> It is exactly the same day when Sunbelt reported that they were
informed Microsoft security people:
We were the first to see it in the wild, but unbeknownst to the security
community, Microsoft had reportedly been working with ISS on this issue
(ISS disclosed it on the 19th --
http://xforce.iss.
I've been defending Virtual Trust as an enabler for the past three days
on the full-disclosure list. So far, fairly successfully.
Here's the challenge: How creative are you *for* VT, *against* VT and
determining the *impact* of VT?
Here's your chance to figure out what works and what doesn't wi
And you tell me how many of these variants you will actually find in
the wild. Won't be a significant number I bet.
Cheers!
Pukhraj
On 9/27/06, avivra <[EMAIL PROTECTED]> wrote:
> Hi,
>
> > i.e. I can't afford to buy "specialized" security tools/devices for
> > "speclialized" attacks unless my co
hi all,
I am testing RPC functionality in snort .i have tried all scripts and exploits available for RPC .but not so confident and wanna make sure my testing is done perfectly covering all aspects.
can anyone plz tell me any tools which i can relay on to test RPC
thank you
__
I’m not sure there’s any one
product that’ll do what you want.
Setup a copy of Metasploit and try and run
the RPC exploits, that probably going to give you the best coverage.
Ed
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of 6ackpace
Sent: 28 September 20
http://maps.google.com/maps?hl=en&t=k&q=Germany&ie=UTF8&z=18&ll=48.857699,10.205451&spn=0.002404,0.006738&om=1
THE GIANT BUG !!! lol
found by LuPorOx & Huri
_
Ricerche online più semplici e veloci con MSN Toolbar!
http://toolbar.m
http://maps.google.com/maps?hl=en&t=k&q=Germany&ie=UTF8&z=18&ll=48.857699,10.205451&spn=0.002404,0.006738&om=1
THE GIANT BUG !!! lol
found by LuPorOx & Huri
_
Blocca le pop-up pubblicitarie con MSN Toolbar! http://toolbar.msn.it/
http://maps.google.com/maps?hl=en&t=k&q=Germany&ie=UTF8&z=18&ll=48.857699,10.205451&spn=0.002404,0.006738&om=1
THE GIANT BUG !!! lol
found by LuPorOx & Huri
_
Condivi foto, pensieri ed altro ancora creando il tuo Blog su Windows Li
""It looks like a thrip, a very small (1mm or so) insect. The size might explain how it got involved in the printing process. The brown glob at the posterior end is bug poop, forced out of the poor critter as it got squished between a glass plate and the film during the scanning process"
http://
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [28th September 2006]
The OpenSSL project team is pleased to announce the release of version
0.9.8d of our open source toolkit for SSL/TLS. This new OpenSSL
version is a security and bugfix release and incorporates changes an
Kenneth F. Belva wrote:
> I've been defending Virtual Trust as an enabler for the past three
> days on the full-disclosure list. So far, fairly successfully.
An enabler *of* anything in particular? Or just some kind of magic
enabling pixie dust, good for all purposes?
> Here's the challenge:
On Thu, 28 Sep 2006 12:38:58 +0530, 6ackpace said:
> I am testing RPC functionality in snort
You're *probably* testing 1 of the following 3 things:
1) That Snort detects known exploits it has a fingerprint for. Just letting it
watch a wire that has Nessus or Metasploit pumping out exploits will
I also don´t find the software on the site?
cheers m8
Am 27.09.2006 um 19:12 schrieb joe haldon:
> Well I looked at the site but didn't see any files to download. Just
> curious, what is your utility written in?
>
> On 9/23/06, crazy frog crazy frog <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> i m re
I see no value in suddenly starting to use a term "virtual trust" for
trust given due to evidence produced over wires as opposed to trust given
due to evidence produced by other means.
Trust and the validity of evidence to justify it are meaningful. A new candidate
buzzword for a concept that has
DaveK,
>> I've been defending Virtual Trust as an enabler for the past three
>> days on the full-disclosure list. So far, fairly successfully.
> An enabler *of* anything in particular? Or just some kind of magic
>enabling pixie dust, good for all purposes?
An enabler of business.
>> Here's th
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Windows Vista includes a new memory protection system called ASLR. Its
goal is to escape buffer overflow attacks in vulnerable programs. One of
our consultant, Ali Rahbar, has made a complete study of this security
mechanism, and found a new implementation flaw that allows to bypass
this protection
===
Ubuntu Security Notice USN-353-1 September 28, 2006
openssl vulnerabilities
CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343
===
A security issue affects the follo
With any luck, not too much. The point is that there is a way to do it, and
if there is a way, someone will use it in a bad manner eventually.
We can only hope that the users will count more on vulnerability/behavior
based security solutions, and not exploit based security solutions.
-- Aviv.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:openssl
Announcement ID:SUSE-SA:2006:058
Date:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1185-1[EMAIL PROTECTED]
http://www.debian.org/security/ Noah Meyerhans
September 28th, 2006
Glenn,
Thanks for your reply. My response:
Most of your argument below does not get to the heart of the issue. It
seems to be an issue of semantics. You do not like the term Virtual Trust.
You write:
>Many of us have argued for at least decades now that more trustworthy
systems and
>more trustw
Well this would be NDSD-06-002 but n3td3v
seems to have really left...All relevant details are in the message below,
the SQL injection was patched within a day
(http://forums.invisionpower.com/index.php?showtopic=204627), I believe the
other problems still exist.
-Original Mess
Looks like everyone ON for openssl bug feast!! ;-) Is this different from
SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)??
-d
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Pitt
Sent: Thursday, September 28, 2006 8:30 AM
To: [EMAIL PROTE
so you are giving credit to some pseudo 0days (corporate promotion), but you
are not giving credit to some pseudo 0days - see quoted text.
is this on purpose?
On Thu, Sep 28, 2006 at 06:48:19PM +0200, Marcus Meissner wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> 1) Problem Desc
hi... i find a new vub and i want to add the vub on your site...
# Found By Sp1deR_Net (~)
# E-mail:- [EMAIL PROTECTED]
# My Site. :- WWW.Pal-HackinG.Com //\\
(~) Freind Site:- wWw.SoQoR.Net
# We Are..:- Sp1deR_Net,HackerS Pal,Mohajali. <=>Palstine HackerS Team.
-=-=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:157-1
http://www.mandriva.com/security/
___
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200609-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Sorry All,
That was a permission problem.i have corrected it.Please get it here now:-
http://www.secgeeks.infys.net/Sniff.zip
i applogise for inconvnience.
Thanks,
_CF
On 9/28/06, Ferdinand Klinzer <[EMAIL PROTECTED]> wrote:
> I also don´t find the software on the site?
> cheers m8
>
> Am 27.09.
rPath Security Advisory: 2006-0175-1
Published: 2006-09-28
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Unauthorized Access
Updated Versions:
openssl=/[EMAIL PROTECTED]:devel//1/0.9.7f-10.4-1
openssl-scripts=/[EMAIL PROTECTED]:devel//1/0.9.7f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:171
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:172
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:173
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:174
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:175
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:176
http://www.mandriva.com/security/
___
[EMAIL PROTECTED] wrote:
> Send Full-Disclosure mailing list submissions to
>
Re "virtual trust".
Yes, I disagree with introducing a new term. It seems to me to obscure what is
going on, not to enlighten. Further, many of us have been arguing for years
that security enables business and often is c
Sanjay, It's not that bad as it sounds. This whole discussion was in the context of client-side scripting attacks and how commercial IPS/IDS solutions tackle them (and I am talking about the best-of-the-breed here, not confined to India). I wanted to show some disbelief on the fact as to how th
39 matches
Mail list logo
