So one example is that you are in a wifi cafe and you want to browse
sites which may be available on both http and https. One example is
when you browse google calendar. By default you will get http even
after logging in over https. It doesn't really matter anyways and I
should just code this
on the google sites; customisegoogle lets you force them into ssl. but
obviously that's not all sites.
On 10/13/07, Kristian Erik Hermansen [EMAIL PROTECTED] wrote:
So one example is that you are in a wifi cafe and you want to browse
sites which may be available on both http and https. One
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200710-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear 3APAPA,
In the English language, the words criticism and suggestion are not
synonyms. If you could please kindly point out where Vladis makes
a suggestion (anywhere, anytime), or says anything constructive
(anywhere, anytime), or anything
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No idea you got an idea big guy?
No? Shut the fuck up.
On Fri, 12 Oct 2007 22:45:12 -0400 [EMAIL PROTECTED] wrote:
On Sat, 13 Oct 2007 02:15:39 -, [EMAIL PROTECTED]
said:
I don't know about a browser extension, but you might be able to
will the user with the e-mail address [EMAIL PROTECTED] please
shut the fuck up.
valdis is a respected member of the security community, he is a senior
member, so will you shut up? i consider him a friend, he has never attacked
you, so why are you attacking him?
if you want to attack someone,
On Sat, 13 Oct 2007 10:25:46 EDT, [EMAIL PROTECTED] said:
No idea you got an idea big guy?
No, merely pointing out a under-specification of the problem. There's any
number of ways that it *could* be set up - the question is what the *desired*
behavior is. Blindly rewriting everything to
PHP File Sharing System - Directory traversal
++
Author: Jonas Thambert
Date: 2007-10-13
URL: http://sourceforge.net/projects/phpfilesadmin/
Vendor Notified.
Version: 1.5.1 (latest)
[- Description -]
PHP File Sharing System is vulnerable to directory
Thanks for the clarification. Actual damages and profit would be very
difficult to quantify in most cases. If I remember correctly, profit is what
the infringer made off the infringed work; it is not loss of profit on the
creators part. Do you agree?
Date: Thu, 11 Oct 2007 22:23:17 -0700
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*wow* you win an *award* for most *stars* used in an *email* to
demonstrate your *mental* *superiority* and the *dude* was not even
talking about pentesting he was talking about *browsing teh
interweb* at net cafes.
*you* could have asked for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*what* *has* *vladis* *ever* *done* *other* *than* *reply* *with*
*smug* *offtopic* *responses* *proving* *his* *incompetence*?
*i* *have* *reported* *your* *irc* *channel* *to* *cert* *and*
*your* *email* *address* *to* *the *intelligence*
On 10/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*what* *has* *vladis* *ever* *done* *other* *than* *reply* *with*
*smug* *offtopic* *responses* *proving* *his* *incompetence*?
*i* *have* *reported* *your* *irc* *channel* *to* *cert*
demonstrate your *mental* *superiority* and the *dude* was not even
talking about pentesting he was talking about *browsing teh
interweb* at net cafes.
look at the first mail of this thread and accept that you are wrong.
But I realize that I'm expecting too much...
*PLONK*
--
Hail Eris!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*no* *you*
On Sat, 13 Oct 2007 14:14:28 -0400 worried security
[EMAIL PROTECTED] wrote:
On 10/13/07, [EMAIL PROTECTED] full-
[EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*what* *has* *vladis* *ever* *done* *other*
###
Luigi Auriemma
Application: Live for Speed
http://www.lfs.net
Versions: = 0.5X10
Platforms:Windows
Bug: client buffer-overflow during skins handling
Exploitation:
On 10/13/07, Richard Golodner [EMAIL PROTECTED] wrote:
Why don't you keep this offline between you and full-disclosure? I know
Valdis and he does not give a damn about any of this sophomoric stuff. When
you post legitimate security information your credibility is increased as
well as the
You do know criminals read the mailing lists don't you? and if MI6 speak
about preventing criminals and terrorists on the internet, they are very
careful about what they say and their voice is distorted.
On 10/13/07, worried security [EMAIL PROTECTED] wrote:
On 10/13/07, Richard Golodner [EMAIL PROTECTED] wrote:
Why don't you keep this offline between you and full-disclosure? I know
Valdis and he does not give a damn about any of this sophomoric stuff. When
you post legitimate
On 10/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED]
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*no* *you*
which hacker group are you associated with? i have opened a file for you
which i'm inserting all your comments into to look back on the next time
there is a big cyber attack, so
Whoops and sorry Richard! I thought you were referring to the
conversation between netdev([EMAIL PROTECTED]) and
netdev([EMAIL PROTECTED]). It is obvious from reading
further you were referring to netdev's threat of bodily harm to Gadi.
once again, sorry about the mess-up
-JPthe infallible
On
On 10/13/07, Dude VanWinkle [EMAIL PROTECTED] wrote:
On 10/13/07, worried security [EMAIL PROTECTED] wrote:
On 10/13/07, Richard Golodner [EMAIL PROTECTED] wrote:
Why don't you keep this offline between you and full-disclosure? I
know
Valdis and he does not give a damn about
-
|| WWW.SMASH-THE-STACK.NET ||
-
|| ADVISORY: NETGEAR SSL312 XSS VULNERABILITY
_
|| 0x00: ABOUT ME
|| 0x01: DATELINE
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
|| 0x04: RISK LEVEL
On 10/13/07, Dude VanWinkle [EMAIL PROTECTED] wrote:
Whoops and sorry Richard! I thought you were referring to the
conversation between netdev([EMAIL PROTECTED]) and
netdev([EMAIL PROTECTED]). It is obvious from reading
further you were referring to netdev's threat of bodily harm to Gadi.
You people argue like teenagers on dope!
I seriously doubt Gadi cares whether you like him or not!He has a life
of his own.Why don't you try it.
Regards,
Scott
worried security wrote:
On 10/13/07, Dude VanWinkle [EMAIL PROTECTED] wrote:
Whoops and sorry Richard! I thought you were
KJK::Hyperion ha scritto:
Since this issue is a great big rats nest, I promise a third-party patch
for it by tomorrow. Deal?
And tomorrow turned out to be whenever it's done. Here is it, have a
temporary, third-party patch for CVE-2007-3896, by yours truly:
26 matches
Mail list logo