Summary
Mozilla Firefox allows spoofing the information presented in the basic
authentication dialog box. This can allow an attacker to conduct phishing
attacks, by tricking the user to believe that the authentication dialog box
is from a trusted website.
Affected versions
Mozilla Firefox v2.0.0.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
An your earth-shattering views are *SO* important,you must make sure
everyone hears you.I think you just like to see your own posts.
I'm filtering your posts from now on as they are nothing but from a
wanna-be trying to play kids games in a mans world
W O R M SA G A I N S TN U C L E A RK I L L E R S
___
\__ _ __ _/
\ \ \/\/ // /\ \ | \ \ | || | / //
So you included me in here because my name has something to do with farm
equipment? Did your message have a point?
You wrote a bunch of nonsense flattering your favorite security stars and
then attempted to flame us with one liners that did not make sense.. It
seems you are caught in between the s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:1
http://www.mandriva.com/security/
___
On Jan 2, 2008 11:32 AM, <[EMAIL PROTECTED]> wrote:
> On Wed, 02 Jan 2008 14:13:48 EST, "Randal T. Rioux" said:
>
> > OpenVMS is less than 40% Blissful...
>
> Obviously, it's migrated over the years. Back in the late 80's when it
> was at its most prevalent (and before it got 'Open' attached to i
I'd add to this that anyone who buys security consulting/pen test services
et al solely on the basis of web site content is unlikely to get any
worthwhile outcomes for their specific needs.
No effective manager in any company/government I've seen is going to refer
to a web site alone, or to bothe
Hi.
Recently, there has been news regarding Flash authoring tools and XSS,
but the articles contained little technical information. So, I created
a detailed report at:
http://docs.google.com/Doc?docid=ajfxntc4dmsq_14dt57ssdw
An abbreviated version intended for full-disclosure, bugtraq, and
webse
Critical Vulnerability in [Full-Disclosure]
The problem with full disclosure is that everyone feels the need to
fully disclose, even when their opinion and the information they
are purporting to impart is, well, bollocks. You can't tell them to
shut up as they think they're important and the in
The January Chicago 2600/DefCon 312 Meeting is near! The meeting
will be Friday,
January 4th at the Neighborhood Boys and Girls Club and will feature
much of the same usual fun that all of you have grown to expect!
REQUIREMENTS:
* Laptop (Mac/Linux/Windows) capable of running VMWare
OR
* Laptop w
Asterisk Project Security Advisory - AST-2008-001
++
| Product | Asterisk |
|-+---
On Wed, 02 Jan 2008 13:48:13 CST, you said:
> its funny how you always talk about other people ( like a few days ago when
> you were amazed that people exploited an off by one ),
Actually, I was merely pointing out to a reader of the list that if you *can*
get x'41414141' into the appropriate reg
On Dec 24, 2007 4:59 AM, damncon <[EMAIL PROTECTED]> wrote:
> I'm still wondering which are n3td3v main skills, and I am not
> joking, I have only seen him posting links to goverment news, security
> news, etc.
>
> What does really happens in n3td3v user group or whatever is it called.
We talk ab
Is anyone out there using these reviews? It's just amazing that we are
still going through this. SecReview is busting Adam for not credentializing
himself, but I see nothing of how they have credentialized what they are
doing. It's absurd.
On 1/2/08, Tremaine Lea <[EMAIL PROTECTED]> wrote:
>
>
Regardless of whether your intentions are good or not in performing
these reviews, one thing is crystal clear. In order to perform these
reviews and have them accepted by those who would actually read and
depend on them to a degree, you need to have established yourself as a
credible source and ha
###
Luigi Auriemma
Application: Georgia SoftWorks SSH2 Server (GSW_SSHD)
http://www.georgiasoftworks.com/prod_ssh2/ssh2_server.htm
Versions: <= 7.01.0003
Platforms:Windows
Bugs
###
Luigi Auriemma
Application: White_Dune
http://vrml.cip.ica.uni-stuttgart.de/dune/
Versions: <= 0.29beta791
Platforms:Unix/Linux/MacOSX and Windows
Bugs: A] buffer-o
its funny how you always talk about other people ( like a few days ago when
you were amazed that people exploited an off by one ), and talk about "the
old times"... sure signs of someone washed up as evident by your
non-productiveness in the last few years ( and no - spamming mailing lists
does not
if you noticed he was reading tanebaum's book about minix. If you would look
at the book you would see he relies heavily on source code and actually has
the code in the back of the book so that he can refer to it constantly. In
other books i agree you do not have to know C, but for this book, if yo
On Wed, 02 Jan 2008 14:13:48 EST, "Randal T. Rioux" said:
> OpenVMS is less than 40% Blissful...
Obviously, it's migrated over the years. Back in the late 80's when it
was at its most prevalent (and before it got 'Open' attached to it - we're
talking Big Grey Wall and Big Orange Wall era here),
everyone who is not a kiddie knows rsnake is a joke, just like anyone else
involved in his *.ackers group. If rsnake was to post to places like this
instead of lamer 'hacker'/'security' magazines then he would be ridiculed
off the list like pdp architect was. Instead I believe rsnake knows hes a
Anonymous reviews by people who have not used the services of the company
they are reviewing aren't worth the virtual paper they are written on. (even
the name on the site indicates the goal of companies 'exposed' not
'reviewed'.) I am no security expert and would depend on using an external
compan
>[EMAIL PROTECTED] said:
>Bonus points for knowing that VMS was mostly written in Bliss/32 or some
>such, and VM and MVS were a mixture of assembler and (later on) PL/S.
>No C knowledge needed for those critters...
OpenVMS is less than 40% Blissful... though I'm not familiar with the original
On Tue, 01 Jan 2008 12:33:36 CST, reepex said:
> Is this list up to date? It makes it seem as if you are learning basic
> linux commands, sed, and basic perl. Also why are you reading operating
> system design and implementation when you do not know C?
C is not a prerequisite for understanding o
Hi Adam,
We've said this before and will say this again, this time to
everyone.
We would be more than happy to give your company (QuietMove) a
"better" review if you'd enable us to do that. So far you haven't
helped us to effectively review you at all. We tried to call you
before our ini
With all due respect Adam,
You would not have responded to these posts at all if you thought these
reviews were worthless.
On 1/2/08, Adam Muntner <[EMAIL PROTECTED]> wrote:
>
> It was a reply to the larry suto review of web app scanners rsnake
> posted. I commented on his blog post. The review
It was a reply to the larry suto review of web app scanners rsnake
posted. I commented on his blog post. The review was totally worthless.
Adam Muntner
Managing Partner
QuietMove, Inc.
Phone: 602-793-5969
Fax: 866-272-8194
http://www.quietmove.com
Sent from my iPhone
On Jan 2, 2008, at 10:08
Adam
I don't recall Rsnake or id posting a review on secreview. Is there a link
you could share ?
tia
/pd
On Jan 2, 2008 9:45 AM, Adam Muntner < [EMAIL PROTECTED]> wrote:
>
>
> Dre thx for pointing out the ha.ckers.org posts. More evidence of
> secreview selective quotation and/or ability to 'r
Just to be clear the corrections to secreview reepex and Andre were
intermingled.
The ones I mentioned were the ones secreview and reepex, the anonymous
cowards too embarrassed by their own ignorant commentary to stand
behind them, called out.
Dre thx for pointing out the ha.ckers.org pos
Andre is a friend but not an employee or representative of the
business- HOWEVER - There were a number of innacuracies in his
statements about me. A selection of corrections to statements are below.
- I never ran UPT
- all the speculation about our methodology and pricing was wrong.
- the qua
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks Andrew! Nice catch! ;-)
Cheers,
- -Nikolay
Andrew Farmer wrote:
> On 20 Dec 07, at 18:51, onion ring wrote:
>
>> char sc[] =
>> "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
>> "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\
On Jan 2, 2008 12:17 AM, secreview <[EMAIL PROTECTED]> wrote:
> Regardless, Adam did react to our website comments, and his reaction was as
> follows, verbatim:
Secreview is clearly anything less than professional. I would say this
is a repeat of "InfoSecSellout" if not the exact same people.
> I
On Jan 1, 2008 9:51 PM, reepex <[EMAIL PROTECTED]> wrote:
> ok so they are nothing alike because ptp/hts actually teach you stuff while
> "UPT" was for jokes... so your post was stupid
The joke's on you since you don't have the context.
> I am not a part of secreview but I realize following email
33 matches
Mail list logo