Re: [Full-disclosure] extension for Firefox to force HTTPS always?

on the google sites; customisegoogle lets you force them into ssl. but obviously that's not all sites. On 10/13/07, Kristian Erik Hermansen <[EMAIL PROTECTED]> wrote: > So one example is that you are in a wifi cafe and you want to browse > sites which may be available on both http and https. One

[Full-disclosure] [ GLSA 200710-14 ] DenyHosts: Denial of Service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] [ GLSA 200710-13 ] Ampache: Multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Re: [Full-disclosure] extension for Firefox to force HTTPS always?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear 3APAPA, In the English language, the words criticism and suggestion are not synonyms. If you could please kindly point out where Vladis makes a suggestion (anywhere, anytime), or says anything constructive (anywhere, anytime), or anything remote

Re: [Full-disclosure] extension for Firefox to force HTTPS always?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No idea you got an idea big guy? No? Shut the fuck up. On Fri, 12 Oct 2007 22:45:12 -0400 [EMAIL PROTECTED] wrote: >On Sat, 13 Oct 2007 02:15:39 -, [EMAIL PROTECTED] >said: > >> I don't know about a browser extension, but you might be able to >i

[Full-disclosure] [EMAIL PROTECTED]

will the user with the e-mail address [EMAIL PROTECTED] please shut the fuck up. valdis is a respected member of the security community, he is a senior member, so will you shut up? i consider him a friend, he has never attacked you, so why are you attacking him? if you want to attack someone, att

Re: [Full-disclosure] extension for Firefox to force HTTPS always?

On Sat, 13 Oct 2007 10:25:46 EDT, [EMAIL PROTECTED] said: > No idea you got an idea big guy? No, merely pointing out a under-specification of the problem. There's any number of ways that it *could* be set up - the question is what the *desired* behavior is. Blindly rewriting everything to https

[Full-disclosure] PHP File Sharing System 1.5.1

PHP File Sharing System - Directory traversal ++ Author: Jonas Thambert Date: 2007-10-13 URL: http://sourceforge.net/projects/phpfilesadmin/ Vendor Notified. Version: 1.5.1 (latest) [- Description -] PHP File Sharing System is vulnerable to directory

Re: [Full-disclosure] Email Disclaimers...Legally Liable if breached?

Thanks for the clarification. "Actual damages" and "profit" would be very difficult to quantify in most cases. If I remember correctly, "profit" is what the infringer made off the infringed work; it is not "loss of profit" on the creators part. Do you agree? Date: Thu, 11 Oct 2007 22:23:17 -0

Re: [Full-disclosure] extension for Firefox to force HTTPS always?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *wow* you win an *award* for most *stars* used in an *email* to demonstrate your *mental* *superiority* and the *dude* was not even talking about pentesting he was talking about *browsing teh interweb* at net cafes. *you* could have asked for *clarifi

Re: [Full-disclosure] [EMAIL PROTECTED]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *what* *has* *vladis* *ever* *done* *other* *than* *reply* *with* *smug* *offtopic* *responses* *proving* *his* *incompetence*? *i* *have* *reported* *your* *irc* *channel* *to* *cert* *and* *your* *email* *address* *to* *the *intelligence* *agencies

Re: [Full-disclosure] [EMAIL PROTECTED]

On 10/13/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > *what* *has* *vladis* *ever* *done* *other* *than* *reply* *with* > *smug* *offtopic* *responses* *proving* *his* *incompetence*? > > *i* *have* *reported* *your* *irc* *channel* *to*

Re: [Full-disclosure] extension for Firefox to force HTTPS always?

> demonstrate your *mental* *superiority* and the *dude* was not even > talking about pentesting he was talking about *browsing teh > interweb* at net cafes. look at the first mail of this thread and accept that you are wrong. But I realize that I'm expecting too much... *PLONK* -- Hail Eris!

Re: [Full-disclosure] [EMAIL PROTECTED]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *no* *you* On Sat, 13 Oct 2007 14:14:28 -0400 worried security <[EMAIL PROTECTED]> wrote: >On 10/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED]> >wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> *what* *has* *vladis* *ever* *done* *othe

Re: [Full-disclosure] extension for Firefox to force HTTPS always?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *you* *forgot* *about* *the* *greatest* *german* *of* *all* *time* *hail* *this* *dude* * http://www.thereef.ws/members/Mental_Ward_Rehab/graphics/modsride.gi f * >-- >Hail Eris! Hail Discordia! -BEGIN PGP SIGNATURE- Note: This signature can

[Full-disclosure] Clients buffer-overflow in Live for Speed 0.5X10

### Luigi Auriemma Application: Live for Speed http://www.lfs.net Versions: <= 0.5X10 Platforms:Windows Bug: client buffer-overflow during skins handling Exploitation:

Re: [Full-disclosure] [EMAIL PROTECTED]

On 10/13/07, Richard Golodner <[EMAIL PROTECTED] > wrote: > > Why don't you keep this offline between you and full-disclosure? I know > Valdis and he does not give a damn about any of this sophomoric stuff. When > you post legitimate security information your credibility is increased as > well as

[Full-disclosure] How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

You do know criminals read the mailing lists don't you? and if MI6 speak about preventing criminals and terrorists on the internet, they are very careful about what they say and their voice is distorted. http://news.bbc.co.uk/player/nol/newsid_615/newsid_6153000/6153092.stm?bw=bb&mp=rm&nol_stor

Re: [Full-disclosure] [EMAIL PROTECTED]

On 10/13/07, worried security <[EMAIL PROTECTED]> wrote: > On 10/13/07, Richard Golodner <[EMAIL PROTECTED] > wrote: > > > > > > > > > > Why don't you keep this offline between you and full-disclosure? I know > Valdis and he does not give a damn about any of this sophomoric stuff. When > you post l

Re: [Full-disclosure] [EMAIL PROTECTED]

On 10/13/07, [EMAIL PROTECTED] <[EMAIL PROTECTED] > wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > *no* *you* which hacker group are you associated with? i have opened a file for you which i'm inserting all your comments into to look back on the next time there is a big cyber attac

Re: [Full-disclosure] [EMAIL PROTECTED]

Whoops and sorry Richard! I thought you were referring to the conversation between netdev([EMAIL PROTECTED]) and netdev([EMAIL PROTECTED]). It is obvious from reading further you were referring to netdev's threat of bodily harm to Gadi. once again, sorry about the mess-up -JP On 10/13/07, Dude V

Re: [Full-disclosure] [EMAIL PROTECTED]

On 10/13/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > > On 10/13/07, worried security <[EMAIL PROTECTED]> wrote: > > On 10/13/07, Richard Golodner <[EMAIL PROTECTED] > wrote: > > > > > > > > > > > > > > > Why don't you keep this offline between you and full-disclosure? I > know > > Valdis and he

[Full-disclosure] Netgear SSL312 XSS vulnerability

- || WWW.SMASH-THE-STACK.NET || - || ADVISORY: NETGEAR SSL312 XSS VULNERABILITY _ || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: RISK LEVEL

Re: [Full-disclosure] [EMAIL PROTECTED]

On 10/13/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > Whoops and sorry Richard! I thought you were referring to the > conversation between netdev([EMAIL PROTECTED]) and > netdev([EMAIL PROTECTED]). It is obvious from reading > further you were referring to netdev's threat of bodily harm to Gadi

Re: [Full-disclosure] [EMAIL PROTECTED]

You people argue like teenagers on dope! I seriously doubt Gadi cares whether you like him or not!He has a life of his own.Why don't you try it. Regards, Scott worried security wrote: > On 10/13/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > > >> Whoops and sorry Richard! I thought you we

Re: [Full-disclosure] [EMAIL PROTECTED]

On 10/13/07, scott <[EMAIL PROTECTED]> wrote: > You people argue like teenagers on dope! > > I seriously doubt Gadi cares whether you like him or not!He has a life > of his own.Why don't you try it. > > Regards, > Scott I'm not on dope, i'm british, 26 years old and serious, so will you stop tr

Re: [Full-disclosure] [EMAIL PROTECTED]

LOL!What are you saying,that you are Internet security mafia? I'm 44 and have been serious about security for almost as long as you've been on this planet! Not everyone on these lists are blackhat hackers.Some actually have respect for admins and their struggles.Been there,done that. Regards,

[Full-disclosure] Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available

KJK::Hyperion ha scritto: > Since this issue is a great big rats nest, I promise a third-party patch > for it by tomorrow. Deal? And "tomorrow" turned out to be "whenever it's done". Here is it, have a temporary, third-party patch for CVE-2007-3896, by yours truly:

Re: [Full-disclosure] Remote Desktop Command Fixation Attacks

ok, I am not questioning whether it is needed or not... anyway, instead of mailing a huge chunk of text again and clogging everyones email account, I decided to post my thoughts on the blog where they should be anyway, here is the link: http://www.gnucitizen.org/blog/clear On 10/12/07, Thor (Hamm