Re: [Full-disclosure] DNS spoofing issue. Thoughts on potential exploits

2008-07-27 Thread Mark Andrews
What is always required is a machine where the user has the ability to write packets to the network with any IP. This usually means super user access. It is difficult in most cases to send udp packets with forged IP since routers will not accept them. That is why it is difficult to

[Full-disclosure] simple phishing fix

2008-07-27 Thread lsi
Soo y'all know not to click on those emails from your bank, or from any other bank, in your inbox and now you just delete them ... why not automate this process? It's easy, just filter a whole bunch of banking names straight to your deleted items. All you do is create a rule for each bank,

[Full-disclosure] [SECURITY] [DSA 1620-1] New python2.5 packages fix several vulnerabilities

2008-07-27 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1620-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff July 27, 2008

Re: [Full-disclosure] simple phishing fix

2008-07-27 Thread trejrco
And yet some banks do, in fact, send real emails to their clients ... Sent from my Verizon Wireless BlackBerry -Original Message- From: lsi [EMAIL PROTECTED] Date: Sun, 27 Jul 2008 14:10:38 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] simple phishing fix Soo

[Full-disclosure] [SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing

2008-07-27 Thread Devin Carraway
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1619-1 [EMAIL PROTECTED] http://www.debian.org/security/ Devin Carraway July 27, 2008

Re: [Full-disclosure] how to request a cve id?

2008-07-27 Thread Steven M. Christey
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE requests can be sent to [EMAIL PROTECTED] or to me directly. My PGP key is below, or accessible from the MIT public key server. Alternately, you can request them from Candidate Numbering Authorities (CNAs) which include the security teams at Red

Re: [Full-disclosure] how to request a cve id?

2008-07-27 Thread Georgi Guninski
On Sat, Jul 26, 2008 at 01:08:25PM -0400, Steven M. Christey wrote: The amount of information you need to provide can vary and is somewhat negotiable. We need to be sure how many CVEs to assign. lol. this is the lamest way to social engineer 0days i have ever seen! even people begging

Re: [Full-disclosure] Dan Kaminsky Disclosure Methodology + Super Critical vulnerability disclosure in Windows

2008-07-27 Thread Robert Holgstad
isn't the point of tech journalists to blog about stuff they dont understand to scare/awe clueless people and give informed people material to laugh at? If this is true Nate McFeters should be getting tech journalists awards and hall of fame. On Fri, Jul 25, 2008 at 1:37 PM, Fredrick Diggle

Re: [Full-disclosure] DNS spoofing issue. Thoughts on

2008-07-27 Thread Glenn.Everhart
1% per hour for each target. Lots of targets. The need for something more like ssl certs in there remains. (Also needed for bgp I suspect). By extension, some web of trust variation of CERTs would make much of this easier for those not interested in or able to pay for certs from commercial

[Full-disclosure] [ MDVSA-2008:155-1 ] - Updated Thunderbird packages fix multiple vulnerabilities

2008-07-27 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:155-1 http://www.mandriva.com/security/

Re: [Full-disclosure] DNS spoofing issue. Thoughts on

2008-07-27 Thread John D. Reason
On Sat, 26 Jul 2008 23:19:53 +0100 n3td3v [EMAIL PROTECTED] wrote: On Sat, Jul 26, 2008 at 11:10 PM, Paul Schmehl [EMAIL PROTECTED] wrote: there *is* such a thing as criminal negligence.) Could we not charge HD Moore and I)ruid with this? All the best, n3td3v Stop trying to stifle the

[Full-disclosure] [SECURITY] [DSA 1621-1] New icedove packages fix several vulnerabilities

2008-07-27 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1621-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff July 27, 2008

Re: [Full-disclosure] simple phishing fix

2008-07-27 Thread Biz Marqee
Wow, you our are savior.. no, no our e-Hero! Forget patches for software bugs.. This guy can teach us how to set up a mail filter!! Seriously dude.. do you think we care about, or are too inept to set up mail filter rules? Go find another list to contribute to, you are a joke.

Re: [Full-disclosure] Dan Kaminsky Disclosure Methodology + Super Critical vulnerability disclosure in Windows

2008-07-27 Thread T Biehn
I thought Francis E Dec died... On Sat, Jul 26, 2008 at 7:04 AM, n3td3v [EMAIL PROTECTED] wrote: On Sat, Jul 26, 2008 at 6:02 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Instead of criticizing someone for releasing an exploit (which is a bit like criticizing a cow for making milk) direct