==
Secunia Research 27/06/2007
- Symantec Mail Security for SMTP Boundary Errors -
==
Table of Contents
Affected
==
Secunia Research 26/06/2007
- KVIrc irc:// URI Handler Command Execution Vulnerability -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0030-1
Published: 2007-06-28
Rating: Minor
Updated Versions:
avahi=/[EMAIL PROTECTED]:1-devel//1/0.6.20-1-1
avahi-glib=/[EMAIL PROTECTED]:1-devel//1/0.6.20-1-1
avahi-sharp=/[EMAIL
Hello folks,
I have the occasion of needing to get an opinion on how 'difficult'
it would be to hack into (bypassing the 10-guess password limit, and
assuming complex passwords) a Windows 2003 Mobile Edition PDA.
Thoughts?
Thanks. //RX8volution.
Dear RX8volution,
It would be easy.
J
On Thu, 28 Jun 2007 11:01:10 -0400 rx8volution
[EMAIL PROTECTED] wrote:
Hello folks,
I have the occasion of needing to get an opinion on how
'difficult'
it would be to hack into (bypassing the 10-guess password limit,
and
assuming complex passwords)
It's pretty easy to attack Windows Mobile. There was a good presentation at
Shmoocon 07 regarding that topic. If you can grab the slides it would be a
good starting point.
If you get physical access the game is over. Generally the things mount
automagically as a hard drive. Even if they don't 9
Well, it depends on the context.
A story went around some years ago about a colleague who was in London. Once he
got his
PhD (in physics), he had a sign made which read DOCTOR VISITING which was
placed in his
dashboard when he double parked now and again (parking spaces being hard to
find in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/27/07, coderman [EMAIL PROTECTED] wrote:
On 6/27/07, Dr. Neal Krawetz PhD nealkrawetz.org wrote:
We heard you the first time, gobbles aka n3td3v.
the ruse has died since jt5944 spoiled the fun. ~_~;
coderman - spoiled? the fun is only
Yes Shmoo con was a great talk! There should be some stuff online
On 6/28/07, matthew wollenweber [EMAIL PROTECTED] wrote:
It's pretty easy to attack Windows Mobile. There was a good presentation
at Shmoocon 07 regarding that topic. If you can grab the slides it would be
a good starting point.
Seems we may soon see some interesting problems:
--
Various developers are busy implimenting workarounds for serious bugs
in Intel's Core 2 cpu.
These processors are buggy as hell, and some of these bugs don't just
cause development/debugging problems, but
Reader post by: n3td3v
Posted on: June 28, 2007, 10:49 AM PDT
Story: Solving the Web security
challengehttp://news.com.com/2009-1002-6189437.html?tag=tb
the information security director for Yahoo wants MSN and Google to share
intelligence on hackers sending in information that Yahoo should be
On 6/27/07, Month of Random Hashes [EMAIL PROTECTED] wrote:
snip
My additions. These are of use to me, and possibly others.
(md5)
hash i 814521e15bd92880fc27811707c8156f
hash u 5c9483e84b320d017dea913c237b5ff2
___
Full-Disclosure - We believe in it.
- Basically the MMU simply does not operate as specified/implimented
in previous generations of x86 hardware. It is not just buggy, but
Intel has gone further and defined new ways to handle page tables
(see page 58).
I'm not sure about this - I understood it to mean that if you
It's scary that these things cannot be patched. And this post will probably
result in intel taking down that document saying look now there are now no
holes
On 6/28/07, Peter Ferrie [EMAIL PROTECTED] wrote:
- Basically the MMU simply does not operate as specified/implimented
in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1323-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
June 28th, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1324[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
June 28, 2007
-
Google Re-authentication Bypass with SID and LSID cookies
This document is also available at:-
http://susam.in/security/advisory-2007-06-29.txt
Researcher:-
Susam Pal
Type:-
Session management error
Timeline:-
2007-06-21 - Discovered
2007-06-22 - Reported to vendor
2007-06-29 - Public
interesting concept.. harvesting a polycom device for Botnet's.
hm.. the key would be how the heck to get the stealthware on such a
device ??
On 6/27/07, Paul Schmehl [EMAIL PROTECTED] wrote:
--On June 27, 2007 3:27:28 PM -0400 Adriel T. Desautels
[EMAIL PROTECTED] wrote:
Paul,
In the 'Vulnerability' section, the URL to the previous advisory is
mentioned as:-
http://susam.in/security/advisory-2007-06-21.txt
This is incorrect. The correct URL is:-
http://susam.in/security/advisory-2007-06-22.txt
Regards,
Susam Pal
[EMAIL PROTECTED]
http://susam.in/
Susam Pal wrote,
Month of Random Hashes wrote:
[ITEM #1]
md5: 27cd1bb8a6b93c061fb0ad38031ca33d
sha1: 41b1f79e2f5a53ff182d03ca3fc00644a1173e4c
sha256:
0fba5450776398db658ca16d9b45e20e218d3f514d800586bf6778bcbb3d3088
Do I need to send out another hash of my ash to make this nonsense stop?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
FAQ coming soon.
Please be patient.
On Thu, 28 Jun 2007 23:06:15 -0400 Jared DeMott [EMAIL PROTECTED]
wrote:
Month of Random Hashes wrote:
[ITEM #1]
md5: 27cd1bb8a6b93c061fb0ad38031ca33d
sha1: 41b1f79e2f5a53ff182d03ca3fc00644a1173e4c
sha256:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ITEM #1]
md5: 27cd1bb8a6b93c061fb0ad38031ca33d
sha1: 41b1f79e2f5a53ff182d03ca3fc00644a1173e4c
sha256:
0fba5450776398db658ca16d9b45e20e218d3f514d800586bf6778bcbb3d3088
[ITEM #2]
md5: be96c89cd42e117fd0597d3848d4bad7
sha1:
comments inline
At this stage,
ideally the session should be disabled and should be enabled only after
the user re-authenticates himself. However, the session associated with
SID and LSID cookies remain alive at the server side.
That *certainly* doesn't prove a threat. It is by-design and
Month of Random Hashes wrote:
FAQ coming soon.
Please be patient.
ok, just having a little fun. Go ahead.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks love.
On Thu, 28 Jun 2007 23:37:09 -0400 Jared DeMott [EMAIL PROTECTED]
wrote:
Month of Random Hashes wrote:
FAQ coming soon.
Please be patient.
ok, just having a little fun. Go ahead.
-BEGIN PGP SIGNATURE-
Note: This signature can
Reply to Debasis inline:-
At this stage,
ideally the session should be disabled and should be enabled only after
the user re-authenticates himself. However, the session associated with
SID and LSID cookies remain alive at the server side.
That *certainly* doesn't prove a threat. It is
26 matches
Mail list logo
