-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Throwaway1!
On Mon, 11 Sep 2006, [EMAIL PROTECTED] wrote:
>
> >If you consider that America are
> >able to lie about the weapons of mass
> >destruction and then admit it,
>
Contex -
>If you consider that America are
>able to lie about the weapons of mass
>destruction and then admit it,
"America" never lied about WMD.
America is not in a position to prove that any WMD stockpiles
exist
On 9/10/06, Lyal Collins <[EMAIL PROTECTED]> wrote:
If there's malware on the machine, and there is a connected USB token, then
authentication is only as good as the password - malware can probe the
connected token as often as desired.
Read my post again. That's not necessary true. The RSA SID8
coderpunk writes:
The standard recommendation is to never compile
the kernel as root.
Which obviously doesn't help you when a non-root user edits the
kernel, you compile it as 'jerry' but still have to install it as
'root'. You're still hosed.
Geez, of course not. Unpacking the kernel as
title: vCAP calendar server Multiple
vulnerabilities
Author: securma massine <[EMAIL PROTECTED]>MorX Security
Research Teamhttp://www.morx.org
Product info : vCAP (www.pscs.co.uk)is a network calendar server
for Windows. vCAP allows user to create calendars which can be viewed and
modifi
On 9/8/06, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hadmut Danisch wrote:
> Hi,
>
> there's a severe vulnerability in the Linux kernel
> source code archives:
It is my understanding that the permissions are
intentionally set that way.
This
Author: ShAnKaR
Title: multiple PHP application poison NULL byte vulnerability
Applications: phpBB 2.0.21, punBB 1.2.12
Threat Level: Critical
Original advisory (in Russian): http://www.security.nnov.ru/Odocument221.html
Poison NULL byte vulnerability for perl CGI applications was described
in
Now take a deep breath and chill out.
Noone has contradicted any of your claims, not here, not on wikipedia.
The only thing that has been said is that one single individual of the
many that reports on those issues has been discovered as a fake.
I for one is sure that a lot of what this and what
Netragard, L.L.C Advisory* ***
09/11/2006
Strategic Reconnaissance Team
http://www.netragard.com -- "We make I.T. Safe."
[About Netragard]
If you consider that America are able to lie about the weapons of mass
destruction and then admit it, use chemical weapons in Iraq and lie
about it and then admit it, trick Saudi Arabia that Sadam Hussein was
attacking their border to allow army convoys to be deployed in their
country, mishandle I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Everyone is... but this guy Jesse seems to actually be a fraud. Most of
the sites that originally carried the story have pulled it and some
http://www.socialistalternative.org/news/article13.php?id=261 have
issued statements denouncing the use of fraud
--On September 11, 2006 8:20:51 PM +0100 c0ntex <[EMAIL PROTECTED]> wrote:
You are entitled to your opinion.
Yeah, and it sucks this his is fact-based, doesn't it?
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/i
You are entitled to your opinion.
On 11/09/06, Philosophil <[EMAIL PROTECTED]> wrote:
A link to your own blog is not support for your argument. That's
called circular reasoning.
In addition, if you had bothered to do a little research, you would
have noticed *huge* discrepancies.
Try here:
h
ASP Auditor v1.0 BETA
Author: David Kierznowski (david.kierznowski_at_gmail.com)
http://michaeldaw.org/
The purpose of ASP Auditor is to identify vulnerable and weakly
configured ASP.NET servers.
Usage:
$ ./asp-audit.pl
ASP Audit v1.0 (BETA) [ [EMAIL PROTECTED] ]
Usage: ./asp-audit.pl (opts) [ho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1174-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
September 11th, 2006
JS_YAMANNER.D has been detected,and Replace has been taken on 11/09/2006
17:47:40.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
PERL_NIVEK.A has been detected,and Replace has been taken on 11/09/2006
17:47:08.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Dear Brian Eaton,
--Monday, September 11, 2006, 7:35:08 PM, you wrote to [EMAIL PROTECTED]:
>>
>> Network is compromised as long as attacker keeps control under
>> compromised host regardless of authentication. And sometimes longer.
BE> - the spyware has access to the web mail system fo
Dear Brian Eaton,
--Monday, September 11, 2006, 7:35:08 PM, you wrote to [EMAIL PROTECTED]:
>> It means, if authentication schema is NTLM-compatible (it must be for
>> compatibility with pre-Windows 2000 hosts and some network
>> applications, like Outlook Express), attacker can us
On 9/11/06, 3APA3A <[EMAIL PROTECTED]> wrote:
BE> Two-factor auth cannot be said to make accessing the network from a
BE> compromised PC "safe". That does not make two-factor auth useless.
BE> With plain passwords, once the attacker has the password, they can
BE> access the network at wil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Really, I am constantly amazed by the lack of critical thinking people
> exhibit these days.
You're not the only one.
Philosophil wrote:
> A link to your own blog is not support for your argument. That's
> called circular reasoning.
>
> In additi
A link to your own blog is not support for your argument. That's
called circular reasoning.
In addition, if you had bothered to do a little research, you would
have noticed *huge* discrepancies.
Try here:
http://en.wikipedia.org/wiki/Jesse_Macbeth
The unit he claimed he was in, was not deplo
Dear Brian Eaton,
--Saturday, September 9, 2006, 6:12:31 PM, you wrote to [EMAIL PROTECTED]:
BE> For web SSO in particular, accessing the token once is nearly as good
BE> as accessing it constantly. The token will be used for the initial
BE> authentication, but normally a cookie will be used fo
Dear Bojan Zdrnja,
--Sunday, September 10, 2006, 2:51:06 AM, you wrote to [EMAIL PROTECTED]:
>> The only additional attack factor this issue creates is attacker can
>> get _physical_ access to console with user's credentials _any time_
>> while user is logged in, while in case token
Hi, I could see
the patch for "RSA Signature Forgery" available in the location http://www.openssl.org/news/patch-CVE-2006-4339.txt
is been updated with removal of unwanted code lines on september
6.Will these changes be commited to the OpenSSL releases 0.9.7 and
0.9.8. If so, when will be th
At this month's DC4420 meeting I will be holding a mini workshop on RFID
tags, and I'd like to take the opportunity to gather info on RFID
enabled passports. If you posses one, and can spare the time, it would
be useful if you could join us and have a play. We won't be trying to do
anything 'ba
it would appear to be something on your end joshua - as the pdf file
on the company your doing the "pen-test" of (http://www.cua.com.au)
doesn't do anything to my opera browser
http://www.cua.com.au/Web/Inter.nsf/attachments/PID0303_0404_FINAL.pdf/$FILE/PID0303_0404_FINAL.pdf
oh - and you're a
(11/09/06)* Produit vulnérable : PHProg ( Album photo en PHP )* Site officiel du produit : http://www.PHProg.com/* Failles de sécurité décelées :1] Full path disclosure :
http://localhost/PHProg/?id=1&album=cdg3932] Cross Site Scripting ( XSS ) : http://localhost/PHProg/?id=1&album=
alert('cdg393'
[-] Produit : KorviBlog[-] Langage : PHP
[-] Site web officiel
: http://korvi.jdhosts.net/
[-] Page vulnérable : livre_or.php
[-] Faille de sécurité : Cross Site Scripting Permanent [-] Explications :
Ligne 4 :
Based on your description I see this as a security design problem as
well, but only exploitable if the user does a one-time password based
logon while the token is plugged in. It would be inteteresting to know
whether folks at RSA did a risk assessment when decided to implement
this functionality.
30 matches
Mail list logo
