COULD, this article makes no specific claims. the chinese government COULD
have a audio recording device hidden inside your asshole at this very moment.
On Thu, Mar 06, 2008 at 10:09:53AM +1100, Ivan . wrote:
http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:cups
Announcement ID:SUSE-SA:2008:012
Date:
so what? It doesn't have to make specific ascertains. The fact of the
matter is that government sponsored corporate/industrial espionage
happens all the time.
Echelon spy network revealed
http://news.bbc.co.uk/1/hi/world/503224.stm
Echelon: Government spying breeds business distrust
KJK::Hyperion ha scritto:
Previous scanning worms, such as Code Red, spread via many threads,
each invoking connect() to probe random addresses.
what the hell is this? visiting the iniquity of the applications upon
the protocols? Winsock is probably the only API that lets you connect()
The assertions in the article and some of the comments in this thread sure
look racist and xenophobic to me. Why is it more risky that a product is
produced in China than if its made in Seattle, WA; Arlington, VA; Mexico
City; London; or Berlin? The Chinese may have the skill and motivation to do
Isn't it true that a TCP packet is typically 20 bytes, and a UDP packet
about 8? This is minus any additional data that has been added to the
packet. If this is true, then depending on the size of the pipe your sending
the data through, and the amount of congestion there might be, a UDP packet
Final message about the upcoming Con in the Raleigh/Durham/Chapel Hill
area of NC. Full talk abstracts and speaker bios are now online:
http://www.carolinacon.org/lineup.html
Other side event details are forthcoming. Countdown = three weeks.
Peace,
Vic
With the recent IFRAME injection attack targeting ZDNet Asia, by
abusing the site's search engine caching capabilities in a combination
with the lack of input sanitization, several more CNET Networks' web
properties besides ZDNet Asia, namely, TV.com, News.com and
MySimon.com are currently getting
Roger, you should note that Adam's Hit by a Bus paper includes
information about how Linux users can load their OS' Firewire driver in
a way that should disallow physical memory DMA access, and close this
attack vector.
What are the implications for firewire device compatibility of doing
this?
###
Luigi Auriemma
Application: MicroWorld eScan Server (aka eScan Management Console)
http://www.mwti.net
Versions: = 9.0.742.98
Platforms:Windows
Bug: directory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1513-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
March 06, 2008
On Thu, 06 Mar 2008 09:13:05 EST, Static Rez said:
Isn't it true that a TCP packet is typically 20 bytes, and a UDP packet
about 8? This is minus any additional data that has been added to the
packet. If this is true, then depending on the size of the pipe your sending
the data through, and
...Windows would not do this. It would only open up access to devices
that it thought needed DMA. This is why Metlstorm had to make his Linux
machine behave like an iPod to fool Windows into spreading it's legs.
So the iPod software opens up the whole address space? I don't get it.
No, the
Gee Echelon is that not OLD news like news that is over 10 years old???
I remember hearing about echelon at the very least 10-11 years ago.
--
Leif Ericksen
On Thu, 2008-03-06 at 20:46 +1100, Ivan . wrote:
so what? It doesn't have to make specific ascertains. The fact of the
matter is that
An anonymous list lurker asked me off-list to answer this question for
public gratification:
Can this feature be leveraged without drivers on the target system?
IOW, if one just unloads (or doesn't load) the firewire driver, is it
still exploitable?
No, I don't believe so. At least on Linux,
No, the iPod device signature makes Windows drivers think it should
allow DMA access for that device because it detect it as a disk device.
Other disk device signatures would likely work the same way, that's
just the one he happened to emulate.
Is it not possible for Windows (or any OS) to open
Is it not possible for Windows (or any OS) to open up DMA for a device
only to a certain range?
If not, what options are available?
I have various forms of RSI and don't feel like typing it again:
On Thu, Mar 06, 2008 at 12:00:09PM -0800, Tim wrote:
[...]
Of course this is not an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:061
http://www.mandriva.com/security/
-Original Message-
From: Larry Seltzer [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 06, 2008 9:51 AM
To: Peter Watkins; Roger A. Grimes
Cc: Bernhard Mueller; Full Disclosure; Bugtraq
Subject: RE: Firewire Attack on Windows Vista
Roger, you should note that Adam's Hit by a Bus
===
Ubuntu Security Notice USN-582-2 March 06, 2008
mozilla-thunderbird
https://launchpad.net/bugs/197504
===
A security issue affects the following Ubuntu releases:
Hi Glenn,
It should be realized though that fixing this is not necessarily a simple
thing, nor are architectural considerations missing.
I most probably understated the difficulty of implementing a safe
ieee1394 DMA driver earlier. However, it's one of those things where
the drivers ought to
Certainly in VMS there is DMA opened up, but only to buffers that are known
and checked to be legal for such. This is a source of considerable complexity
in the drivers, and depending on hardware architecture (number of control
registers
available, for example, to control DMA channels) limits
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:062
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:063
http://www.mandriva.com/security/
24 matches
Mail list logo