Re: [Full-disclosure] Robert Lemos over Neal Krawetz forensic findings

On Wed, 13 Jun 2007 00:16:56 BST, HACK THE GOV said: > We ask the security communtiy to investigate the incident and re-evaluate > the agenda of the security media community *the* agenda? The only "agenda" that the "security media" community has in common is the agenda for *any* media community -

Re: [Full-disclosure] Apple Safari for Windows feed:// URL Denial of Service Vulnerability

I spent about 2 minutes until I found this. Worse then Windows Me and Microsoft Bob?! Now you're just being mean :-) cardoso wrote: > Are you sure it's wise to waste resources poking Safari/Windows in > search of flaws? > > The thing DOS itself, my machine (vista home premium, braz. portuguese >

Re: [Full-disclosure] Apple Safari for Windows feed:// URL Denial of Service Vulnerability

Are you sure it's wise to waste resources poking Safari/Windows in search of flaws? The thing DOS itself, my machine (vista home premium, braz. portuguese edition) can't run Safari for more than a few minutes, less, if I try do actually open a website. I'm an Apple fanboy, proud owner of a Macb

[Full-disclosure] Apple Safari for Windows feed:// URL Denial of Service Vulnerability

Apple Safari for Windows feed:// URL Denial of Service Vulnerability Versions: Apple Safari For Windows 3 Beta Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle crafted feed:// link. Proof-of-Concept: . Link: feed://% Exploit: DoS Yes, th

[Full-disclosure] Robert Lemos over Neal Krawetz forensic findings

" Readers of the Cnet news outlet have brought it to our attention that a commentator known as "ROBERT VAMOIS" has taken up post in replace of the well known journalist Joris Evers. We ask the security communtiy to investigate the incident and re-evaluate the agenda of the security media communi

[Full-disclosure] [USN-474-1] xscreensaver vulnerability

=== Ubuntu Security Notice USN-474-1 June 12, 2007 xscreensaver vulnerability CVE-2007-1859 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubu

Re: [Full-disclosure] Windows Oday release

On 2007-06-13 02:58+0800, Thomas Lim wrote: >dear all Dear all, this is not a 0day, it is a public release of a responsibly disclosed vulnerability. Thank you for sharing your research, Gadi. > >SChannel Off-By-One Heap Corruption >=== > >Discovery Date:

Re: [Full-disclosure] Windows Oday release

-Original Message- From: Thomas Lim <[EMAIL PROTECTED]> To: full-disclosure@lists.grok.org.uk ; [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]> Sent: Tue Jun 12 14:58:24 2007 Subject: Windows Oday release dear all SChannel Off-By-One Heap Corruption ==

[Full-disclosure] Windows Oday release

dear all SChannel Off-By-One Heap Corruption === Discovery Date: 28th August 2006 Date reported to Microsoft: 19th March 2007 Summary: The Secure Channel (SChannel) library on WinXP-SP1/SP2 is vulnerable to a off-by-one heap buffer overwrite. The SChannel library

[Full-disclosure] iDefense Security Advisory 06.12.07: YaBB Forum member.vars CRLF Injection Privilege Escalation Vulnerability

YaBB Forum member.vars CRLF Injection Privilege Escalation Vulnerability iDefense Security Advisory 06.12.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 12, 2007 I. BACKGROUND YaBB (Yet another Bulletin Board) is an Open Source community forum system written in Perl. More informat

[Full-disclosure] iDefense Security Advisory 06.12.07: Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability

Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability iDefense Security Advisory 06.12.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 12, 2007 I. BACKGROUND Internet Explorer is a set of core technologies in Microsoft Windows operating

[Full-disclosure] ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability

ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-038.html June 12, 2007 -- CVE ID: CVE-2007-1751 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 6.x Internet Explorer 7.

[Full-disclosure] ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability

ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-037.html June 12, 2007 -- CVE ID: CVE-2007-3027 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 6.x Internet

[Full-disclosure] [ MDKSA-2007:120 ] - Updated Firefox packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:120 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] Safari for Windows, 0day URL protocol handler command injection

Interesting thing to think about ... Does it benefit Apple to have an insecure browser on Windows? If the millions of clueless computer users get owned will they be able to understand that it was Safari's fault or just that their windows box got compromised and now they have grief and financial

[Full-disclosure] [Off topic] Safari on Windows networked share question

Anyone see if Safari for Windows will open an html file on a Windows share? IE: file:/machinename/directory/index.html Firefox/IE open this just fine, but Safari on Windows gives me: The error was: .unknown error. (NSPOSIXErrorDomain:22) Thanks all! James

[Full-disclosure] n3td3v rumours Month of Safari Bugs (MoSB)

" Reader post by: n3td3v Posted on: June 12, 2007, 6:47 AM PDT Story: Safari for Windows not so secure It is known the Month of Safari Bugs is being coordinated with elements of the underground. Watch Full-Disclosure mailing list for more i

Re: [Full-disclosure] Safari for Windows, 0day URL protocol handler command injection

Steven Adair wrote: > Looks like a few others have been found: > > http://erratasec.blogspot.com/2007/06/nce.html > > Steven > securityzone.org > > >> Apple released version 3 of their popular Safari web browser today, with >> the added twist of offering both an OS X and a Windows version. G

Re: [Full-disclosure] Safari for Windows,

Andrew Redman wrote: > I wouldn't put it past Apple to steal associations in a nearly silent > manner so that Safari becomes the default browser for untold numbers of > Itunes users. How many of those with serious clue deficiencies would be > willing or able to change all of those associations b

[Full-disclosure] [ MDKSA-2007:119 ] - Updated Thunderbird packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:119 http://www.mandriva.com/security/ ___

[Full-disclosure] [SECURITY] [DSA 1307-1] New OpenOffice.org packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1307-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze June 12th, 2007

Re: [Full-disclosure] Safari for Windows, 0day URL protocol handler command injection

I wouldn't put it past Apple to steal associations in a nearly silent manner so that Safari becomes the default browser for untold numbers of Itunes users. How many of those with serious clue deficiencies would be willing or able to change all of those associations back? Apple could make Safari

[Full-disclosure] ZDI-07-036: Arris Cadant C3 CMTS Remote DoS Vulnerability

ZDI-07-036: Arris Cadant C3 CMTS Remote DoS Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-036.html June 11, 2007 -- CVE ID: CVE-2007-2796 -- Affected Vendor: Arris -- Affected Products: Cadant C3 -- Vulnerability Details: This vulnerability allows remote attackers to cause a

Re: [Full-disclosure] [WEB SECURITY] Re: SECNICHE : Dwelling Security is On the Run

[EMAIL PROTECTED] wrote: > In an admittedly brief review of this page, I saw nothing useful or > informative to my career in information assurance. > > Congratulations on posting your personal website. > > Regards, > Dave Druitt > -- > CSO > InfoSec Group > 703-626-6516 > > > > --

[Full-disclosure] [SECURITY] [DSA 1306-1] New xulrunner packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1306-1[EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff June 12th, 2007

Re: [Full-disclosure] [WEB SECURITY] Re: SECNICHE : Dwelling Security is On the Run

Dear Dave, dan> In an admittedly brief review of this page, I saw nothing dan> useful or informative to my career in information assurance. Well then maybe reconsider a sew career, a CSO that is not open to new information doesn't deserve it' title I guess. But thanks to let the world know that y

[Full-disclosure] using matasano's blackbag/deezee to find 0day and stuff

remote un-passworded root access in IBM's totalstorage ds400 storage thingie, like this: # download deezee from http://www.matasano.com/tools/deezee.tar.gz # download firmware for totalstorage ds400 lort# wget -q http://parker.vslib.cz/MIRRORS/ftp.adaptec.com/tmp0001/oem/ibm/IBM_TotalStorage_DS_Se

Re: [Full-disclosure] Safari for Windows, 0day URL protocol handler command injection

Looks like a few others have been found: http://erratasec.blogspot.com/2007/06/nce.html Steven securityzone.org > Apple released version 3 of their popular Safari web browser today, with > the added twist of offering both an OS X and a Windows version. Given > that Apple has had a lousy trac

Re: [Full-disclosure] SECNICHE : Dwelling Security is On the Run

In an admittedly brief review of this page, I saw nothing useful or informative to my career in information assurance. Congratulations on posting your personal website. Regards, Dave Druitt -- CSO InfoSec Group 703-626-6516 -- Original message from Aditya K Sood <[EMAIL PROTEC

Re: [Full-disclosure] Safari for Windows, 0day URL protocol handler command injection

>>Apple released version 3 of their popular Safari web browser today, with the added twist of offering both an OS X and a Windows version. Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecti

[Full-disclosure] Safari for Windows, 0day URL protocol handler command injection

Apple released version 3 of their popular Safari web browser today, with the added twist of offering both an OS X and a Windows version. Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expec

[Full-disclosure] Month of Random Hashes: DAY THREE

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [ITEM #1] md5: 53da840b93b8a209fe273c0a6011a53b sha1: f23d002845794ab3f34b0bfc925b87017b1a4920 sha256: 298c8122826de54d9753850fd7fd7dfbf2490b5784d76f48d166526be819e03a [ITEM #2] md5: bed4346e8662918e654ac4a85a9c08e8 sha1: e62d1f28787b489c369471a707825

[Full-disclosure] internet drug dealer Pigslop actively seeking "bounty hunter hackers"

Pigslop, admitted internet drug-dealer, is currently seeking "bounty hunter hackers" for malicious activities: http://www.encyclopediadramatica.com/Pigslop http://blog.myspace.com/index.cfm?fuseaction=blog.view&friendID=2605&blogID=274078127&MyToken=3a45d1b8-d75d-4235-a643-94ed3cd711dc be c

Re: [Full-disclosure] Source code of the belgian electoral voting system

On 6/11/07, Thierry Zoller <[EMAIL PROTECTED]> wrote: > Dear John, > JS> http://www.ibz.rrn.fgov.be/index.php?id=627 > > Is this a joke ? I have never seen such useless logging in my whole > life, this reads like pre-historic code, also cool how they check if > it's really a backup disc. > > Thumbs