On Mon, 7 Aug 2006, Thomas D. wrote:
And even if you hide the file, if it hide the way you describe, you aren't
able to execute the file, until you give access to yourself. If you do this,
the anti-virus program will also have access
Keep in mind: If it is an unknown file (zero-day),
Yo!
wac wrote:
Isn't there a way to map a name to several IPs?
Or use aliases?
I'm interested in the subject because I want to do the same thing.
read this: http://www.supersparrow.org/ss_paper/
--
Siim Põder
___
Full-Disclosure - We believe in
http://boards.live.com/Travelboards/search.aspx?search=\;--/scriptscriptalert(1)/script
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[flashback - not much has changed - FUD has a new face, but his modus
operandi remains the same. See also: http://en.wikipedia.org/wiki/FUD
- Stu]
--- Forwarded message follows ---
From: Meeks, Brock [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL
apple.com search form xss ( POST var )-- mac scriptalert(1)/script
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl?q=--+mac+script
alert(1)/scriptoutput=xml_no_dtdclient=default_frontendsite=us_only
lr=lang_ensort=start=access=poe=utf-8On 11/08/06,
Thomas Pollet [EMAIL PROTECTED] wrote:
apple.com search form xss ( POST var )-- mac scriptalert(1)/script
Does anyone have any details on the 2 BB vulnerabilities. Some more
substantial then rumors?
Which one ? ;)
If you are talking about the DEFCON buzz, have a look at:
http://www.praetoriang.net/presentations/blackjack.html
Regards,
- Nicolas RUFF
Shameless Site Plug
http://www.cgisecurity.com /
Mailing List
The Web Security mailing List
http://www.webappsec.org/lists/websecurity/
- Z
and mailing lists?
On 8/11/06, KT [EMAIL PROTECTED] wrote:
what are they? I am tasked with keeping up on application security news.
Here are
Is there any technical reason that an exploit cannot be developed
against XP SP2 and Server 2003 SP1? Or is this only a limitation of
the current Metasploit exploit?
Thanks,
Brendan
On 8/10/06, H D Moore [EMAIL PROTECTED] wrote:
On Wednesday 09 August 2006 13:10, Matt Davis wrote:
Did I
hi there
i've collected a lot of pretty good security site, FYI.
Please see my blog here:
http://lwangdotorg.spaces.live.com/Lists/cns!C2277416A864A62F!118/
--
mailto:[EMAIL PROTECTED]
http://www.lwang.org
2006/8/11, KT [EMAIL PROTECTED]:
what are they? I am tasked with keeping up on
this is the last BB vulnerabilities (thatI know of) which was deemed to be elevated.
http://www.kb.cert.org/vuls/id/570768
On 8/11/06, Nicolas RUFF [EMAIL PROTECTED] wrote:
Does anyone have any details on the 2 BB vulnerabilities.Some more substantial then rumors?
Which one ? ;)If you are
On 8/11/06, Brendan Dolan-Gavitt [EMAIL PROTECTED] wrote:
Is there any technical reason that an exploit cannot be developed
against XP SP2 and Server 2003 SP1? Or is this only a limitation of
the current Metasploit exploit?
I think the poster you are referring to was talking about Core IMPACT
The DLLs for XP SP2 and 2003 SP1 were compiled with Visual Studio's stack
protection flag (/GS). This prevents a standard return address overwrite
from working. The wcscpy() method everyone is using in their exploits is
also blocked by another change in how the compiler orders and passes
Why is this on the Full Disclosure mailing list? What does this have
to do with Info Sec?
I have to read through a *ton* of mailing lists every day and crap
like this just wastes my time.
On 8/9/06, J.A. Terranson [EMAIL PROTECTED] wrote:
(This was sent in reponse to a mass email sent out by
Greetings all,
Given the new threats and the change in policy with the airlines
and traveling in and around the UK, has anyone changed their laptop and portable
computing device policy? We are being questioned about the safety of
executives traveling with their laptops.
Thank You,
You should also check:
http://www.cgisecurity.net
http://www.webappsec.org
http://www.watchfire.com/securityzone/default.aspx
http://secunia.com/advisories/
Good Luck,
Ory Segal
Director of Security Research
Watchfire (Israel) LTD.
Tel: +972-9-9586077, Ext.236
Mobile: +972-54-7739359
e-mail:
You mean the fact that you are *erquired* now to *check* your laptop along with
your baggage? Take into account that most laptops aren't easy to remove the
hard disk drives, and that most laptops of corporate and/or government
executives contain either sensitive or classified information, I
Hello,
Cullen, Michael wrote:
Given the new threats and the change in policy with the airlines and
traveling in and around the UK, has anyone changed their laptop and
portable computing device policy? We are being questioned about the
safety of executives traveling with their laptops.
Last
Bob Radvanovsky wrote:
You mean the fact that you are *erquired* now to *check* your laptop along with
your baggage? Take into account that most laptops aren't easy to remove the
hard disk drives, and that most laptops of corporate and/or government
executives contain either sensitive or
Why not just encrypt the laptop drives ??
There's plenty of options out there ...
http://www.pointsec.com/
http://utimaco.com/
--=Q=--
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of J.
Oquendo
Sent: Friday, August 11, 2006 12:37 PM
To: Bob Radvanovsky
If the data is encrypted on laptop that mitigates loss. If you have never heard
of
truecrypt (as one possibility that is free), go learn (and use!) now.
However I fail to see the governments doing much to see that whatever gets
checked
through in fact GETS to the destination with the passenger,
I was always under the impression that BIOS security features could always be
circumvented. See further comments below...
-r
- Original Message -
From: J. Oquendo [mailto:[EMAIL PROTECTED]
To: Bob Radvanovsky [mailto:[EMAIL PROTECTED]
Cc: Cullen, Michael [mailto:[EMAIL PROTECTED],
On Fri, 11 Aug 2006 11:32:50 CDT, Bob Radvanovsky said:
corporate assets. I think that they should make it easier for the removal of
hard disk drives to be removed so they aren't stolen.
OK, so you pull the hard drive - where do you *put* it? Remember, if it's
packaged to be removable, it's
OK, so you pull the hard drive - where do you *put* it? Remember, if it's
packaged to be removable, it's going to look a lot like an MP3 player or some
other thing-with-a-battery, and you end up having to check it.
Being as the original email came from an exec at Universal Music, I
think the
We have done some storming on this issue. The issue is basically forked in terms of
1) Airline security
2) Data Security
Wrt to item(1) , it is deemed to be possible that IATA will move to banning any electronic devices as carryon. This certainly is the way that other entities are looking into
Well, how about this :
build a PXE type CD/DVD with all your business applications (you could
automate a nightly build to keep antivirus, patches, etc current). Do
folder redirection or similar to mount all user-specific bits from a
USB thumb drive (itself an encrypted volume).
Then your
searchappsecurity.com
- Original Message From: KT [EMAIL PROTECTED]To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.ukSent: Thursday, August 10, 2006 9:12:22 PMSubject: [WEB SECURITY] Top sites for Application security news
what are they? I am tasked with keeping up on application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ScatterChat Advisory 2006-01: Cryptanalytic Attack Vulnerability
Technical Report
CVE ID: CVE-2006-4021
August 11th, 2006
http://www.scatterchat.com/
SUMMARY
ScatterChat (http://www.scatterchat.com/) is an instant messaging project
that aims to
Philosophil wrote:
Why is this on the Full Disclosure mailing list? What does this have
to do with Info Sec?
I have to read through a *ton* of mailing lists every day and crap
like this just wastes my time.
And now you're wasting the rest of our time whining about it. What does
your e-mail
rPath Security Advisory: 2006-0152-1
Published: 2006-08-11
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
User Deterministic Vulnerability
Updated Versions:
squirrelmail=/[EMAIL PROTECTED]:devel//1/1.4.6-2.2-1
References:
We should build a shrine for Joe Lieberman and bask in it's glory. He is probably the best politician of our generation.On 8/9/06, J.A. Terranson
[EMAIL PROTECTED] wrote:(This was sent in reponse to a mass email sent out by Joe - even though me
and him have had nothing to do with each other for a
LA time is reporting
If you're going international, stash your laptop; US airports are banning carry-on electronics for overseas flights !!
On 8/11/06, Jeremy Bishop [EMAIL PROTECTED] wrote:
On Friday 11 August 2006 10:54, Michael Holstein wrote: Then your traveling salesman needs only the DVD
Some (web) security blogs/sites I like:
http://ha.ckers.org/ - in my opinion this is (by far) the best web
security related blog. RSnake rocks!
http://isc.sans.org/ - security news, latest stuff
http://netsec.blogspot.com/ - latest links
http://blog.washingtonpost.com/securityfix/ - very
FYI, I have just received news that SecurID tokens are not permitted in
carry-on on red (which apparently means via the UK) flights. Nor,
apparently, are the electronic keyfobs for luxury cars.
I sure feel safer.
--
The problem with defending the purity of the English language is
that
What a maroon
http://www.google.com/search?hl=enq=%22Alif+Terranson%22btnG=Google+Search
-- Original message -- From: evilrabbi [EMAIL PROTECTED] We should build a shrine for Joe Lieberman and bask in it's glory. He is probably the best politician of our generation.
On
ACK that !! :)-
On 8/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
What a maroon
http://www.google.com/search?hl=enq=%22Alif+Terranson%22btnG=Google+Search
-- http://peterdawson.typepad.com
PeterDawson Home of ThoughtFlickr's This message is printed on Recycled Electrons.
On 8/11/06, Peter Dawson [EMAIL PROTECTED] wrote:
ACK that !! :)-
On 8/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
What a maroon
http://www.google.com/search?hl=enq=%22Alif+Terranson%22btnG=Google+Search
from the listed google search, 1st hit
Alif Terranson, a former Savvis
On 8/11/06, root [EMAIL PROTECTED] wrote:
Some (web) security blogs/sites I like:
http://ha.ckers.org/ - in my opinion this is (by far) the best web
security related blog. RSnake rocks!
http://isc.sans.org/ - security news, latest stuff
http://netsec.blogspot.com/ - latest links
...andhttp://metasploit.blogspot.comhttp://www.liquidmatrix.org/blog/
http://blogs.zdnet.com/threatchaos/http://www.cultdeadcow.com/cms/main.php3-sbDude VanWinkle wrote:
On 8/11/06, root [EMAIL PROTECTED] wrote:
Some (web) security blogs/sites I like:
http://ha.ckers.org/ - in my opinion
39 matches
Mail list logo