For orgs which are not ISP's, I just emailed this to nanog.
-
Hi guys, several ISP's are experiencing a flood of calls from customers
who get failed installations of the recent IE 0day - VML - (vgx.dll).
If you are getting such floods too, this is why.
This is currently discussed on the
http://www.gnucitizen.org/blog/self-contained-xss-attacks
XSS attacks can be persistent and non-persistent. Persistent XSS is
more dangerous since it allow attackers to control exploited clients
for longer. On the other hand non-persistent XSS is considered less
dangerous although it has been
Dear Colleagues,
please find attached the Call For Papers for DIMVA 2007, the Fourth
GI International Conference on Detection of Intrusions Malware,
and Vulnerability Assessment; which is to be held in Lucerne,
Switzerland, July 12-13, 2007. Complete information is available at
Zachary McGrew has discovered and reported that the FiWin SS28S WiFi
VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet
open with a hardcoded user/pass of 1/1. Various debug commonds enable
viewing SIP credentials, WEP keys, etc. on the phone.
More details here:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I mentioned that the gentoo kernel does not have this problem, other
distros have been shown to have safe file permissions in the kernel
tree, so there is a way to have permissions 'fixed' on distribution. But
before that, and ultimately, it's up to
Hello pdp,
http://www.gnucitizen.org/blog/self-contained-xss-attacks
XSS attacks can be persistent and non-persistent. Persistent XSS is
more dangerous since it allow attackers to control exploited clients
for longer. On the other hand non-persistent XSS is considered less
dangerous
On 20/09/06, c0ntex [EMAIL PROTECTED] wrote:
Nothing new, been flawed for ever and shall remain so until the end of time:-)I have to second this...
http://soapbox.msn.com/betaplayer.aspx?vid=c1b72697-d9aa-41eb-a72f-a71812096b8ewa=wsignin1.0'+alert(1)+'
http://open-security.org/msn.JPGOn 20/09/06,
--On Thursday, September 21, 2006 17:14:40 -0700 Shawn Merdinger
[EMAIL PROTECTED] wrote:
Zachary McGrew has discovered and reported that the FiWin SS28S WiFi
VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet
open with a hardcoded user/pass of 1/1. Various debug commonds
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1182-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
September 22nd, 2006
===
Ubuntu Security Notice USN-351-1 September 22, 2006
firefox vulnerabilities
CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566,
CVE-2006-4567, CVE-2006-4568, CVE-2006-4569, CVE-2006-4571
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:openssl,mozilla-nss
Announcement ID:SUSE-SA:2006:055
Date:
hi there,
personally I don't care if it is a new or old vector :) to be
completely honest with you but thanks for the clarifications. I will
leave it to you guys to decide.
cheers Tim
On 9/22/06, Tim [EMAIL PROTECTED] wrote:
Hello pdp,
Is anyone else seeing this?
I just noticed the 'updates waiting to be installed' shield icon in my
systray. Popped it up, chose manual install to see what M$ was trying to
shove down my throat this time. It was offering me the Mydoom, Zindos, and
Doomjuice Worm Removal Tool (KB836528). The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:169
http://www.mandriva.com/security/
THis is actually a rootkit that is as serious as I had feared.
I am gathering up more information. If you have the files in the
directories specified, you have a problem.
The file is http://www.appiant.net/infected.zip
password is infected
If you are infected with the rootkit, it does not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:170
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Linux is the answer.
But, if you're in a situation (and probably are) that forces you to use
Micro$loth Winblow$ for some reason then you may have some well founded
WTFs there.
Dave No, not that one Korn wrote:
Is anyone else seeing this?
From irc.freenode.net
snip
[20:48] -LoRez- [Global Notice] Hi all. Some of you may not have
heard the news that Rob Levin, known to most as Freenode's head of
staff lilo, passed away on the 16th following a car accident on the
12th. Condolences can still be sent to [EMAIL PROTECTED], and
Paul Schmehl wrote:
The engineers who designed this should be summarily fired. The terminal
stupidity of it is mind boggling!
I think _beyond_ mind-boggling.
It's mind-boggling that no-one else involved in the development/
testing noticed EITHER that this unintended backdoor existed OR
On 9/22/06, Paul Schmehl [EMAIL PROTECTED] wrote:
--On Thursday, September 21, 2006 17:14:40 -0700 Shawn Merdinger[EMAIL PROTECTED] wrote: Zachary McGrew has discovered and reported that the FiWin SS28S WiFi
VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet open with a
20 matches
Mail list logo
