Salut,
On Fri, 2006-09-22 at 20:51 +0200, Diman Todorov wrote:
snip
[20:48] -LoRez- [Global Notice] Hi all. Some of you may not have
heard the news that Rob Levin, known to most as Freenode's head of
staff lilo, passed away on the 16th following a car accident on the
12th.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1183-1[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier
September 25th, 2006
===
Ubuntu Security Notice USN-352-1 September 25, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566,
CVE-2006-4567, CVE-2006-4570, CVE-2006-4571
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3.
This extension is part of a default Typo3 4.0.x installlation.
Typo3 4.0.2 fixes it.
http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/
Credits go to Mr.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1184-1[EMAIL PROTECTED]
http://www.debian.org/security/ Dann Frazier
September 25th, 2006
[From: http://www.bloginfosec.com]
Our current way of viewing information security is loss prevention. It
is an insurance model. And, although insurance is useful and necessary,
senior managers are not likely to spend one dollar more than necessary
to obtain the needed protection. After all,
--On Monday, September 25, 2006 08:05:10 -0400 Kenneth F. Belva
[EMAIL PROTECTED] wrote:
[snip]
There is an alternative: Virtual Trust(2) as an information security
model. According to the Virtual Trust model, security actually creates
business and generates revenue.
Do present day
Ken,
I think your premise is based on a couple
of pieces of flawed thinking.
Firstly, your statement, After
all, information security doesn’t make money–it only spends.
in my experience is actually incorrect. An effective information
security outcome actually will save a company a
Paul,
Thanks for your comments.
Unless you can demonstrate concrete revenue generationg directly
attributable to security, I don't think you can overcome that perception
(and loss avoidance through trust building does not generate revenue.)
I believe the purpose of the paper is to move away
--On Monday, September 25, 2006 11:30:36 -0400 Kenneth F. Belva
[EMAIL PROTECTED] wrote:
Paul,
Thanks for your comments.
Unless you can demonstrate concrete revenue generationg directly
attributable to security, I don't think you can overcome that perception
(and loss avoidance through
Jesper's Blog : More options on protecting against recent IE
vulnerabilities on a domain:
http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspx
I like that option better. Leaves me supported and honestly I've not
A patch ..not The patch.
There's a difference.. third party patches makes me unsupported. This
too has to be weighed when deciding risk factors.
Gadi Evron wrote:
On Mon, 25 Sep 2006, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Jesper's Blog : More options on protecting against
On Mon, 25 Sep 2006, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Jesper's Blog : More options on protecting against recent IE
vulnerabilities on a domain:
On 9/25/06, Paul Schmehl [EMAIL PROTECTED] wrote:
I understand that, but I think your trust model is merely a euphemism for
loss avoidance. And I don't see how you can avoid being seen as loss
avoidance - unless you can show the ability to generate revenue.
(My full disclosure for the day: I
Paul wrote:
Saving money is a form of generating revenue
indeed, but even in his
description Ben is forced to use the words reducing the risk
to describe
his money saving techniques. That's loss avoidance, plain and
simple.
One aspect of saving money is indeed
risk avoidance. But my point
FreeBSD i386_set_ldt Integer Overflow Vulnerability
iDefense Security Advisory 09.23.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 23, 2006
I. BACKGROUND
FreeBSD is a modern operating system for x86, amd64, Alpha, IA-64, PC-98
and SPARC architectures. It's based on the UNIX
FreeBSD i386_set_ldt Integer Signedness Vulnerability
iDefense Security Advisory 09.23.06
http://www.idefense.com/intelligence/vulnerabilities/
Sep 23, 2006
I. BACKGROUND
FreeBSD is a modern operating system for x86, amd64, Alpha, IA-64, PC-98
and SPARC architectures. It's based on the UNIX
Several updates to Windows VML Vulnerability FAQ (CVE-2006-4868) document at
http://blogs.securiteam.com/?p=640
have been done.
These updates include information about the state of five exploits (SP2 and
earlier),
previous Vgx.dll issue fixed in MS04-028 and attacks via e-postcard (greeting
I've been looking at a few like MetaSploit (metasploit.com), I found another
that uses XSS called beef at bindshell.net, I was wondering if anybody knows
any others worth checking out? Thanks. :)
Sent from my BlackBerry® wireless handheld
___
Mentionable usb system penetration kits, preferrably winxp, any others will do.
Sent from my BlackBerry® wireless handheld
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
On 9/26/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[EMAIL PROTECTED] wrote:
Jesper's Blog : More options on protecting against recent IE
vulnerabilities on a domain:
Paul,
Thanks for your comments.
Unless you can demonstrate concrete revenue generationg directly
attributable to security, I don't think you can overcome that perception
(and loss avoidance through trust building does not generate revenue.)
I believe the purpose of the paper is to move
Apologies for multiple copies due to cross postings. Please send to interested colleagues and students.++| The Second International Conference on Availability, |
| Reliability and Security (AReS) ||ARES 2007-The International
Bill,
The VML PoC can be found at http://www.secguru.com/node/311
Regards,
Ronald.
On 23/09/06, Bill Stout [EMAIL PROTECTED] wrote:
Hi all,
If anyone finds a site where the 0day still lives, please let me know.
All the URLs I've found are off the air.
--
Ronald MacDonald
Uninformed is pleased to announce the release of its fifth volume. The
articles included in this volume are:
- Exploitation Technology: Implementing a Customer X86 Encoder
Author: skape
- Exploitation Technology: Preventing the Exploitation of SEH Overwrites
Author: skape
- Fuzzing:
http://www.mojopac.com/portal/content/hellomojo.jsp
Not for Pen-Test originally but I think It's worth trying
I just read it from Gizmodo.com
http://www.remote-exploit.org/index.php/BackTrack
My Favorite...But not an XP :(
And I failed to install it on my thumb-drive(4G)
-And I use it for
Hi,
RUXCON 2006 will be held this weekend over the 30th of September to the 1st of
October at the University of Technology, Sydney. Doors will open at 8:30am and
the first presentation commences at 9:30am.
Our presentation list is complete.
RUXCON 2006 Presentations [1]:
1. Java Class
27 matches
Mail list logo