Salut, K-Gen,
On Mon, 21 Apr 2008 21:32:27 +0300, K-Gen wrote:
> "I'll be honest, I was very surprised by this find. As a matter of
> fact, this was the first time I ever managed to crash Linux
> completely... Through a web browser.
You should consider using rlimits, which tend to contain this pr
===
Ubuntu Security Notice USN-602-1 April 22, 2008
firefox vulnerabilities
CVE-2008-1380
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu
===
Ubuntu Security Notice USN-604-1 April 22, 2008
gnumeric vulnerability
CVE-2008-0668
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu
Joey, Wikipedia has some decent write-ups on both compression and
encryption. Understanding those concepts would be helpful before tackling
RFCs. Hope that helps.
- G
On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
> So are you trying to suggest compression is not as secure as
> encrypt
On Mon, 21 Apr 2008 22:31:53 EDT, Joey Mengele said:
> So are you trying to suggest compression is not as secure as
> encryption? Have you even *read* the RFC in question?
The design goal of most compression algorithms is that *anybody* can take
the compressed data and get back the original. Th
Andrew,
On Mon, 21 Apr 2008 17:21:21 -0400 Andrew Farmer
<[EMAIL PROTECTED]> wrote:
>On 21 Apr 08, at 12:43, [EMAIL PROTECTED] wrote:
>> On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
>>> Exactly, I was talking about the RFC that supersedes that
>>> particular RFC.
>>
>> 0959 File Transfer
I didn't get a script alert on 2.0.0.12 or 3.05b. On both times I saw RAM
kept see-saw'ing from 400mb-1gb and CPU go to 50% and then the script loads.
So really, if you think about it, an analogy for this would be if you fill
an elevator (in your case) with a low max-load with too much shit, do y
Funny. Except I never worked for Geek Squad. Nor do I want to. And
I'll stay on this list if I so choose, ktnxbai.
On Mon, Apr 21, 2008 at 3:25 PM, reepex <[EMAIL PROTECTED]> wrote:
> Micheal Cottingham <[EMAIL PROTECTED]> wrote:
>
> "techie.michael" .. enough said, go back to geek squad and stay
On Mon, 21 Apr 2008 14:21:21 PDT, Andrew Farmer said:
> There is a 3.4.3 in RFC 959 which discusses a "COMPRESSED MODE", which
> might look superficially like encryption to the untrained eye.
You obviously tuned in late. ;)
When 3.4.3 was pointed out to Joey, he claimed he meant 4.4.3, and
On Mon, 21 Apr 2008 15:46:42 EDT, Joey Mengele said:
> I don't have time to hold your hand through this,
Otherwise known as "you're trying to weasel your way out of having to
admit that you didn't have a clue what you were talking about".
>some
On Mon, Apr 21, 2008 at 9:43 PM, <[EMAIL PROTECTED]> wrote:
> Dearest n3td3v,
> Please allow me to thank you on behalf of the security community
> and industry: you are an asset beyond compare. We would request
> you continue your hard work at maintaining widespread awareness of
> security, j
On 21 Apr 08, at 12:43, [EMAIL PROTECTED] wrote:
> On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
>> Exactly, I was talking about the RFC that supersedes that
>> particular RFC.
>
> 0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
> (Format: TXT=147316 bytes) (Obsoletes
Dearest n3td3v,
Please allow me to thank you on behalf of the security community
and industry: you are an asset beyond compare. We would request
you continue your hard work at maintaining widespread awareness of
security, journalistic, and PR foibles, without which many of us
would be uninform
On Mon, Apr 21, 2008 at 8:36 PM, Ureleet <[EMAIL PROTECTED]> wrote:
> seems like no one is buying into "your day" on may 1.
I don't agree with you.
> Quit trying to make a name for urself on other ppls research.
Its about web applicaton security awareness.
http://lists.grok.org.uk/pipermail/ful
Valdis,
On Mon, 21 Apr 2008 15:43:57 -0400 [EMAIL PROTECTED] wrote:
>On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
>
>> Exactly, I was talking about the RFC that supersedes that
>> particular RFC.
>
>0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
> (Format: TXT=147
On Mon, 21 Apr 2008 15:04:19 EDT, Joey Mengele said:
> Exactly, I was talking about the RFC that supersedes that
> particular RFC.
0959 File Transfer Protocol. J. Postel, J. Reynolds. October 1985.
(Format: TXT=147316 bytes) (Obsoletes RFC0765) (Updated by RFC2228,
RFC2640, RFC2773, R
seems like no one is buying into "your day" on may 1. Quit trying to
make a name for urself on other ppls research.
On 4/21/08, n3td3v <[EMAIL PROTECTED]> wrote:
>
> On Mon, Apr 21, 2008 at 5:06 PM, Mark Crowther <[EMAIL PROTECTED]>
> wrote:
> >
> >
> >
> > RedDot CMS SQL injection vulnerability
Micheal Cottingham <[EMAIL PROTECTED]> wrote:
"techie.michael" .. enough said, go back to geek squad and stay off the list
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secu
Michael,
On Mon, 21 Apr 2008 13:51:54 -0400 Micheal Cottingham
<[EMAIL PROTECTED]> wrote:
>But, but, feet are tasty.
>
Uhhh ?
>I can't believe people are commenting in here not knowing that FTP
>is
>plaintext. Any infosec 101 book will tell you this. Along with
>telnet.
Most 'infosec 101' bo
Valdis,
On Mon, 21 Apr 2008 12:57:12 -0400 [EMAIL PROTECTED] wrote:
>On Mon, 21 Apr 2008 12:04:41 EDT, Joey Mengele said:
>> I think you are mistaken. Perhaps you have an outdated version
>of
>> the document in question?
>
>No, it is you that is sadly mistaken.
>
>IETF RFCs are not versioned. I
On Mon, Apr 21, 2008 at 5:06 PM, Mark Crowther <[EMAIL PROTECTED]> wrote:
>
>
>
> RedDot CMS SQL injection vulnerability (CVE Number: CVE-2008-1613)
>
>
>
> http://www.irmplc.com/index.php/167-Advisory-026
>
>
>
>
>
> Vulnerability Type/Importance: SQL injection/Critical
>
>
>
> Problem Discovered:
This is a funny find, it is incredibly simple, yet it managed to hang my
Linux OS completely. I'd love to see this attempted on newer hardware, since
I'm not 100% sure it will hurt higher end systems as badly.
Elaboration:
"I'll be honest, I was very surprised by this find. As a matter of fact,
t
But, but, feet are tasty.
I can't believe people are commenting in here not knowing that FTP is
plaintext. Any infosec 101 book will tell you this. Along with telnet.
Don't use them, use the secure alternatives, such as FTPS or SFTP
(which is indeed a subprocess of SSH, look at sshd.conf if you do
so IRMPLC goes from xss in cisco products to sql injection in a small user
base webapp?
I think you may need to fire your current 'research' team and start over
On Mon, Apr 21, 2008 at 11:06 AM, Mark Crowther <[EMAIL PROTECTED]>
wrote:
> RedDot CMS SQL injection vulnerability (CVE Number: CVE-2
On Mon, 21 Apr 2008 12:04:41 EDT, Joey Mengele said:
> I think you are mistaken. Perhaps you have an outdated version of
> the document in question?
No, it is you that is sadly mistaken.
IETF RFCs are not versioned. If substantial changes are made, the
document is re-issued with a new number.
RedDot CMS SQL injection vulnerability (CVE Number: CVE-2008-1613)
http://www.irmplc.com/index.php/167-Advisory-026
Vulnerability Type/Importance: SQL injection/Critical
Problem Discovered: 12 February 2008
Vendor Contacted: 19 February 2008
Advisory Published: 21 Apr
Groffg,
I think you are mistaken. Perhaps you have an outdated version of
the document in question?
J
On Fri, 18 Apr 2008 16:58:07 -0400 "Garrett M. Groff"
<[EMAIL PROTECTED]> wrote:
>Joey, are you certain that you're looking at RFC 959? There is no
>4.3.3
>section in RFC 959.
>
>- G
>
>
>--
Ganbold,
You're welcome.
J
On Sun, 20 Apr 2008 21:26:07 -0400 Ganbold <[EMAIL PROTECTED]>
wrote:
>Thanks a lot who has replied to me.
>Basically 64.40.117.19 is foreign IP and connection from all over
>world
>means
>I've seen accesses from various different IPs to 64.40.117.119.
>Before clien
I've been beating on CS3 a bit the past few days myself... I ran
across the same issue. Here is a little helper function
def addr_to_asc_pad(addr)
low = (addr & 0x)
high = (addr & 0x) >> 16
a = (low & 0x00ff)
b = (low & 0xff00) >> 8
c
On 4/19/08 8:36 PM, "Andrew A" <[EMAIL PROTECTED]> wrote:
> Risk assesssment:
> There is a critical level of softness in your chat, which can lead to
> exploitable chat underflows in many circumstances.
>
> Exploit mitigation:
> see attached photo for instructions.
>
>
> __
Watch out n3td3v, the government is out to get you again!
-Nate
On 4/21/08, Lindley James R <[EMAIL PROTECTED]> wrote:
>
> Employment Opportunities for Java/.NET Programmers and pen-testers
>
> The Internal Revenue Service IT Security Architecture and Engineering's
> Advanced Technical Analysis
Metagoofil is an information gathering tool designed for extracting
metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in
the target/victim websites.
This new version extracts the MAC address of Microsoft Office documents.
Also the output has some changes, and minor fixes.
No
Exploitable issue in various Adobe products
c0ntex ([EMAIL PROTECTED]) Scott Laurie
February 2008
Vulnerable applications, tested:
Adobe Photoshop Album Starter
Adobe After Effects CS3
Adobe Photoshop CS3
Not Vulnerable applications, tested:
Adobe Reader
Adobe Flash Player
This bug is related to
Employment Opportunities for Java/.NET Programmers and pen-testers
The Internal Revenue Service IT Security Architecture and Engineering's
Advanced Technical Analysis Team (ITSAE@@) has "Immediate Hire"
authority to hire programmers who have very competent to outstanding
skills in Java or .NET en
On 20 Apr 08, at 11:06, Jean Duboscs wrote:
> I am belgium.
And I am Spartacus?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
35 matches
Mail list logo
