> On Wed, Mar 19, 2008 at 5:49 AM, mcwidget <[EMAIL PROTECTED]> wrote:
> >...
> > Aint that the whole problem with Storm tho? The lack of CC boxes? Without
> > that target, how do you effectively shutdown something like this?
On Wed, Mar 19, 2008 at 12:37 PM, coderman <[EMAIL PROTECTED]> wrot
Hi,
Recently I have seen a lots of connections to 64.40.117.19 port 80 in
one of our clients network.
Connections are coming from all over the Internet (various different
IPs) specifically to this IP.
Due to this problem (I guess it is DDoS) one of our router's CPU usage
grew up to 100% and sto
[introduction]
v3nt3d is deeply sad at the new trend of morally accepted blackmail by
researchers, known better as a web application security awareness day.
sincere researchers are coming forward more frequently to threaten companies
with a web application security awareness day.
because they are
Google job vented I wonder if netdev feels the same way :)-
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: "Ven Ted" <[EMAIL PROTECTED]>
Date: Fri, 18 Apr 2008 10:24:12
To:full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Web Application Security Awarene
Ganbold,
This sounds like a textbook case of Cross Site Scripting (XSS).
Consider filtering user output more carefully.
J
On Fri, 18 Apr 2008 03:54:24 -0400 Ganbold <[EMAIL PROTECTED]>
wrote:
>Hi,
>
>Recently I have seen a lots of connections to 64.40.117.19 port 80
>in
>one of our clients n
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200804-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
On Thu, 17 Apr 2008 23:17:14 CDT, reepex said:
> I find it funny you are the one to complain about too many advisories when
> you spam the list with sprintf and strcpy bugs you grepped for in random
> applications everyday
>
> On Tue, Apr 15, 2008 at 9:20 AM, Luigi Auriemma <[EMAIL PROTECTED]> wro
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200804-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
> Recently I have seen a lots of connections to 64.40.117.19 port 80 in
> one of our clients network.
>
could be a lot of things .. do you have tcpdump? .. a packet trace would
make your attempt at collective troubleshooting a *lot* easier .. but
DDOS is an easy "malicious" guess. Non-malic
Joey,
a text book case? Prehaps im missing something, but see nothing in
Genbolds email which makes me consider XSS. XSS is often a small amount of
traffic, with HTML and javascript in post request content or get request
query strings.
Ganbold,
In my opinion, it's more likely it's one of the fol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Advisory
IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures
April 17th 2008
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server.
Remotely exploitable:
Yes (Authentication to Data
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Advisory
IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure
April 17th 2008
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server.
Remotely exploitable:
Yes (Authentication to Database Serv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Team SHATTER Security Advisory
Multiple DoS in JAR files manipulation procedures
April 17th 2008
Risk Level:
High
Affected versions:
All versions of IBM DB2 Database Server on Windows platform.
Remote exploitable:
Yes (Authentication to Database S
News,
I believe you are missing something. XSS is merely a type of
vulnerability. It is very common for an XSS payload to include a
DDoS component. If you had done your research before retorting you
would have known this.
J
On Fri, 18 Apr 2008 10:25:38 -0400 [EMAIL PROTECTED] wrote:
>Joey,
>
J,
Eh? The closest thing I can think of to what you're saying is if the cause
of a DDOS was stored XSS on a popular site(s) being used get users
browsers to request information from 64.40.117.19. The XSS would be done
else where, and the DDOS attack itself would contain no 'payload'.
In which cas
On Fri, 18 Apr 2008 11:01:26 EDT, Joey Mengele said:
> I believe you are missing something. XSS is merely a type of
> vulnerability. It is very common for an XSS payload to include a
> DDoS component. If you had done your research before retorting you
> would have known this.
Yes, but although
Folks,
I'm pleased to announce an update to RFIDIOt, the open source RFID
exploration python library and toolkit...
Not much has changed, but the big news with this release is that by
popular demand, there is now a separate Windows distribution (thanks to
Zac Franken for pointers/testing). The
News,
On Fri, 18 Apr 2008 11:11:53 -0400 [EMAIL PROTECTED] wrote:
>Eh? The closest thing I can think of to what you're saying is if
>the cause
>of a DDOS was stored XSS on a popular site(s) being used get users
>browsers to request information from 64.40.117.19. The XSS would
>be done
>else wher
Valdis,
On Fri, 18 Apr 2008 11:11:41 -0400 [EMAIL PROTECTED] wrote:
>Yes, but although we have evidence that a DDoS of some sort is
>underway,
>we have *ZERO*, *ZIP*, *ZILTCH*, *GOOSE-EGG* indication that an
>XSS was
>involved. For all you know, it was an iframe injection into
>clients that
>
> Where is the proof of this iframe injection that you claim? I doubt
> such a technique even exists.
Sorry to answer for Valdis, but here...
https://dmcdonald.net/iframe.html if I were a *VERY* popular site, that
would ddos google. Although including somekind of search request would
make it a l
On Fri, 18 Apr 2008 11:30:19 -0400 [EMAIL PROTECTED] wrote:
>
>Sorry to answer for Valdis, but here...
>
>https://dmcdonald.net/iframe.html if I were a *VERY* popular site,
>that
>would ddos google. Although including somekind of search request
>would
>make it a little better, and realisticly i
lol. Are you related to n3td3v?
>
>
> On Fri, 18 Apr 2008 11:30:19 -0400 [EMAIL PROTECTED] wrote:
>>
>>Sorry to answer for Valdis, but here...
>>
>>https://dmcdonald.net/iframe.html if I were a *VERY* popular site,
>>that
>>would ddos google. Although including somekind of search request
>>would
>
Connections are coming from all over the Internet (various
different IPs) specifically to this IP.
This sounds like a textbook case of Cross Site Scripting (XSS).
[see attachment]
<>___
Full-Disclosure - We believe in it.
Charter: http://lists.grok
Nice try, you won't find me clicking JPEGs on a computer security
mailing list LOLOL.
J
On Fri, 18 Apr 2008 11:40:00 -0400 php0t <[EMAIL PROTECTED]> wrote:
>>>Connections are coming from all over the Internet (various
>>>different IPs) specifically to this IP.
>
>> This sounds like a textbook c
http://en.wikipedia.org/wiki/Ad_hominem
Unless you have some evidence such as the evidence Dr. Neal Krawetz
was able to provide re: GOBBLES and n3td3v, this claim is
irresponsible and I urge the other members of the list to ignore it.
J
On Fri, 18 Apr 2008 11:38:44 -0400 [EMAIL PROTECTED] wrot
I didn't see any claims being made, just a question, albeit maybe
rhetorical.
Either way, who gives a shit. Back to the OP-
*Recently I have seen a lots of connections to 64.40.117.19 port 80 in
one of our clients network.
Connections are coming from all over the Internet (various different
IPs)
>
> I would assume the first sentence means you are seeing outgoing
> connections, from your client's site, destined for the IP/port above. So
> then, the second sentence makes even less sense, connections coming into
> your network from all over the Internet, but 'specifically to this IP'?
>
Dear Midget,
On Fri, 18 Apr 2008 13:20:18 -0400 mcwidget <[EMAIL PROTECTED]>
wrote:
>I think what he's saying is that the IP address listed belongs to
>one of his
>clients and they are receiving connections to port 80 on that IP
>from all
>over the internet; and asking why this would be happen
http://spywaredetector.net/spyware_encyclopedia/Trojan.Graball.htm
"the following internet connection was established:
64.40.117.19:80(hostwaydcs.com)"
Ganbold wrote:
> Hi,
>
> Recently I have seen a lots of connections to 64.40.117.19 port 80 in
> one of our clients network.
> Connections a
A security issue in Filezilla 3.0.9.2 (and previous versions) allows
local users to retrieve all saved passwords because they're stored in
a plain text sitemanager.xml
ftpspace.domain.com
21
0
0
1
[EMAIL PROTEC
I have noticed a similar, yet much more severe flaw in Filezilla.
When logging in to a remote server, Filezilla will send the
password in clear text without encrypting it. This means every
machine on the internet that it routes through can intercept it.
Same flaw, much more serious consequences
FTP PASSWORDS ARE STORED IN PLAINTEXT?!?!?!?!
HOLY FUCK
On Fri, Apr 18, 2008 at 2:09 PM, carl hardwick <[EMAIL PROTECTED]>
wrote:
> A security issue in Filezilla 3.0.9.2 (and previous versions) allows
> local users to retrieve all saved passwords because they're stored in
> a plain text sitemana
On Thu, Apr 17, 2008 at 7:09 PM, mcwidget <[EMAIL PROTECTED]> wrote:
> I don't want to rain on your parade as you actually seem to be trying to do
> something positive here.
"Get involved in this new and innovative day brought to you by n3td3v.
All submissions must be legal and above board, I do
That issue is inherent in the FTP protocol, not FileZilla.
Resolution: set up FTP server to use either SFTP or FTPS.
- G
- Original Message -
From: "Joey Mengele" <[EMAIL PROTECTED]>
To: ; <[EMAIL PROTECTED]>
Sent: Friday, April 18, 2008 3:21 PM
Subject: Re: [Full-disclosure] Security
I disagree, read the RFC. There are plenty of more secure FTP
clients such as the OpenSSH.com groups proactive secure Secure FTP
(sftp) implementation of FTP.
J
On Fri, 18 Apr 2008 15:36:34 -0400 "Garrett M. Groff"
<[EMAIL PROTECTED]> wrote:
>That issue is inherent in the FTP protocol, not Fil
Per the FileZilla feature page
(http://filezilla-project.org/client_features.php):
"Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol
(SFTP)"
Did you try selecting the option to use FTPS in FileZilla?
Using the plain vanilla FTP protocol in any other FTP client will yield the
Dear Groff,
On Fri, 18 Apr 2008 16:04:29 -0400 "Garrett M. Groff"
<[EMAIL PROTECTED]> wrote:
>Per the FileZilla feature page
>(http://filezilla-project.org/client_features.php):
>"Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer
>Protocol
>(SFTP)"
>
>Did you try selecting the optio
On Fri, 18 Apr 2008 15:42:44 EDT, Joey Mengele said:
> I disagree, read the RFC. There are plenty of more secure FTP
> clients such as the OpenSSH.com groups proactive secure Secure FTP
> (sftp) implementation of FTP.
Right, except that SFTP isn't the RFC959 protocol that lives on ports 20/21,
i
Valids,
On Fri, 18 Apr 2008 16:10:41 -0400 [EMAIL PROTECTED] wrote:
>On Fri, 18 Apr 2008 15:42:44 EDT, Joey Mengele said:
>> I disagree, read the RFC. There are plenty of more secure FTP
>> clients such as the OpenSSH.com groups proactive secure Secure
>FTP
>> (sftp) implementation of FTP.
>
>R
On Fri, 18 Apr 2008 16:16:59 EDT, Joey Mengele said:
> Then how do you explain the security offered by section 3.4.3 of
> RFC959? Or did you just skip over that...
3.4.3. COMPRESSED MODE
There are three kinds of information to be sent: regular data,
sent in a byte str
Valdis,
On Fri, 18 Apr 2008 16:24:13 -0400 [EMAIL PROTECTED] wrote:
> 3.4.3. COMPRESSED MODE
>
> There are three kinds of information to be sent: regular
>data,
> sent in a byte string; compressed data, consisting of
> replications or filler; and control informatio
>
> This certainly would clear things up, but how do you propose that
> can be done?
>
If the IP is a client's then it really shouldn't be that difficult. Unless
you're asking how to actually perform this on a system you have access to?
>From Guido's post though it looks like this may be the wro
Joey, are you certain that you're looking at RFC 959? There is no 4.3.3
section in RFC 959.
- G
- Original Message -
From: "Joey Mengele" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc:
Sent: Friday, April 18, 2008 4:26 PM
Subject: Re: [Full-disclosure] Security i
Google Web History is vulnerable to a CSRF-like attack that allows an
attacker to inject some entries into the user's search history. If you
are logged in to your Google account and have Web History enabled,
clicking on a malicious link will result in a Google search being
logged to your search his
On Fri, Apr 18, 2008 at 8:32 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> On Thu, Apr 17, 2008 at 7:09 PM, mcwidget <[EMAIL PROTECTED]> wrote:
> > I don't want to rain on your parade as you actually seem to be trying to do
> > something positive here.
>
> "Get involved in this new and innovative day bro
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200804-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200804-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
http://xchat.org/cgi-bin/checkupdate.pl?version=2.8.8%22%3E%3Cframe%20src=%22http://youtube.com/watch?v=oHg5SJYRHA0
--
Love,
Steve Cooperman
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
48 matches
Mail list logo
