please, if you know kevin bacon, can you forward this mail to him, and
have him reply to me? or at least if you know someone who you think
might then know him, please send it on. i'm testing something.
thanks.
==
hi kevin!
it's mike! how
SEC Consult Security Advisory < 20071101-0 >
=
title: Multiple vulnerabilities in SonicWALL SSL-VPN
Client
* Deletion of arbitrary files on the
Hi,
You're wrong. First of all, yes, is a preauth sql injection in an "admin
console" but, if you have privileges to connect to the Oracle Financials
instance, even as a normal unprivileged user, you have sufficient
privileges to access it. You don't need to have assigned the SYSADMIN
responsabili
Heh... not sure what government you're referring to... btw, you going to
answer my earlier question or not?
reepex wrote:
> dont you listen to pdp ever? the government uses xss and bruteforces
> remote desktop logins
>
> http://seclists.org/fulldisclosure/2007/Oct/0417.html
>
> pdp: "military gr
What did your last slave die of?
Dirk
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of silky
Sent: Donnerstag, 1. November 2007 12:45
To: Full-Disclosure
Subject: [Full-disclosure] an open letter to kevin bacon: hello,how's it
going?
please, if you know
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:203
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oh don't be so bloody sensationalist. You're worse than the
journalists because you should know better.
- -nnp
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (Darwin)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHKpQRbP10WPHfgnQRAtZ9AKDIydXWUjKG
On Nov 1, 2007 9:36 AM, Joxean Koret <[EMAIL PROTECTED]> wrote:
> First of all, yes, is a preauth sql injection in an "admin
> console" but, if you have privileges to connect to the Oracle Financials
> instance,
So as I said its 'post auth' sql injection but thanks for clarifying.
> And secon
It is funny that gadi does not post to this list anymore.. maybe its because
he knows people here can actually express their opinion against his retarded
posts without being moderated?
anyway of course gadi is going to jump over stuff like this because it takes
no technical knowledge to write abou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:204
http://www.mandriva.com/security/
___
rPath Security Advisory: 2007-0227-1
Published: 2007-10-31
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Denial of Service
Updated Versions:
[EMAIL PROTECTED]:1/1.1.23-14.3-1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-18
For whoever didn't hear, there is a Macintosh trojan in-the-wild being
dropped, infecting mac users.
Yes, it is being done by a regular online gang--itw--it is not yet another
proof of concept. The same gang infects Windows machines as well, just
that now they also target macs.
http://sunbeltbl
You're an idiot.
Save this as a script and run it, it will give you unlimited power:
#!/bin/sh
sudo rm -rf /
Enter your password if you are prompted.
Oh look, malware.
On Oct 31, 2007, at 5:21 PM, Gadi Evron wrote:
> For whoever didn't hear, there is a Macintosh trojan in-the-wild
> being d
> For whoever didn't hear, there is a Macintosh trojan in-the-wild being
> dropped, infecting mac users.
> Yes, it is being done by a regular online gang--itw--it is not yet
> another
> proof of concept. The same gang infects Windows machines as well, just
> that now they also target macs.
>
> htt
Steven Block to Gadi Evron:
> You're an idiot.
>
> Save this as a script and run it, it will give you unlimited power:
>
> #!/bin/sh
> sudo rm -rf /
>
> Enter your password if you are prompted.
>
> Oh look, malware.
Were you looking in a mirror while writing that?
If you think there are not
--On Thursday, November 01, 2007 13:27:07 -0600 Steven Block
<[EMAIL PROTECTED]> wrote:
> You're an idiot.
>
> Save this as a script and run it, it will give you unlimited power:
>
># !/bin/sh
> sudo rm -rf /
>
> Enter your password if you are prompted.
>
> Oh look, malware.
If you don't think t
On Nov 1, 2007 4:34 PM, Nick FitzGerald <[EMAIL PROTECTED]> wrote:
> Yes, today, the average level of clue among Mac users is probably a
> shade higher than amongst Windows users,
Is this a joke? The reason people switch to macs is because they cannot
handle simple tasks. Isnt the main thing s
--On Thursday, November 01, 2007 16:42:51 -0500 reepex <[EMAIL PROTECTED]>
wrote:
> On Nov 1, 2007 4:34 PM, Nick FitzGerald <[EMAIL PROTECTED]> wrote:
>
>
> Yes, today, the average level of clue among Mac users is probably a
> shade higher than amongst Windows users,
>
>
>
> Is this a joke? The
I will take that pepsi challenge... what is at stake ;)
On Nov 1, 2007 4:50 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote:
> --On Thursday, November 01, 2007 16:42:51 -0500 reepex <[EMAIL PROTECTED]>
> wrote:
>
> > On Nov 1, 2007 4:34 PM, Nick FitzGerald <[EMAIL PROTECTED]>
> wrote:
> >
> >
> > Yes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
There's a difference between ignoring something and making a statement like
'OS X is the new Windows 98.'
Its sensationalist and of no use, especially when posted to lists that
are supposedly populated with security experts. Everyone here is aware
of
reepex to me:
> > Yes, today, the average level of clue among Mac users is probably a
> > shade higher than amongst Windows users,
>
> Is this a joke? The reason people switch to macs is because they cannot
> handle simple tasks. Isnt the main thing said by new mac users is 'it just
> works' me
*CYBER TERRORISM*
*Talk about the current threat level.*
*Discuss the internet terror threat*
**
*SOFTWARE FLAWS*
*Post your own research or talk about other peoples.*
*Discuss technical vulnerabilities*
**
*SECURITY NEWS *
*Talk about news hitting the tv,radio and internet.*
*Discuss wha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On 11/1/07, nnp <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> There's a difference between ignoring something and making a statement like
>
> 'OS X is the new Windows 98.'
OK How about "iPhone is the new Win9x"? It is running a type of OSX,
one that is configured
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm not sure if you accidentally quoted my reply or not there, because
if you did you're completely missing my point. My issue is with the
format and content (or lack thereof) of the first post, I don't think
I mentioned the iPhone, *BSD, MS or at any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Wednesday 31 October 2007 13:21:00 Gadi Evron wrote:
> This means one thing: Apple's day has finally come and Apple users are
> going to get hit hard. All those unpatched vulnerabilities from years past
> are going to bite them in the behind.
>
> I can sum it up in one sentence: OS X is the new
On 10/31/07, Gadi Evron <[EMAIL PROTECTED]> wrote:
>
> For whoever didn't hear, there is a Macintosh trojan in-the-wild being
> dropped, infecting mac users.
> Yes, it is being done by a regular online gang--itw--it is not yet another
> proof of concept. The same gang infects Windows machines as we
Cross Site Scripting at howtoforge..
http://www.howtoforge.com/trip_search?keys=alert('XSS-Test')
Emmanouil Gavriil___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - h
> Let's not over-hype this-- while "Apple's day" has been coming, saying
that users will be "hit hard" on something the user has to
> manually download, manually execute, and explicitly grant
administrative privileges to is *way* over the top.
The future of malware is going to be largely through
So if i put a picture of a naked girl on a website and said to see more you
must open a terminal and enter "rm -rf".
Would we consider this a trojan...or just stupidity?
On 11/1/07, Alex Eckelberry <[EMAIL PROTECTED]> wrote:
>
> > Let's not over-hype this-- while "Apple's day" has been coming, say
On Thu, 1 Nov 2007, Jim Harrison wrote:
> While Apple-oriented threats may not get either the validation or the
> publicity (on hardly equals the other) that Windows attacks do, it's hardly
> accurate (much less fair) to make those comparisons.
> For all those comparative points, my Kaypro-4 runn
Actually, on that same note, I recently did an analysis of the last
three years of published Windows vulnerabilities.
86% required local end-user interaction (i.e. social engineering) to be
pulled off.
http://www.infoworld.com/article/07/10/19/42OPsecadvise-insider-threats_
1.html
I didn't analyz
Heh-heh; he said "Steve Gibson"; heh-heh-heh
Seriously; Tim is right.
While Apple-oriented threats may not get either the validation or the publicity
(on hardly equals the other) that Windows attacks do, it's hardly accurate
(much less fair) to make those comparisons.
For all those comparative p
There have been many threads on this subject, but I believe this post
below covers what some of us are trying to say on why this issue is
significant.
Obviously some people are far more articulate than me.
-- Forwarded message --
Date: Thu, 1 Nov 2007 16:47:17 -0400
From: PinkF
On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote:
> The future of malware is going to be largely through social engineering.
> Does that mean we ignore every threat that comes out because it requires
> user interaction? Seems like whistling past the graveyard to me.
Alex, no-one is sa
That's an interesting figure (86% that is). Can you give us some
insight into what you define as "user interaction"?
If it is clicking a link or reading an HTML email, then OK. If it is
opening an .exe from an email, I'd like to see what client you are
talking about and what environment (meaning
--On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <[EMAIL PROTECTED]>
wrote:
Firefox throws up a download dialog, asking what I should do
with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
see these great images, I need to save the file, and type "rpm -i
prettyyoungth
--On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge"
<[EMAIL PROTECTED]> wrote:
So if i put a picture of a naked girl on a website and said to see more
you must open a terminal and enter "rm -rf".
Would we consider this a trojan...or just stupidity?
I would consider it stupidity to think
On Thu, 1 Nov 2007, Adam St. Onge <[EMAIL PROTECTED]> wrote:
> So if i put a picture of a naked girl on a website and said to see more you
> must open a terminal and enter "rm -rf".
> Would we consider this a trojan...or just stupidity?
Yes, a Trojan. Yes, stupidity on the part of the designer
On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote:
> --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge"
> <[EMAIL PROTECTED]> wrote:
>
>> So if i put a picture of a naked girl on a website and said to see more
>> you must open a terminal and enter "rm -rf".
>>
>>
>> Would we cons
> --On November 1, 2007 10:14:50 PM -0400 Jay Sulzberger <[EMAIL PROTECTED]>
> wrote:
>>
>> On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote:
>>
>>> --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge"
>>> <[EMAIL PROTECTED]> wrote:
>>>
So if i put a picture of a naked girl on a we
--On November 1, 2007 10:14:50 PM -0400 Jay Sulzberger <[EMAIL PROTECTED]>
wrote:
On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote:
--On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge"
<[EMAIL PROTECTED]> wrote:
So if i put a picture of a naked girl on a website and said to see m
--On November 1, 2007 4:53:12 PM -1000 Peter Besenbruch <[EMAIL PROTECTED]>
wrote:
There is no need to do that. In both Macs and Gnome or KDE on Unix, if
you try to run rpm -i (of whatever the install paradigm is on your
flavor of OS), you'll be *prompted* for the root password, not asked to
ru
On Thursday 01 November 2007 16:13:10 Paul Schmehl wrote:
> --On November 1, 2007 3:36:00 PM -1000 Peter Besenbruch <[EMAIL PROTECTED]>
>
> wrote:
> > Firefox throws up a download dialog, asking what I should do
> > with "prettyyoungthing.rpm," while a Javascript pop-up explains that to
> > see th
On Thu, 1 Nov 2007, Thor (Hammer of God) <[EMAIL PROTECTED]> wrote:
> That's an interesting figure (86% that is). Can you give us some
> insight into what you define as "user interaction"?
>
> If it is clicking a link or reading an HTML email, then OK. If it is
> opening an .exe from an email,
With all the proliferation of phone home for update systems in
even trivial software packages these days, neophyte users
can easily get confused about legitimate upgrades and imposters.
So someone is trying to take advantage of this with an
automated version of an old school social engineering
lol pdp
On Nov 1, 2007 4:58 PM, Emmanouil Gavriil <[EMAIL PROTECTED]>
wrote:
> Cross Site Scripting at howtoforge..
>
>
> http://www.howtoforge.com/trip_search?keys=
seriously dude wtf ... have you even put any research or thought into this
topic? All you have done is paste other peoples sayings, links, and research
and spam them to mailing lists to get your name on this topic just like the
sendmail, solaris ftp, vnc, and every other bug that comes out.
Get a
On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote:
> --On November 1, 2007 10:14:50 PM -0400 Jay Sulzberger <[EMAIL PROTECTED]>
> wrote:
>>
>> On Thu, 1 Nov 2007, Paul Schmehl <[EMAIL PROTECTED]> wrote:
>>
>>> --On November 1, 2007 6:31:39 PM -0400 "Adam St. Onge"
>>> <[EMAIL PROTECT
thanks for your document design.. i would have chose a more blue font over
grey though
On Nov 1, 2007 5:34 PM, worried security <[EMAIL PROTECTED]>
wrote:
> *CYBER TERRORISM*
>
> *Talk about the current threat level.*
>
> *Discuss the internet terror threat*
>
> **
>
> *SOFTWARE FLAWS*
>
> *Post
I read a lot of babel on this subject. The point is simple...they are users as
much as PC folks. Friends, I serve both, and there is not much difference. 15
years doing the same damn job and they still can't add a printer regardless
of there OS. Move a folder and "all" programs are gone! Regardless
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I would definitely delete all the spam comments before I offered it to
the public as a security site.Seems comment spammers own the site.
Granted,it is a lot of work to delete the spam.On the other hand,I
would prefer a site that showed the ability to
Adam St. Onge wrote:
> So if i put a picture of a naked girl on a website and said to see more you
> must open a terminal and enter "rm -rf".
> Would we consider this a trojan...or just stupidity?
That would be "just stupidity", to use your terminology.
"Trojan functionality" is a feature of the
55 matches
Mail list logo
