[EMAIL PROTECTED] wrote:
Some people don't know when to quit when they're behind. Thank you for
volunteering to be the first on my ban list. Your stupidity has been duly
rewarded.
I small tip: Ban all of Hushmail. Nothing good ever comes from that domain.
--
Hawaiian Astronomical
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1386-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 15th, 2007
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1386-2[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 15th, 2007
I tested this on three Windows XP machines and was able to make them
all crash. There is an issue with the way Microsoft's default
compressed file handler deals with embedded compressed files. I don't
have much time to investigate further, since I am in Atlanta all this
week for SPICON and don't
Best thread ever man.
J
On Sat, 13 Oct 2007 17:48:11 -0400 worried security
[EMAIL PROTECTED] wrote:
On 10/13/07, Dude VanWinkle [EMAIL PROTECTED] wrote:
Whoops and sorry Richard! I thought you were referring to the
conversation between netdev([EMAIL PROTECTED]) and
netdev([EMAIL
military grade exploits? :) dude, I am sorry man.. but you are living
in some kind of a dream world. get real, most of the military hacks
are as simple as bruteforcing the login prompt.. or trying something
as simple as XSS. the reason XSS is soo neat is because it bypasses
all firewalls... what?,
you win man... I must have been mad to challenge you... check this
out.. you are my hero of the day:
http://www.gnucitizen.org/about/pdp#comment-58407
On 10/14/07, phioust [EMAIL PROTECTED] wrote:
On 10/14/07, pdp (architect) [EMAIL PROTECTED] wrote:
military grade exploits? :) dude, I am
CQ,
maybe I am making a huge mistake for responding to your message, but
let see. this is what I think about security in depth in a bit more
detail.
let say that we have a wireless network which is guarded by security
in depth network administrators. the first thing they will do is to
secure
If you want my take on how to secure a wireless network I'd approach it like
this:
1) wpa2 (of course)
2) mac restrictions (yes, keeping a list of legitimate mac's will be required,
but if you don't have an automated inventory system in this day and age then
how are you ensuring nothing goes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The attached either exploit or demonstrate a rash of remotely
exploitable bugs in eXtremail =2.1.1 which perhaps should be
renamed to the more apt name of eXtremely-rootable-mail...
of course, in the grand schema, these are more-or-less completely
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think you're just terribly unfunny.
On Sun, 14 Oct 2007 23:20:56 -0400 Dude VanWinkle
[EMAIL PROTECTED] wrote:
On 10/14/07, [EMAIL PROTECTED] full-
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Explain your joke Mister
haha thats really funny :-p u read full disclose on ur black berry :-p
On 10/15/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I wonder if I can start billing for the waste of storage space and time that
these stupid emails are causing me. I know it has been proposed to bill
spammers
You can take defence in depth too far (or misinterpret it and implement
something that's just overcomplex)... actually, I think this e-mail
demonstrates how not to do defence in depth. Here's my take on this
approach:
[EMAIL PROTECTED] wrote:
If you want my take on how to secure a wireless
Can't even keep up with legitimate security related posts anymore.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
All mediums of communication eventually fail because of (1) no access to
control or authentication of contributors (i.e. e-mail spam), or (2) no/poor
moderation (i.e. trolls).
On 10/15/07, Vlad Hackula [EMAIL PROTECTED] wrote:
Can't even keep up with legitimate security related posts anymore.
Tom Serson (T.C.) notable failed troll.
* claims to have edited various articles on Encyclopedia Dramatica
* His mother and father had an irl intervention with him over his internet use,
srsly. 100% true.
* Believes he'll be the next Howard Stern but can currently be found serving
coffee at
another thing of failure is sending such mails :-p
On 10/15/07, John C. A. Bambenek, CISSP [EMAIL PROTECTED] wrote:
All mediums of communication eventually fail because of (1) no access to
control or authentication of contributors (i.e. e-mail spam), or (2) no/poor
moderation (i.e. trolls).
The list is what YOU make it!
The best thing about this list is the raw entertainment and unfiltered
commentary by some of the funniest people alive.
On 10/15/07, Vlad Hackula [EMAIL PROTECTED] wrote:
Can't even keep up with legitimate security related posts anymore.
Tom Serson (T.C.) notable failed troll.
* claims to have edited various articles on Encyclopedia Dramatica
* His mother and father had an irl intervention with him over his internet use,
srsly. 100% true.
* Believes he'll be the next Howard Stern but can currently be found serving
coffee at
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0445.html
this contributes nothing to the security field but you are still bitching a
year later.
http://www.networksecurityarchive.org/html/FullDisclosure/2007-05/msg00177.html
and here is a post of yours talking about myspace
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What do these things have in common?
Well for one pdp and drraid share an extremme fetish for sick porn,
but also they love to post info on future ( read non-existant )
0day/exploits that they have possession of. As noted in previous
research [1]
Dear Kristian Erik Hermansen,
Can not reproduce it on patched Windows XP. May be it's DynaZIP library
buffer overflows fixed with MS04-34.
--Monday, October 15, 2007, 12:19:31 PM, you wrote to
full-disclosure@lists.grok.org.uk:
KEH I tested this on three Windows XP machines and was able to
I did not realize that 'script kiddies' use 'undocumented vulnerabilities'.
( I thought they used milw0rm ). Can you clarfiy? Is anyone that hacks a
script kiddie to you?
On 10/15/07, Vlad Hackula [EMAIL PROTECTED] wrote:
script kiddies were owning myspace using what appeared to be undocumented
Dear Radu State,
As far as I understood the issue, it requires active Man-in-the-Middle
attack. Digest authentication, like any authentication without traffic
encryption or traffic signing, doesn't protect against active M-i-t-M,
because active M-i-t-M can always force client to
On 10/15/07, 3APA3A [EMAIL PROTECTED] wrote:
Can not reproduce it on patched Windows XP. May be it's DynaZIP library
buffer overflows fixed with MS04-34.
I think it should work. Try this and let me know if the ZIP handler crashes...
* Open .zip
* Then the
On a windows xp sp2
opened the zip file - no crash
opened the subfile - no crash
traversed one level up - crash
Almost identical behavior when explorer is attached to OllyDbg
but explorer is being respawned when the debugger is closed.
its too late for me to check it in detail, anyone else might
The problem in this case is that once you sniff the digest, it can be reused
forever. It does not expire on the server side, which is something that
should not happen. That is, an attacker can call forever, even though he
does not know the secret.
The minor issue is that the digest is not
Why don't you grow up and go away!
[EMAIL PROTECTED] wrote:
What do these things have in common?
Well for one pdp and drraid share an extremme fetish for sick porn,
but also they love to post info on future ( read non-existant )
0day/exploits that they have possession of. As noted in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1387[EMAIL PROTECTED]
http://www.debian.org/security/ Florian Weimer
October 15th, 2007
Hi,
This is actually a 3 years old vulnerability.
It can also be used to open any type of file (with .exe extension) using its
external application, instead of opening it with the associated browser
plug-in (if exists).
E.g. I've been able to use this old vuln to automate the PDF attack vector
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:198
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:197
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:195
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:196
http://www.mandriva.com/security/
While it may be immature to make fun of pdp architect and drraid about
incest and beastiality while its probably not true, I still wonder why they
would post info about vulnerabilities only to not release them. The only
thing i can think of is 'fame' and its obviously working against them.
*pdp
Do you understand the concept of protecting people and corporations from
total idiots trying to gain access to their systems?PDP just lets others
know what he found,while the offending company is working on a fix,in a
minimal way.
If you were a true researcher,you should be able to find the same
36 matches
Mail list logo
