Re: [Full-disclosure] Worldnic DNS servers poisoned?

* James Lay: > ? > > [15:53:58 [EMAIL PROTECTED]:~$] dig @205.178.190.13 www.google.com > > ; <<>> DiG 9.3.4-P1 <<>> @205.178.190.13 www.google.com > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32455 > ;; flags: qr aa rd;

[Full-disclosure] [SECURITY] [DSA 1487-1] New libexif packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1487-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff February 08, 2008

[Full-disclosure] ASUS Eee PC rooted out of the box

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We recently acquired an ASUS Eee PC (if you want to know more about it, a lot of reviews are available on internet). The first thing we did when we put our hands at the ASUS Eee PC was to test its security. The ASUS Eee PC comes with a customized versi

[Full-disclosure] Serendipity Freetag-plugin XSS vulnerability

* Advisory: Serendipity Freetag-plugin XSS vulnerability * Application: Serendipity Freetag-plugin =< 2.95 * Category: Web application * Class: Cross Site Scripting (XSS) * Release date: 08. February 2008 * Last updated: 08. February 2008 * Remote: Yes * Local: No * CVE: Not yet assigned * Credits

Re: [Full-disclosure] cyber armageddon due feb 10

On Feb 8, 2008 8:37 PM, <[EMAIL PROTECTED]> wrote: > I must have missed an earlier post. do you have any details at all? > > Thanks in advance, > Keith ok, sorry folks i didn't realise not everyone knows whats going on. http://www.nbc11.com/news/15217323/detail.html http://www.smh.com.au/artic

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

the default OS 1gb ram limit is very lame, and has made everyone I know install another OS On Feb 8, 2008 2:21 PM, <[EMAIL PROTECTED]> wrote: > Hi, > > It is a remote root exploit on a very popular piece of hardware, you > don't > > think that is a big deal? > > from what I've read, most people a

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

Dear Stack, On Fri, 08 Feb 2008 15:07:57 -0500 Stack Smasher <[EMAIL PROTECTED]> wrote: >It is a remote root exploit on a very popular piece of hardware, No it isn't. -- Low cost Handyman Franchise. Click Now! http://tagline.hushmail.com/fc/Ioyw6h4fMyg2SayBk9ES2jXyMNcunieNp1EpiVTcVKq4oam2lG41

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

http://en.wikipedia.org/wiki/ASUS_Eee_PC ASUS sold over 300,000 units in 2007,[4]and plans to sell several million in 2008 They are selling 100K every 25 days. On Feb 8, 2008 3:21 PM, <[EMAIL PROTECTED]> wrote: > Hi, > > It is a remote root

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

So you ran metasploit and then made a blog post. Is this what 'security research' is considered now? And why did you write this is such a media hyped way? Trying to get some spotlight? On Feb 8, 2008 10:47 AM, RISE Security <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: S

[Full-disclosure] cyber armageddon due feb 10

dear the security community, i would like an insight from "anonymous" about whats going to happen on the feb 10 so the authorities can prepare. if there are any school kids around who can inform us on what you are planning... and the size of your bot net, do get in touch with the netdev global ha

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

It is a remote root exploit on a very popular piece of hardware, you don't think that is a big deal? Who the fuck rattled your cage anyway? What did you ever contribute for us to all bow down to receive your piss stream? On Feb 8, 2008 2:38 PM, reepex <[EMAIL PROTECTED]> wrote: > So you ran

[Full-disclosure] NULL byte writing in Emerald, RadiusNT/X and Air Marshal

### Luigi Auriemma Application: Configuration web server integrated in Emerald, RadiusNT/X and Air Marshal http://www.iea-software.com Versions: Emerald <= 5.0.49

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

On Fri, 08 Feb 2008 15:27:45 EST, [EMAIL PROTECTED] said: > Security research should go as follows, run some type of scanner to find > known issues (low hanging fruit). Use your skill to manually try to find > threats then manually create an exploit then report the issue after verified. About what

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

Security research should go as follows, run some type of scanner to find known issues (low hanging fruit). Use your skill to manually try to find threats then manually create an exploit then report the issue after verified. -Original Message- From: reepex <[EMAIL PROTECTED]> Sent: Frid

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

yes and no where in here includes 'make some media hyped report & blog crap for 5 minutes of fame' On Feb 8, 2008 2:27 PM, <[EMAIL PROTECTED]> wrote: > Security research should go as follows, run some type of scanner to find > known issues (low hanging fruit). Use your skill to manually try to fi

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

You remind me of fortune. Say something else crafty? Please? :) reepex wrote: > hey simon, > > Are you still looking to replace your security team because of their > inadequacies? You seemed pretty desperate for skilled workers last time > we talked. > > On Feb 8, 2008 3:28 PM, Simon Smith <[

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

If you want to degenerate this discussion into name calling, by all means, have fun with that. You're doing an exceptional job of being useless today. Keep up the great work! This list, and the security community, and in fact the entire galaxy as a whole is a better place because of your efforts.

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Yes, we ran The Metasploit Framework Yes, we developed that exploit Yes, we are active contributors of The Metasploit Framework Yes, it is security research to warn end users of potential security risks Best regards, RISE Security reepex wrote:

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

On Feb 8, 2008 3:15 PM, Erik Harrison <[EMAIL PROTECTED]> wrote: > I appreciate knowing that I can visit my friends homes and root their > boxes while they order pizza > wirelessly on their couch. > So you can 'root' your friends with a public vulnerability and exploit you didn't write? Isn't thi

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

Hi, > It is a remote root exploit on a very popular piece of hardware, you don't > think that is a big deal? from what I've read, most people are sticking WinXP or Ubuntu onto these EEPCs as soon as they get them alan ___ Full-Disclosure - We believe i

[Full-disclosure] rPSA-2008-0048-1 kernel

rPath Security Advisory: 2008-0048-1 Published: 2008-02-08 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Local User Deterministic Privilege Escalation Updated Versions: [EMAIL PROTECTED]:1-vmware/2.6.22.17-0.1-1 [EMAIL PROTECTED]:1/2.6.22.17-0.1-1 rPath Iss

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

Who cares? Of all the information posted on this list each and every day, you choose this to whine about? Is there no value in knowing that this particular system has a remote-root exploit out of the box? I find this information more valuable than the thousands of SQL injection advisories for tin

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

hey simon, Are you still looking to replace your security team because of their inadequacies? You seemed pretty desperate for skilled workers last time we talked. On Feb 8, 2008 3:28 PM, Simon Smith <[EMAIL PROTECTED]> wrote: > You would know. ;] > > reepex wrote: > > On Feb 8, 2008 3:15 PM, Eri

Re: [Full-disclosure] cyber armageddon due feb 10

Aren't you the same asshat who said they're running scared? http://seclists.org/fulldisclosure/2008/Jan/0548.html Who is running scared now? dear the security community, i would like an insight from "anonymous" about whats going to happen on the feb 10 so the authorities can prepare. if th

Re: [Full-disclosure] ASUS Eee PC rooted out of the box

You would know. ;] reepex wrote: > On Feb 8, 2008 3:15 PM, Erik Harrison <[EMAIL PROTECTED] > > wrote: > > I appreciate knowing that I can visit my friends homes and root > their boxes while they order pizza > wirelessly on their couch. > > > So you can 'r

[Full-disclosure] [ NNSquad ] Verizon's access via their provided Actiontec MoCa router (fwd)

-- Forwarded message -- Date: Fri, 08 Feb 2008 16:04:00 -0500 From: Andrew C Burnette <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Subject: [ NNSquad ] Verizon's access via their provided Actiontec MoCa router Hey folks, In discussion with Lauren (

[Full-disclosure] Break Captcha to send sms at Movistar Colombia, Movistar Ecuador and Comcel Colombia

The captcha of the Movistar Colombia cellphone company web page[1] is too simple I get in contact with them but don't fix it so I made a poc to break it[2] Movistar ecuador[3] has the same problem but it's "captcha" don't even use an image but 4 numbers in plain text. Comcel of Colombia don't eve

Re: [Full-disclosure] [ NNSquad ] Verizon's access via their provided Actiontec MoCa router (fwd)

On Feb 8, 2008 4:02 PM, Jay Sulzberger <[EMAIL PROTECTED]> wrote: > ... I recalled the following info that might > be of interest to any FIOS users who actually want their home network to be > a > bit more secure. "more secure", ever port scan that actiontec PoS??? [it is worthy of a doorstop

[Full-disclosure] Some Hashes

OpenBSD 4.1 sshd remote root exploit (on the default install!): SHA1(screwtheo.tar)=ad1bc1f05afa2cc3ccadb18fabb985394c02ce8d MD5(screwtheo.tar)= cee67df76eaa0706e666cd5c0b8b711c OpenSSH exploit for linux SHA1(screwtheo_linux.tar)=cb6816de43df87193050a497a83cd8f7ab721fbd MD5(screwtheo_linux.tar)=8

Re: [Full-disclosure] Some Hashes

This list is called "full-disclosure", not "hash-disclosure" posting the hashes is *not* full-disclosure. http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/57864?#57864 On Fri, 2008-02-08 at 18:39 -0700, Open Phugu wrote: > OpenBSD 4.1 sshd remote root exploit (on the default inst

Re: [Full-disclosure] Some Hashes

Dear Openphugu, LOLOLOL. This list is called "full disclosure" not "whine like a fucking dumb faggot about hashes". Go fuck yourself. J "LOL" - Adolf Hitler On Fri, 08 Feb 2008 21:13:12 -0500 Maxim <[EMAIL PROTECTED]> wrote: >This list is called "full-disclosure", not "hash-disclosure" >posti

[Full-disclosure] iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability

iDefense Security Advisory 02.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2008 I. BACKGROUND Adobe Reader is a program for viewing Portable Document Format (PDF) documents. Acrobat is the program used to create such documents. More information is available at the followin

[Full-disclosure] iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability

iDefense Security Advisory 02.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2008 I. BACKGROUND Adobe Reader is a program for viewing Portable Document Format (PDF) documents. More information is available at the following URLs. http://www.adobe.com/products/reader/ II. DE

Re: [Full-disclosure] Some Hashes

Joey Mengele wrote: Dear Openphugu, LOLOLOL. This list is called "full disclosure" not "whine like a fucking dumb faggot about hashes". Go fuck yourself. J "LOL" - Adolf Hitler On Fri, 08 Feb 2008 21:13:12 -0500 Maxim <[EMAIL PROTECTED]> wrote: This list is called "full-disclosure", not

[Full-disclosure] [SECURITY] [DSA 1488-1] New phpbb2 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1488-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst February 09, 2008

[Full-disclosure] rPSA-2008-0051-1 firefox

rPath Security Advisory: 2008-0051-1 Published: 2008-02-08 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: [EMAIL PROTECTED]:1/2.0.0.12-0.1-1 rPath Issue Tracking System: https://issues.rpath.co