On Dec 10, 2007 5:45 AM, michele dallachiesa
<[EMAIL PROTECTED]> wrote:
> ...
> why HTTPS is not the default in this type of services?
see http://www.kb.cert.org/vuls/id/466433
the big web service providers don't care about your privacy or
security. it costs too much, and your commodity eyeballs
Andrew Farmer wrote:
> On 10 Dec 07, at 05:45, michele dallachiesa wrote:
>> why HTTPS is not the default in this type of services? this is a big
>> silent hole. maybe, today is less silent :)
>
> The short version is "because hosting things with SSL is still hard".
>
> There's a few things whi
On Dec 10, 2007 2:04 PM, gmaggro <[EMAIL PROTECTED]> wrote:
> ...
> Not everyone has access to something listening on 53 that is ready to be
> tunneled to. Nor is everyone clever enough to go about doing that sort
> of thing.
if they've got a whitelist for UDP 53 you can openvpn out nicely. i
get
On 10 Dec 07, at 05:45, michele dallachiesa wrote:
> why HTTPS is not the default in this type of services? this is a big
> silent hole. maybe, today is less silent :)
The short version is "because hosting things with SSL is still hard".
There's a few things which are significantly holding back t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:243
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:242
http://www.mandriva.com/security/
___
> Because what you espouse would result in general lawlessness, a situation
> that
> is worse for the common good than what we have now.
>
That is both an arguable and accurate description of one of my goals.
> More specifically, the impact on captive portals would be an escalating arms
> ra
> > Of course you might want to keep the legal aspects in
> > mind before doing any of that.
On Monday 10 December 2007 12:04:05 gmaggro wrote:
> Bah. Who cares about that. Our governments have proven they do not
> respect the rule of law; why should we?
Because what you espouse would result in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:241
http://www.mandriva.com/security/
___
ZDI-07-072: Novell NetMail AntiVirus Agent Multiple Heap Overflow
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-07-072.html
December 10, 2007
-- CVE ID:
CVE-2007-6302
-- Affected Vendor:
Novell
-- Affected Products:
NetMail 3.5.2
-- TippingPoint(TM) IPS Customer Protection:
T
> Even easier than running a
> special tool is to just setup SSHD or a proxy to listen on TCP 53. You
> can then tunnel out and do as you please without authenticating to the
> captive portal.
Not everyone has access to something listening on 53 that is ready to be
tunneled to. Nor is everyone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1427-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2007
===
Ubuntu Security Notice USN-550-2 December 10, 2007
libcairo regression
https://launchpad.net/bugs/NN
===
A security issue affects the following Ubuntu releases:
Ubuntu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
###
Luigi Auriemma
Application: BadBlue
http://www.badblue.com
Versions: <= 2.72b
Platforms:Windows
Bugs: A] PassThru buffer-overflow
B] upload directory
###
Luigi Auriemma
Application: DOSBox
http://dosbox.sourceforge.net
Versions: <= 0.72 and current CVS
Platforms:Windows, Linux, *BSD and Mac
Bug: access to the filesy
###
Luigi Auriemma
Application: BarracudaDrive Web Server
http://barracudaserver.com/products/BarracudaDrive/
http://barracudaserver.com/products/HomeServer/
Versions:
Source: http://www.int21.de/cve/CVE-2007-6205-s9y.html
Cross site scripting (XSS) in rss feed plugin of Serendipity 1.2
References
http://www.s9y.org/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6205
Description
The Serendipity blog system contains a plugin to display the content of f
rPath Security Advisory: 2007-0261-1
Published: 2007-12-10
Products:
rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/3.0.27a-0.1-1
[EMAIL PROTECTED]:1/3.0.27a-0.1-1
rPath Issue Tracking
==
Secunia Research 10/12/2007
- Samba "send_mailslot()" Buffer Overflow Vulnerability -
==
Table of Contents
Affected Software...
3.1
Exploit type: Remote
Risk: Moderate
Reference: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt
1. Summary
2. Detail
3. Proof of concept
4. Workaround
1. Summary
Quoting from http://wordpress.org/:
WordPress is a state-of-the-art semantic personal publishing platf
Hi,
I didn't read all of the documents in detail, but I noticed the first
bunch mentioned spoofing/changing your MAC address to that of someone that
is validated/authorized. This is of course assuming this is feasible and
someone has authenticated already. Many of the hotspots will just simply
a
There was a tool that would do exactly that, on a long-defunct TOR
hidden service, and it was mentioned in this paper for bypassing
captive portals at airports. The technique, and naturally the tool,
was applicable in most situations involving payment portals.
Unfortunately I don't remember anythi
If there were an easy to use (gold standard == nmap) and robust tool
capable of bypassing all commonly used captive portals, that would make
for a great 'mischief enabler'.
Some googled links for the lazy lurkers...
http://en.wikipedia.org/wiki/Captive_portal
http://www.eusecwest.com/esw06/esw06-b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=== WordPress Charset SQL Injection Vulnerability ===
Release date: 2007-12-10
Last modified: 2007-12-10
Source: Abel Cheung
Affected version: WordPress escape($gpc);
}
Finally, escape() method belongs to wp-includes/wp-db.php:
function escape($s
December 10th, 2007
===
Summary
===
Name: Websense XSS Vulnerability
Release Date: 10 December 2007
Reference: LSD002-2007
Discover: Dave Lewis
CVE:Pending
Vendor: Websense
Product: Websense Enterprise and Websense Web Security Suite
Systems Affected: version 6.3 (as tested)
Risk: Less C
hi,
I would like to announce you the first public release of The Cookie
Tools project!
included tools:
** cookiesniffer **
cookiesniffer is a simple and powerful cookie sniffer that recognizes
(through heuristics) and reconstructs (through libnids) new and
existing HTTP connections, parsing any v
27 matches
Mail list logo
