On 10/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> dunno dude you're the one who types all the asinine shit all the
> time in such smug fashions... and what picture did you forget the
> attachment or something
Dude, having arguments with
Nice explanation Vladis, thanks!
Cheers,
-Nikolay
[EMAIL PROTECTED] wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Wow Vladis shut the fuck up
>
> On Fri, 05 Oct 2007 10:35:36 -0400 [EMAIL PROTECTED] wrote:
>
>> On Thu, 04 Oct 2007 22:22:14 EDT, Brian Toovey said:
>>
>>> Doe
[Disclosure: I work for Microsoft. But this is my opinion, not Microsoft's]
If I click on the test link in IE 7, by itself, it does not have the
vulnerability.
The applications in question are accepting abitrary input and not validating
correctly.
How is that a Microsoft or Windows problem?
I do not have Core Impact7.x, so you could send to me first, after
using, I could tell you my thought on it ;)
BTW: I also do not have CANVAS and argeniss 0day pack. you could send
to me all of it and I will tell you my feeling and we could deeply
discuss. ;p LOL
2007/10/6, Kristian Erik Herm
Dear Roger,
RAG> The applications in question are accepting abitrary input and not
validating correctly.
Please define "correctly" in case of an Uri handler. I am not aware
of special attack vectors or injections that I should be filtering in
case of mailto: calls, are there any? If yes, where ar
All,
SSHatter, the SSH brute forcer is now up to release 0.6. New since the last
announcement include:
* Changes allowing rudimentary username enumeration via timing attacks (as
described in
http://www.securityfocus.com/archive/1/archive/1/448025/100/0/threaded) have
been implemented. These
Hi all
I reported a bug to Apple about their new version of Safari and
they denied it was a problem, so I released a Safari zero day and
now it appears to work on the iPhone, more details available here:-
http://www.thespanner.co.uk/2007/10/03/iphone-safari-zero-day/
Cheers
Gareth
--
Prices,
- Original Message -
From: "Thierry Zoller" <[EMAIL PROTECTED]>
> What you call for is in essence - mitigation, yes it's fine to mitigate
> a "vulnerability". But shouldn't we be concentrating on finding and
> fixing the root cause instead of trying to mitigate the problem in
> (hundrets)
Dear Geo.,
G> If the application is what exposes the URI handling routine to untrusted
G> code from the internet,
Sorry, Untrusted code from the internet ?
The user clicks on a mailto link, is that untrusted code?
Or the mailto link is clicked for him.
Anyways, the mailto link
POST IE7 has a fla
In my opinion, every application should handle incoming data as bad data.
Its poor programming to assume that incoming data is properly formatted and
safe to process as is, even if the data is supposed to come from a process
you own. Why so extreme? Because the bad guys are going to figure out h
http://news.bbc.co.uk/1/hi/programmes/click_online/7029540.stm
read this, its very very very interesting.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secu
What I see as "root cause", is not what IE7 has changed. Windows was
always confused about quoting, may parse and re-parse a command an
unspecified number of times. Compared to Unix, it confuses system(3)
with execl(3).
In the registry there are shell\open\command keys, set to 'prog %1'. It
should
Paul Szabo ha scritto:
> What I see as "root cause", is not what IE7 has changed. Windows was
> always confused about quoting, may parse and re-parse a command an
> unspecified number of times. Compared to Unix, it confuses system(3)
> with execl(3).
You cannot compare them, Windows doesn't have a
- Original Message -
From: "Thierry Zoller" <[EMAIL PROTECTED]>
> The user clicks on a mailto link, is that untrusted code?
Depends on where the link comes from. If it's a shortcut on the users
desktop no it's not untrusted, if it's in a PDF file you received in your
email then yes it'
14 matches
Mail list logo
