On 9/15/06, Richard Golodner [EMAIL PROTECTED] wrote:
As we had seen today everybody has an opinion about how the Botnet
metrics are computed. I have been reading Gadi's post for many years now and
believe he is a very knowledgeable and competent person. Give the guy a
break, he has
what about the inverted question:
how much of the internet connected computers are *not* part of botnets?
since exact number are hard to prove, the ratio BOTNETTED/NONBOTNETTED seems
easier to be found.
--
j
EOM
___
Full-Disclosure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Does someone have more informations about a 0day on ActiveX?
Here's my links:
http://www.milw0rm.com/exploits/2358
http://blogs.securiteam.com/index.php/archives/600
http://www.xsec.org/
--
Tyop?
___
Full-Disclosure - We believe in it.
Charter:
SANS ISC:
http://isc.sans.org/diary.php?storyid=1701
MS Security Advisory #925444:
http://www.microsoft.com/technet/security/advisory/925444.mspx
CVE-2006-4777:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4777
Several Critilal Risk security advisories (Extremely Critical SA21910,
In-Reply-To: [EMAIL PROTECTED]
I don't really see the point... Possible vulnerabilities (if I didn't
horribly misunderstand something):
*The AFS server would still need to be updated to keep it secure.
*If the imaged OS is rootable:
**The AFS clients that load the images could be replaced by
In-Reply-To: [EMAIL PROTECTED]
Would that be possible? Kind regards...
Nyoro~n
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
A clever exploit in a little known Google service could be used to launch phishing attacks, by imitating Google services -- hosted on Google's own servers !!
more details here http://ericfarraro.com/?p=6
___
Full-Disclosure - We believe in it.
Charter:
rPath Security Advisory: 2006-0169-1
Published: 2006-09-15
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
firefox=/[EMAIL PROTECTED]:devel//1/1.5.0.7-0.1-1
thunderbird=/[EMAIL
When Websense went on record
(http://www.pcworld.com/article/id,126371-page,1/article.html) stating
that they were using an undocumented Google search feature to identify
malcode samples, it garnered a fair bit of media attention. A couple of
weeks later when HD Moore released code for his Malware
ASP Auditor v2 BETA
Author david.kierznowski_at_gmail.com
http://michaeldaw.org
Purpose: Look for common misconfigurations and information leaks in
ASP.NET applications.
This tool is based on H D Moore's Dot Net Application Scanner
Author: H D Moore
URL:
Chris Umphress wrote:
That assumes a proper umask. The kernel source should not depend on
the end user's umask being setup properly.
Is it the kernel developers' fault if your umask is extremely lax for
a normal user? If it is lax, security of the kernel source isn't your
only problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1177-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 15th, 2006
There is the convenience issue of the speed that the image transfers
across the network.
There is also the issue that infected workstations may be collecting
passwords.
My suggestion would be to use the harddrives in the workstation to store
the boot images, and have the minimal operating system
http://www.gnucitizen.org/projects/attackapi/
Client Enumeration
Server Enumeration
AuthorizationForcer
ExtensionScanner
HistoryDumper
NetworkSweeper
PortScanner
Utils
JavaScriptShell
UsernameScanner
URLScanner
Base64Encoder
+
RequestBuilder
Now it can compose requests, fetch text and binary
Tim wrote:
Don't. Untar. Archives. As. Root.
It's that simple.
Or are you also going to complain about the fact that there are tar
versions out there that don't strip a leading / from the archive?
Much fun can be had when you carelessly extract as root, then.
Hello,
Sorry
Hi All,
Well two days back we received an email from [EMAIL PROTECTED] with an
username and password and a .hta attachment called mail.zip which contained
a hta file .
This attachment contains a zip file with name mail.zip and size of *2020
bytes* and MD5sum of
17 matches
Mail list logo