[Full-disclosure] "Poison-pill auto-disclosure for security vulnerabilities" by Paul Robinson

fyi, an interesting email to Risks Digest 25.43: http://catless.ncl.ac.uk/Risks/25.43.html Date: Mon, 27 Oct 2008 02:15:20 -0700 (PDT) From: Paul Robinson <[EMAIL PROTECTED]> Subject: Poison-pill auto-disclosure for security vulnerabilities I have thought of somethin

[Full-disclosure] [ MDVSA-2008:222 ] Eterm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:222 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2008:221 ] aterm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:221 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2008:220 ] kernel

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:220 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2008:219 ] mplayer

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:219 http://www.mandriva.com/security/

Re: [Full-disclosure] [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)

The case was covered at http://www.f-secure.com/weblog/archives/1522.html too. Juha-Matti Gadi Evron [EMAIL PROTECTED] kirjoitti: > > > -- Forwarded message -- > Date: Tue, 28 Oct 2008 20:47:48 -0700 > From: Paul Ferguson <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subje

[Full-disclosure] Secunia Research: Adobe PageMaker PMD File Processing Buffer Overflows

== Secunia Research 29/10/2008 - Adobe PageMaker PMD File Processing Buffer Overflows - == Table of Contents Affected Software...

[Full-disclosure] [SECURITY] [DSA 1661-1] New OpenOffice.org packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1661-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 29th, 2008

[Full-disclosure] KVIrc version 3.4.0 Virgo remote format string proof of concept exploit.

Regarding: http://www.zeroscience.org/codes.html It seems like this is the old http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951 , found by Stefan Cornelius from Secunia Research and patched in kvirc >= 3.2.6_pre20070714 . Tested y users on 3.4.0 and 3.4.2, can't reproduce. What

[Full-disclosure] [funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)

-- Forwarded message -- Date: Tue, 28 Oct 2008 20:47:48 -0700 From: Paul Ferguson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [funsec] ICANN Terminates EstDomains' Registrar Accreditation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 "Dear Mr. Tsastsin, "Be advised that

Re: [Full-disclosure] www.dia.mil

And maybe friends, you could explain me what's so special about dia.mil ? I would actually understand if CIA central internal information system would use such trackers, but if it's a public web page, what's so special about it ? And ok, even if the information on visitors leaks - what's so intere

Re: [Full-disclosure] www.dia.mil

Welcome to the web! 1 website = content retrieved from dozens/hundreds of sites. Much more than what the browser's address bar shows ;) Think of ad banners, analytics JS ("legit" spyware), static content served from high-speed embedded httpds, etc ... And yes, there are security implications