[Full-disclosure] New tool for evil twins wireless attacks

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients. http://www.ptsecurity.ru/download/wepoff.tar.gz It uses combination of fragmentation and evil twin attacks to generate traffic which can be used for KoreK-style WEP-key

[Full-disclosure] Flaw in AVM UPNP service for windows

- Description The AVM IGD CTRL Service, a Universal Plug and Play (UPNP) service for windows, which is part of the software package Fritz!DSL Software 02.02.29 provides the possibility to read any file on the windows system partition for any user - no matter how much restricted rights the user

[Full-disclosure] [SECURITY] [DSA 1250-1] New cacti packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1250-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 17th, 2007

Re: [Full-disclosure] Major gcc 4.1.1 and up security issue

off topic thoughts: (twice 1.15 will likely be a bit or two different than 3.30). As Fortran geeks have known for over half a century, a better way to code this is: if (abs(a-b) n*epsilon*a) where 'epsilon' is the hardware constant defining the smallest number such that 1+a is

Re: [Full-disclosure] Major gcc 4.1.1 and up security issue

On Wed, 17 Jan 2007 19:07:19 +0100, Marcus Graf said: off topic thoughts: (twice 1.15 will likely be a bit or two different than 3.30). As Fortran geeks have known for over half a century, a better way to code this is: if (abs(a-b) n*epsilon*a) where 'epsilon' is the

[Full-disclosure] [x0n3-h4ck] myBloggie 2.1.5 XSS exploit

-=[ADVISORY---]=- myBloggie 2.1.5 Author: CorryL[EMAIL PROTECTED] -=[---]=-

[Full-disclosure] Fair Exploit Price and Purchase

Hi List, My recent post about purchasing exploits has generated more responses than I can count. In response to the massive volume of email and questions that I've received, I've posted the rules and requirements for using my services to legitimately sell your exploits to authorized, legal

Re: [Full-disclosure] Grab a myspace credential

Where did it all come from? The prevailing theory is that the 'Tom' account was successfully phished / breached (note - the real Tom has a separate account) and used to send out a Bulletin to all Friends (almost all users on MySpace) with the malicious link contained. From there it was

Re: [Full-disclosure] iDefense Q-1 2007 Challenge

More importantly, the company that I am working with is no different than iDefense. In fact, they both sell their exploits and harvested research to the same people. The only real difference is in the amount of money that the researcher realizes when the transactions are complete. This