.de
1. Summary:
The Online Registration Facility of Algorithmic Research PrivateWire VPN
Software
doesn't do proper bounds checkin
===
Ubuntu Security Notice USN-304-1 June 26, 2006
gnupg vulnerability
CVE-2006-3082
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ub
Hi,
I'm releasing a tool called 'Universal Hooker'. This version is
implemented as an ollydbg plugin.
The tool is available at http://oss.coresecurity.com/projects/uhooker.htm.
Documentation is available at
http://oss.coresecurity.com/uhooker/doc/index.html.
Any feedback is very welcome.
Here's a
http://www.itjungle.com/tfh/tfh062606-story06.html
http://www.securitypronews.com/news/securitynews/spn-45-20060623DeloitteCallsOutTechFirmsOnSecurity.html
http://www.irishdev.com/NewsArticle.aspx?id=2902
http://www.deloitte.com/dtt/research/0,1015,sid%253D1000%2526cid%253D121102,00.html
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Al Mac wrote:
http://www.itjungle.com/tfh/tfh062606-story06.html
http://www.securitypronews.com/news/securitynews/spn-45-20060623DeloitteCallsOutTechFirmsOnSecurity.html
http://www.irishdev.com/NewsArticle.aspx?id=2902
http://www.deloitte.com/dtt/research/0,1015,sid%253D1000%2526cid%253D121102
On 6/24/06, Dan B <[EMAIL PROTECTED]> wrote:
Hi,
So I was just looking at myspace, hey I don't really want an account,
just needed to login to look at someones pics. And I noticed that even
though they advise to check for 'login.myspace.com' in the address bar
they actually allow login via other
OK, this message inluding MSRC Blog posting #437826 reached our inboxes some
minutes ago because of moderating process.
- Juha-Matti
naveed <[EMAIL PROTECTED]> kirjoitti:
yes i do have confirmed this in a post to bugtraq,the issue is with hlink.dll
On 6/25/06, Juha-Matti Laurio <[EMAIL PROT
In the last couple of days I've been doing some Java programming. :)
that was funny, anyway this is a simple jython shell that can run of
the browser. Of course in order to that you have to give jython some
extra privileges but this is not the point.
The purpose of my little experiment is to make
This stuck out for me today when I opened up Securityfocus, and I
don't usually mention Securityfocus News articles because they are
crimge worthy nearly everyday, although this one today hit a nerve for
me...
I wasn't allowed to say on Securityfocus.com that I thought usb drives
just come under
A fun browser toy that depends on Java for complete results:
- http://metasploit.com/research/misc/decloak/
-HD
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
It appears that there is no advisories published about Camino 1.0.2 release yet.
The newest CVE related to Camino is CVE-2006-1901 (Apr '06).
Vulnerabilities fixed are included to Release Notes document at
http://www.caminobrowser.org/releases/1.0.2.php
User agent (from 3rd party) states the foll
Yes, Slotto Corleone has returned. However, this is only a message I've been given to relay to the list:
Eyeballing Rob Levin
Odds are you've at least heard of Rob Levin (aka lilo), the director of
Texas 501(3)(c) corporation Peer-Directed Projects Center. He's been
aptly mentioned in the Regist
I was contacted by Eweek recently about previous posts about RFID and how it is being used at the World Cup and Olympics. This got me thinking a little more about some previous ideas I have had. I think the real risk is in RFID access cards.
World Cup and Olympics are / will be using embedded RFID
On 6/27/06, Josh L. Perrymon <[EMAIL PROTECTED]> wrote:
I was contacted by Eweek recently about previous posts about RFID and how it
is being used at the World Cup and Olympics. This got me thinking a little
more about some previous ideas I have had. I think the real risk is in RFID
access cards.
Josh L. Perrymon wrote:
> I was contacted by Eweek recently about previous posts about RFID and
> how it
> is being used at the World Cup and Olympics. This got me thinking a little
> more about some previous ideas I have had. I think the real risk is in RFID
> access cards.
>
> World Cup and Ol
On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> eh?
>
> surely a RFID would only communicate it's private token with a trusted
> (i.e. keyed) source.
>
> like a smartcard ...
Well.. Yeah. That *would* make sense.
Unfortunately, some beancounter would likely realize they can shave $0.02
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1103-1[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier, Troy Heber
June 27th, 2006
On 6/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On Tue, 27 Jun 2006 14:24:35 +1000, mikeiscool said:
> eh?
>
> surely a RFID would only communicate it's private token with a trusted
> (i.e. keyed) source.
>
> like a smartcard ...
Well.. Yeah. That *would* make sense.
Unfortunately, so
My post was based more on *existing* RFID implementations used for physical security access cards. I know that non-contact cards such as RFID Credit Cards use encryption so on... But are still vulnerable to non-authorized transactions.. I'm mean.. there is no green button you push to authorize the
On 6/27/06, Josh L. Perrymon <[EMAIL PROTECTED]> wrote:
My post was based more on *existing* RFID implementations used for physical
security access cards.
I know that non-contact cards such as RFID Credit Cards use encryption so
on... But are still vulnerable to non-authorized transactions.. I'
I'm just looking to validate if this is the case. Are most RFID access control cards susceptable to interception? I can see the security features built into something like RFID Credit Cards.. but I'm betting this is not the case with RFID access cards.
Obviously, I can't validate this until I get a
http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015690.htmlAnyone heard anything else on the Sanctum INC patent for pentesting???
WTF?A friend told me about this one and Watchfire patents on application scanners..JPPacketfocus.com
___
Full
- Original Message From: Josh L. Perrymon <[EMAIL PROTECTED]>To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED]Sent: Tuesday, 27 June, 2006 9:41:23 AMSubject: [Full-disclosure] Sniffing RFID ID's ( Physical Security )My ideas on RFID risk in its current implementation:I'm thinking a l
27 matches
Mail list logo
