On Sat, 2007-11-10 at 22:45 +0100, LT wrote:
According to [1], Internet Service Providers must record the
following information:
1) the IP address assigned to the customer
2) a precise identification of the (dial-in) port that is used for
internet access (i.e. your phone number, customer
Kelly,
Try searching google.
Read port scanning papers and port scanners documentation.
Please.
On Nov 12, 2007 6:12 PM, Kelly Robinson [EMAIL PROTECTED] wrote:
So whats the difference between a SYN/FIN scan as opposed to a SYN/ACK scan?
Please.
High quality versions of the three Cisco IOS shellcode demonstration
videos have now been released:
http://www.irmplc.com/index.php/153-Embedded-Systems-Security
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joel R. Helgeson wrote:
If your company is a criminal enterprise, then yes. If you fund or
support terrorism, you stand a pretty good chance. If you are like the
99.999% of the companies out there that do their thing, trying to make
an honest
He states that the CSI/FBI surveys suggest that wiretapping is rare.
Should companies still be concerned with Wiretapping?
I'd argue that the vast majority of wiretapping isn't done officially
by the Government.
There's more money to be made in stealing your company secrets or
mis-using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Sebastian Ziegler wrote:
Dear Infosec community,
as most of you may have heard the German government passed a law today
that will lead to all connections being logged for 6 months. This
includes phone calls as well as all internet
There is an un-handled memory access violation in the OWC11.DataSourceControl.
As far as I know, I don't think it is possible to execute code via this, the
worst it can do is crash Internet Explorer. PoC as follows:
--
!--
written by e.b.
--
html
head
script
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1405-2[EMAIL PROTECTED]
http://www.debian.org/security/Thijs Kinkhorst
November 11th, 2007
Source:
http://int21.de/cve/CVE-2007-3694-bm.html
Cross site scripting (XSS) in broadcast machine
References
http://www.getmiro.com/create/broadcast/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3694
Description
Cross site scripting describes attacks that allow to insert malicious
This is hardly on topic and you do not have any unique credentials
to validate your claims. Please refrain from writing off topic and
baseless editorials in the future or risk moderation. Thanks.
J
On Fri, 09 Nov 2007 15:22:01 -0500 Simon Smith [EMAIL PROTECTED]
wrote:
[ This email is in
Does anyone have a copy of e-jihad15.zip? I would
like to see if there is something unique in the
generated HTTP traffic that would be signature worthy?
phunt
--- worried security [EMAIL PROTECTED]
wrote:
Cyber Jihad? Yeah, right...
Published: 2007-11-11,
Last Updated: 2007-11-11 01:58:48
On Sun, 11 Nov 2007 12:47:10 +1100, Kelly Robinson said:
He states that the CSI/FBI surveys suggest that wiretapping is rare. Should
companies still be concerned with Wiretapping?
There's no reason to fear legal wiretaps, unless you're doing something that
makes them want to get a wiretap
The problem here is they're probably speaking about domestically. Now if
you're doing business internationally with employees who travel abroad then
you're talking about something else.
Geoff
Sent from my BlackBerry wireless handheld.
-Original Message-
From: [EMAIL PROTECTED]
Date:
http://www.bleedingthreats.net/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_E-Jihad?view=markup
Steven
http://www.securityzone.org
Does anyone have a copy of e-jihad15.zip? I would
like to see if there is something unique in the
generated HTTP traffic that would be signature worthy?
--On Monday, November 12, 2007 20:34:03 +1100 Abuse 007
[EMAIL PROTECTED] wrote:
Kelly,
Try searching google.
Read port scanning papers and port scanners documentation.
Please.
That's what I love about this list. There are so many helpful, caring
people here. :-)
The OP might want to
*cough* *cough* Sprint *cough* *cough*
excuse me. I have a bad cold.
-KF
2) Abuse of the legally mandated CALEA infrastructure by a hacker.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Well it's not that I can really argue that most of the content on this
list is really in line with the list charter or the idea of full
disclosure, but asking a basic question about scanning doesn't exactly fit
either.
I'd suggest Google (as mentioned) or subscribing to a list such as
iDefense Security Advisory 11.12.07
http://labs.idefense.com/intelligence/vulnerabilities/
Nov 12, 2007
I. BACKGROUND
WinPcap is a software package that facilitates real-time link-level
network access for Windows-based operating systems. A wide range of
open-source projects, including Wireshark,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:204-1
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Nov 10, 2007, at 9:28 AM, Paul Sebastian Ziegler wrote:
The mechanism is quite easy: It searches Google for random words and
picks random pages among the results, then spiders from there (well it
is spidering except that it only follows one URL at a time within a
session thus simulating a
0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day0day
0day0day0day0day
0day0day0day0day! BROUGHT 2 U BY UlTRa HAQRS 4 AL7
!!!
0day0day0day0dayTITle!!:AURA CMS 2.1
The GetProfileString function of the SAFRCFileDlg.RASetting control contains a
buffer overflow. This control is NOT marked safe for scripting, and seems to
execute in the context of the user, so I am not sure what can be done
maliciously with this. Never the less, it is a buffer overflow. PoC
25 matches
Mail list logo