Ah, maybe if you dropped the whole This email ... blah blah blah ... The
views expressed in this email are not necessarily the views of the
originating business. your mail may seem a whole lot more reliable?
Just a thought.
On 21/04/2008, Andrew Dowden [EMAIL PROTECTED] wrote:
Who do you
Andrew Dowden wrote:
Who do you contact to tell Hotmail that your CRM output is not SPAM?
The Pope?
As the probability that your CRM output is or is not spam is something
we cannot know, how the fark do you think we can sensibly answer your
question?
Oh -- and in general, NOT having Hotmail
On 20 Apr 08, at 11:06, Jean Duboscs wrote:
I am belgium.
And I am Spartacus?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Employment Opportunities for Java/.NET Programmers and pen-testers
The Internal Revenue Service IT Security Architecture and Engineering's
Advanced Technical Analysis Team (ITSAE@@) has Immediate Hire
authority to hire programmers who have very competent to outstanding
skills in Java or .NET
Exploitable issue in various Adobe products
c0ntex ([EMAIL PROTECTED]) Scott Laurie
February 2008
Vulnerable applications, tested:
Adobe Photoshop Album Starter
Adobe After Effects CS3
Adobe Photoshop CS3
Not Vulnerable applications, tested:
Adobe Reader
Adobe Flash Player
This bug is related
Metagoofil is an information gathering tool designed for extracting
metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in
the target/victim websites.
This new version extracts the MAC address of Microsoft Office documents.
Also the output has some changes, and minor fixes.
Watch out n3td3v, the government is out to get you again!
-Nate
On 4/21/08, Lindley James R [EMAIL PROTECTED] wrote:
Employment Opportunities for Java/.NET Programmers and pen-testers
The Internal Revenue Service IT Security Architecture and Engineering's
Advanced Technical Analysis Team
On 4/19/08 8:36 PM, Andrew A [EMAIL PROTECTED] wrote:
Risk assesssment:
There is a critical level of softness in your chat, which can lead to
exploitable chat underflows in many circumstances.
Exploit mitigation:
see attached photo for instructions.
I've been beating on CS3 a bit the past few days myself... I ran
across the same issue. Here is a little helper function
def addr_to_asc_pad(addr)
low = (addr 0x)
high = (addr 0x) 16
a = (low 0x00ff)
b = (low 0xff00) 8
c = (high
Ganbold,
You're welcome.
J
On Sun, 20 Apr 2008 21:26:07 -0400 Ganbold [EMAIL PROTECTED]
wrote:
Thanks a lot who has replied to me.
Basically 64.40.117.19 is foreign IP and connection from all over
world
means
I've seen accesses from various different IPs to 64.40.117.119.
Before client's
so IRMPLC goes from xss in cisco products to sql injection in a small user
base webapp?
I think you may need to fire your current 'research' team and start over
On Mon, Apr 21, 2008 at 11:06 AM, Mark Crowther [EMAIL PROTECTED]
wrote:
RedDot CMS SQL injection vulnerability (CVE Number:
But, but, feet are tasty.
I can't believe people are commenting in here not knowing that FTP is
plaintext. Any infosec 101 book will tell you this. Along with telnet.
Don't use them, use the secure alternatives, such as FTPS or SFTP
(which is indeed a subprocess of SSH, look at sshd.conf if you
This is a funny find, it is incredibly simple, yet it managed to hang my
Linux OS completely. I'd love to see this attempted on newer hardware, since
I'm not 100% sure it will hurt higher end systems as badly.
Elaboration:
I'll be honest, I was very surprised by this find. As a matter of fact,
On Mon, Apr 21, 2008 at 5:06 PM, Mark Crowther [EMAIL PROTECTED] wrote:
RedDot CMS SQL injection vulnerability (CVE Number: CVE-2008-1613)
http://www.irmplc.com/index.php/167-Advisory-026
Vulnerability Type/Importance: SQL injection/Critical
Problem Discovered: 12 February
Valdis,
On Mon, 21 Apr 2008 12:57:12 -0400 [EMAIL PROTECTED] wrote:
On Mon, 21 Apr 2008 12:04:41 EDT, Joey Mengele said:
I think you are mistaken. Perhaps you have an outdated version
of
the document in question?
No, it is you that is sadly mistaken.
IETF RFCs are not versioned. If
Michael,
On Mon, 21 Apr 2008 13:51:54 -0400 Micheal Cottingham
[EMAIL PROTECTED] wrote:
But, but, feet are tasty.
Uhhh ?
I can't believe people are commenting in here not knowing that FTP
is
plaintext. Any infosec 101 book will tell you this. Along with
telnet.
Most 'infosec 101' books
Micheal Cottingham [EMAIL PROTECTED] wrote:
techie.michael .. enough said, go back to geek squad and stay off the list
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
seems like no one is buying into your day on may 1. Quit trying to
make a name for urself on other ppls research.
On 4/21/08, n3td3v [EMAIL PROTECTED] wrote:
On Mon, Apr 21, 2008 at 5:06 PM, Mark Crowther [EMAIL PROTECTED]
wrote:
RedDot CMS SQL injection vulnerability (CVE Number:
On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
Exactly, I was talking about the RFC that supersedes that
particular RFC.
0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
(Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by RFC2228,
RFC2640, RFC2773,
Valdis,
On Mon, 21 Apr 2008 15:43:57 -0400 [EMAIL PROTECTED] wrote:
On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
Exactly, I was talking about the RFC that supersedes that
particular RFC.
0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
(Format: TXT=147316
On Mon, Apr 21, 2008 at 8:36 PM, Ureleet [EMAIL PROTECTED] wrote:
seems like no one is buying into your day on may 1.
I don't agree with you.
Quit trying to make a name for urself on other ppls research.
Its about web applicaton security awareness.
On Mon, 21 Apr 2008 15:46:42 EDT, Joey Mengele said:
I don't have time to hold your hand through this,
Otherwise known as you're trying to weasel your way out of having to
admit that you didn't have a clue what you were talking about.
some of
On Mon, 21 Apr 2008 14:21:21 PDT, Andrew Farmer said:
There is a 3.4.3 in RFC 959 which discusses a COMPRESSED MODE, which
might look superficially like encryption to the untrained eye.
You obviously tuned in late. ;)
When 3.4.3 was pointed out to Joey, he claimed he meant 4.4.3, and
Funny. Except I never worked for Geek Squad. Nor do I want to. And
I'll stay on this list if I so choose, ktnxbai.
On Mon, Apr 21, 2008 at 3:25 PM, reepex [EMAIL PROTECTED] wrote:
Micheal Cottingham [EMAIL PROTECTED] wrote:
techie.michael .. enough said, go back to geek squad and stay off the
I didn't get a script alert on 2.0.0.12 or 3.05b. On both times I saw RAM
kept see-saw'ing from 400mb-1gb and CPU go to 50% and then the script loads.
So really, if you think about it, an analogy for this would be if you fill
an elevator (in your case) with a low max-load with too much shit, do
Andrew,
On Mon, 21 Apr 2008 17:21:21 -0400 Andrew Farmer
[EMAIL PROTECTED] wrote:
On 21 Apr 08, at 12:43, [EMAIL PROTECTED] wrote:
On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
Exactly, I was talking about the RFC that supersedes that
particular RFC.
0959 File Transfer Protocol. J.
On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
So are you trying to suggest compression is not as secure as
encryption? Have you even *read* the RFC in question?
The design goal of most compression algorithms is that *anybody* can take
the compressed data and get back the original. The
Joey, Wikipedia has some decent write-ups on both compression and
encryption. Understanding those concepts would be helpful before tackling
RFCs. Hope that helps.
- G
On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
So are you trying to suggest compression is not as secure as
28 matches
Mail list logo