[Full-disclosure] Announce: RFIDIOt credit card sub-module: ChAP.py

2008-02-21 Thread Adam Laurie
Folks, I have yet to integrate it into RFIDIOt itself, but I've written a test program for reading Chip And PIN credit cards using the EMV standard. This is very much a work in progress, so don't be surprised if it isn't stable, but it is showing promise! :) It currently only works with PC/SC

[Full-disclosure] Tool release: extract Windows credentials from registry hives

2008-02-21 Thread Brendan Dolan-Gavitt
CredDump is a new tool implemented entirely in Python that is capable of extracting: * LM and NT hashes (SYSKEY protected) * Cached domain passwords * LSA secrets It has no dependencies on any part of Windows, and operates directly on registry hive files. It is licensed under t

[Full-disclosure] Advisory

2008-02-21 Thread advisories
Hello Please find attached an advisory from Portcullis Computer Security Ltd. Kind Regards Advisories Portcullis Computer Security Ltd ### This email originates from the systems of Portcullis Computer Security Limited, a

[Full-disclosure] [USN-579-1] Qt vulnerability

2008-02-21 Thread Jamie Strandboge
=== Ubuntu Security Notice USN-579-1 February 20, 2008 qt4-x11 vulnerability CVE-2007-5965 === A security issue affects the following Ubuntu releases: Ubuntu 7.10 This adviso

[Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates

2008-02-21 Thread George Ou
Looks like Vocera's wireless LAN VoIP communicators don't bother to cryptographically confirm the validity of a digital certificate because it's too much "processing overhead required". This is clearly stated in the Vocera documentation. I am also waiting for verification on Cisco's wireless VoIP

[Full-disclosure] [USN-580-1] libcdio vulnerability

2008-02-21 Thread Jamie Strandboge
=== Ubuntu Security Notice USN-580-1 February 20, 2008 libcdio vulnerability CVE-2007-6613 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6

Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates

2008-02-21 Thread JxT
On 2/21/08, George Ou <[EMAIL PROTECTED]> wrote: "I am also waiting for verification on Cisco's wireless VoIP handsets. I heard that the Cisco devices have the same design flaw, but it's fairly simple to confirm if you have one of those wireless LAN VoIP handsets." So you just generalize and mak

[Full-disclosure] VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates

2008-02-21 Thread VMware Security team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - --- ~ VMware Security Advisory Advisory ID: VMSA-2008-0003 Synopsis: Moderate: Updated aacraid driver and samba ~ and python servic

[Full-disclosure] [SECURITY] [DSA 1500-1] New splitvt packages fix privilege escalation

2008-02-21 Thread Steve Kemp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1500-1 [EMAIL PROTECTED] http://www.debian.org/security/ Steve Kemp February 21, 2008

[Full-disclosure] round and round they go

2008-02-21 Thread Elazar Broad
http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] round and round they go, keys in ram are ripe for picking...

2008-02-21 Thread coderman
On Thu, Feb 21, 2008 at 12:43 PM, Elazar Broad <[EMAIL PROTECTED]> wrote: > http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html "Lest We Remember: Cold Boot Attacks on Encryption Keys" the best part is: ''' Countermeasures and their Limitations Memory imaging attacks are difficult to de

[Full-disclosure] [ GLSA 200802-09 ] ClamAV: Multiple vulnerabilities

2008-02-21 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200802-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Full-disclosure] Malicious Advertisements Serving Domains

2008-02-21 Thread Dancho Danchev
Hello, These are some of the domains behind the recent malicious advertising campaigns pushing rogue SWF ads. Besides being connected, the majority of ad campaigns point to RBN's customers' base as well. http://ddanchev.blogspot.com/2008/02/malicious-advertising-malvertising.html Here's another

Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates

2008-02-21 Thread George Ou
No, the source is VERY good. They just don't admit it openly on their website like Vocera's documentation. From: JxT [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 8:21 AM To: George Ou Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclo

[Full-disclosure] [SECURITY] [DSA 1501-1] New dspam packages fix information disclosure

2008-02-21 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1501-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst February 21, 2008

[Full-disclosure] [USN-581-1] PCRE vulnerability

2008-02-21 Thread Kees Cook
=== Ubuntu Security Notice USN-581-1 February 21, 2008 pcre3 vulnerability CVE-2008-0674 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.1