OwnTheBox, now in year 0x01, continues its hallowed tradition of
creating temporary autonomous zones comprised of random people asking to
be haxored to test their defensive Kung Fu. We're a defender contest, of
sorts, which means the following:
* Contestants bring a server, running some hardene
Finally! Someone who enjoys a good gunfight!
On Tue, Jul 15, 2008 at 10:13 PM, Professor Micheal Chatner <
[EMAIL PROTECTED]> wrote:
> I'll shoot you in the fucking face loser.
>
> Professor Micheal Chatner, MD, CISSP
>
> On Tue, Jul 15, 2008 at 6:44 PM, Stack Smasher <[EMAIL PROTECTED]>
> wr
where is that enforcement of the list charter i was asking for the other day?
On Tue, Jul 15, 2008 at 10:18 PM, Rob Thompson
<[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Professor Micheal Chatner wrote:
>> I'll shoot you in the fucking face loser.
>>
>> Professo
most of what u wrote i actually agree with, let me just say a few
things where you need to adjust.
On Tue, Jul 15, 2008 at 3:48 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> Does he go to jail if he breaks the secrecy, or is this his own little
> crusade of half-disclosure?
no, but i am sure he has som
--On July 15, 2008 10:22:56 PM -0400 [EMAIL PROTECTED] wrote:
On Tue, 15 Jul 2008 20:46:57 CDT, Paul Schmehl said:
Perhaps that's because a cert problem on a web server breaks a single
webserver. A cert problem with dns breaks an entire domain.
On the flip side, if you busticate DNS for the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Professor Micheal Chatner wrote:
> I'll shoot you in the fucking face loser.
>
> Professor Micheal Chatner, MD, CISSP
What in the hell does this have to do with any type of security?
>
> On Tue, Jul 15, 2008 at 6:44 PM, Stack Smasher <[EMAIL PROTEC
On Tue, 15 Jul 2008 20:46:57 CDT, Paul Schmehl said:
> Perhaps that's because a cert problem on a web server breaks a single
> webserver. A cert problem with dns breaks an entire domain.
On the flip side, if you busticate DNS for the entire domain, you're likely to
*notice* it and *fix* it a lot
> --On July 16, 2008 11:17:07 AM +1000 Mark Andrews <[EMAIL PROTECTED]>=20
> wrote:
>
> >> The real problem isn't signing or resigning zones, or even
> >> successfully=3D20 completing the original configuration (although those
> >> are not trivial for=3D20 the average person trying to setup their
I'll shoot you in the fucking face loser.
Professor Micheal Chatner, MD, CISSP
On Tue, Jul 15, 2008 at 6:44 PM, Stack Smasher <[EMAIL PROTECTED]> wrote:
>
> Until you become one with the Gibson Professor, it is pointless.
>
> Try not to hack the entire planet at the same time, but start with a Wi
Mark Andrews wrote:
> ... I like simple tools.
This is the list for you then -- there are lots of folk meeting the
description here...
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclos
--On July 16, 2008 11:17:07 AM +1000 Mark Andrews <[EMAIL PROTECTED]>
wrote:
The real problem isn't signing or resigning zones, or even
successfully=20 completing the original configuration (although those
are not trivial for=20 the average person trying to setup their own
dns). It's the tru
Until you become one with the Gibson Professor, it is pointless.
Try not to hack the entire planet at the same time, but start with a Win9X
box instead.
On Tue, Jul 15, 2008 at 6:57 PM, Professor Micheal Chatner <
[EMAIL PROTECTED]> wrote:
> is pointless.
>
> lets all overdose and die.
>
>
> The real problem isn't signing or resigning zones, or even successfully=20
> completing the original configuration (although those are not trivial for=20
> the average person trying to setup their own dns). It's the trust=20
> anchors. Until the root is signed, trust anchors are a PITA. And u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:146
http://www.mandriva.com/security/
___
> yes you better listen to Paul. He handles windows updates for a large
> network and was the second person to subscribe to a list full of trolls.
You might also want to listen to me. I've got a long history
with DNS and DNSSEC. A little googling will show this. My
hist
--On July 16, 2008 2:14:42 AM +1000 Mark Andrews <[EMAIL PROTECTED]>
wrote:
--On Tuesday, July 15, 2008 09:14:39 +1000 Mark Andrews
<[EMAIL PROTECTED]
>
wrote:
>And the best solution to this attack is to deploy DNSSEC.
>You don't care where the response comes from provide the
>si
Didn't the cool breeze over your head help you feel any better?
On Tue, Jul 15, 2008 at 1:55 PM, Nate McFeters <[EMAIL PROTECTED]>
wrote:
> See, this is why Dino is a genius. Forget all the vulns and Pwn2Own
> contests, this was brilliantly funny, which was great for a Tuesday
> which feels more
yes you better listen to Paul. He handles windows updates for a large
network and was the second person to subscribe to a list full of trolls.
On Tue, Jul 15, 2008 at 10:47 AM, Paul Schmehl <[EMAIL PROTECTED]>
wrote:
> --On Tuesday, July 15, 2008 09:14:39 +1000 Mark Andrews <
> [EMAIL PROTECTED]>
is pointless.
lets all overdose and die.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
> On Tue, Jul 15, 2008 at 5:14 PM, Mark Andrews <[EMAIL PROTECTED]> wrote:
> >http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf
>
> Good stuff, i recall the early stage being fairly cumbersome...
>
> Now, has there been any progress concerning the patent situation? This
> stopped m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1569-3 [EMAIL PROTECTED]
http://www.debian.org/security/ Thijs Kinkhorst
July 15, 2008
See, this is why Dino is a genius. Forget all the vulns and Pwn2Own
contests, this was brilliantly funny, which was great for a Tuesday
which feels more like Monday.
Nate
On Tue, Jul 15, 2008 at 1:42 PM, Peter Besenbruch <[EMAIL PROTECTED]> wrote:
> On Tuesday 15 July 2008 08:17:30 Alexander Sot
iDefense Security Advisory 07.15.08
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 15, 2008
I. BACKGROUND
Internet Directory is Oracle's implementation of the Lightweight
Directory Access Protocol (LDAP) v3 service. It is used in conjunction
with Oracle Identity Management to implemen
iDefense Security Advisory 07.15.08
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 15, 2008
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://
iDefense Security Advisory 07.15.08
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 15, 2008
I. BACKGROUND
Oracle Database Server is a family of database products that range from
personal databases to enterprise solutions. Further information is
available at the following URL.
http://
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200807-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
NGSSoftware Insight Security Research Advisory
Name: PLSQL Injection in Oracle Application Server
Systems Affected: Oracle Application Server 9.0.4.3, 10.1.2.2, 10.1.4.1
Severity: Critical
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 9th October 2007
On Tue, Jul 15, 2008 at 12:48 PM, n3td3v <[EMAIL PROTECTED]> wrote:
Who the hell are you, and what have you done with the real netdev?
That was actually an interesting read; if you continue to write like
that you'll start to change the perception people have of you.
Mike
__
On Tue, Jul 15, 2008 at 3:28 PM, Rob <[EMAIL PROTECTED]> wrote:
> Dan is sworn to secrecy until his talk, so we have to wait till then.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted
Unicode Support:
http://tinyurl.com/dnsExploitSecret-Unicode
Shirkdog
' or 1=1--
http://www.shirkdog.us
> Date: Tue, 15 Jul 2008 11:17:30 -0700
> From: [EMAIL PROTECTED]
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] Kaminsky DNS bug leaked
>
> Dino Dai Zovi finally spi
Nice trick, the real information is here:
http://tinyurl.com/dnsExploitSecret
Shirkdog
' or 1=1--
http://www.shirkdog.us
> Date: Tue, 15 Jul 2008 11:17:30 -0700
> From: [EMAIL PROTECTED]
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] Kaminsky DNS bug leaked
>
> Dino Dai
On Tuesday 15 July 2008 08:17:30 Alexander Sotirov wrote:
> Dino Dai Zovi finally spilled the beans:
> http://twitter.com/dinodaizovi/statuses/858981957
The DNS bug was such a perfect setup for this. ;)
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawa
Alexander Sotirov wrote:
> Dino Dai Zovi finally spilled the beans:
> http://twitter.com/dinodaizovi/statuses/858981957
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored b
On Tue, 15 Jul 2008 11:17:30 PDT, Alexander Sotirov said:
> Dino Dai Zovi finally spilled the beans:
> http://twitter.com/dinodaizovi/statuses/858981957
That's about what I expected it to be. :)
pgp0yonB8GneJ.pgp
Description: PGP signature
___
Full-Di
Dino Dai Zovi finally spilled the beans:
http://twitter.com/dinodaizovi/statuses/858981957
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
n3td3v is mad because he can't afford black hat, and no one is telling
him. so he's whining.
dan said that the patches are intentionally obfuscated.
On Tue, Jul 15, 2008 at 10:28 AM, Rob <[EMAIL PROTECTED]> wrote:
> Ureleet wrote:
>> there can be no actual exploit discussion unless you have dan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1609-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
July 15, 2008
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1610-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
July 15, 2008
On Tue, Jul 15, 2008 at 5:14 PM, Mark Andrews <[EMAIL PROTECTED]> wrote:
>http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf
Good stuff, i recall the early stage being fairly cumbersome...
Now, has there been any progress concerning the patent situation? This
stopped me from actually
> --On Tuesday, July 15, 2008 09:14:39 +1000 Mark Andrews <[EMAIL PROTECTED]
> >
> wrote:
>
> > And the best solution to this attack is to deploy DNSSEC.
> > You don't care where the response comes from provide the
> > signatures are good.
> >
>
> Except that DNSSEC is going to have
--On Tuesday, July 15, 2008 09:14:39 +1000 Mark Andrews <[EMAIL PROTECTED]>
wrote:
>
> And the best solution to this attack is to deploy DNSSEC.
> You don't care where the response comes from provide the
> signatures are good.
>
Except that DNSSEC is going to have to improve dra
Ureleet wrote:
> there can be no actual exploit discussion unless you have dan on the
> thread. dan?
>
> On Sun, Jul 13, 2008 at 3:50 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>> http://blogs.zdnet.com/security/?p=1466
>> Can someone clarify what they meant by "non-reversible patch" ?
I th
RICHMOND, VA, July 14, 2008 - The Open Security Foundation (OSF) is
pleased to announce that the DataLossDB (also known as the Data Loss
Database - Open Source (DLDOS) currently run by Attrition.org) will be
formally maintained as an ongoing project under the OSF umbrella
organization as of Jul
Hello,
Kon-Boot is an prototype piece of software which allows to change contents
of a linux kernel on the fly (while booting). In the current compilation
state it allows to log into a linux system as 'root' user without typing
the
correct password or to elevate privileges from current u
44 matches
Mail list logo
