On Mon, Jan 5, 2009 at 9:25 AM, - o z - o...@hotmail.com wrote:
On Jan 4, 2009, at 10:31 PM, Avraham Schneider wrote:
When there is no choice, there is no choice - Israel has to defend it's
own
civilian population as a first priority.
Let me tell you a little of the latest events -
1)
CVE-2008-2303 covers an integer overflow in the handling of indices in
the arguments array in Apple Safari that affects iPhone, iPod and PC
(Mac and Windows). It was fixed in Safari 3.2 for iPhone and iPod in
July and for PC in November. More details here:
http://support.apple.com/kb/HT3298
/British_Mandate_of_Palestine
Btw i'm not antisemite i like jews, i'm just anti-sionist :)
Cheers
-- next part --
An HTML attachment was scrubbed...
URL:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090105/d213
7757/attachment-0001.html
Nobody force you to answer or even read this topic. You can still
answer and read other topic.
And what a liar you are.Yesterday a 20 year old boy got shoot dead by
israel in Westbank in a demonstration. So dont speak like the soldiers
are little angels. In fact Satan himself , take special
just add an exception...
On Mon, Jan 5, 2009 at 2:35 PM, Gary Wilson dra...@dragons.org.uk wrote:
Having had enough of the non-topic junk this list has become recently, I
went to unsub, but it seems the SSL cert is not valid/trusted.
For the mods, I guess:
Secure Connection Failed
Having had enough of the non-topic junk this list has become recently, I
went to unsub, but it seems the SSL cert is not valid/trusted.
For the mods, I guess:
Secure Connection Failed
lists.grok.org.uk uses an invalid security certificate.
The certificate is not trusted because the issuer
True, I could...yet this one is just a nonsensical flame-fight and really
out of place.
There's a difference between police shooting at demonstrations, and soldiers
rolling in with tanks. Police shootings are not military operations, they
happen just about everywhere on earth and are no
Anders B Jansson wrote:
And just what kind of crappy mail client do you have to can't filter messages
on subject and/or sender?
Why should we have to filter messages that are propaganda? This list is
ridiculous, a flat out joke. Filters are for n3td3v and ureleet. Not
this bullshit.
That
SSL certs cost money. This one works the same. etc..
On Mon, Jan 5, 2009 at 2:35 PM, Gary Wilson dra...@dragons.org.uk wrote:
Having had enough of the non-topic junk this list has become recently, I
went to unsub, but it seems the SSL cert is not valid/trusted.
For the mods, I guess:
It's interesting to note how the PA Palestinians in the West Bank are living
peacefully - they're not launching attacks on Israeli citizens, and therefor
aren't being attacked back by Israel. In fact, many of them have jobs within
Israeli areas and receive benefits from the Israeli government (my
Me and others disproved every single one of the claims you and the other
Muslim (assuming you are not the same) person posted here.
The fact that nobody forced him to answer or even read the topic might be
true but his frustration is understandable for this mailing list is aimed
for IT-Security
What does this have to do with computers/computer security?
Nothing.
Take your propoganda and go home!
Handrix wrote:
Hi all,
The terrorist Israeli forces bombed Gaza city and destroyed many
buildings and killed several hundred people.
Israel likes to invoke as a justification for its
For those that want moderation on this mailing list, please let us all know
how you would like to achieve said moderation on a mailing list populated by
security-conscious persons who may also share a tendency to aschew rules
and/or authority.
Before vomiting out an answer, think a little bit
SSL certs cost money. This one works the same. etc..
Uh, no, actually CAs provide some weak assurance that the certificate is
the real one and associated with that server. A self-signed one
provides none. If you can't, in some way, authenticate the certificate
then SSL is not any better than
Allaa,
Frankly I think that the entire thing is silly. We're human beings
made up of the same flesh, blood and bone. We all come from the exact
same source regardless of what name we give it. The same bullet that
can kill me can kill you and the resulting family pains would also be
On Mon, 05 Jan 2009 11:25:58 PST, Tim said:
Uh, no, actually CAs provide some weak assurance that the certificate is
the real one and associated with that server. A self-signed one
provides none. If you can't, in some way, authenticate the certificate
then SSL is not any better than sending
eschew moderation!
just delete crap you don't want :)
WMM
On Mon, Jan 5, 2009 at 2:26 PM, Michael Krymson krym...@gmail.com wrote:
For those that want moderation on this mailing list, please let us all know
how you would like to achieve said moderation on a mailing list populated by
--On January 2, 2009 4:27:10 PM -0600 Handrix hand...@gmail.com wrote:
Hi all,
The terrorist Israeli forces bombed Gaza city and destroyed many
buildings and killed several hundred people.
Israel likes to invoke as a justification for its attacks on its
neighbors the war against Terror -
Happy New Year!
Since I haven't done so *all year*, I thought it's about time I release
something! :P
Actually, for my sins, since my idiocy seems to have now encompassed
JAVA, I wanted to get this out there... Most of the effort has been in
figuring out how to get a build environment working
===
Ubuntu Security Notice USN-702-1 January 05, 2009
samba vulnerability
CVE-2009-0022
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory
It's *slightly* better, in that it guards against passive sniffing attacks
on the data in transit. You're right that it doesn't guard against an
active MITM attack.
How is that better, really? Run tcpdump or ettercap... Either of the
tools are off the shelf. It doesn't take a great deal of
Another thought... If the FD maintainers wanted to include the
fingerprint of their self-signed cert or CA in the monthly list charter
email, it might be archived in dozens of places around the internet and
allow those who actually care about SSL security to validate the
certificate without having
Dont really know who's making propaganda around here
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-- Forwarded message --
From: full-disclosure-boun...@lists.grok.org.uk
Date: Sat, Jan 3, 2009 at 6:59 PM
Subject: Your message to Full-Disclosure awaits moderator approval
To: xploita...@gmail.com
Your mail to 'Full-Disclosure' with the subject
Israel-Gaza conflict: Cyber
On Mon, Jan 5, 2009 at 11:46 AM, valdis.kletni...@vt.edu wrote:
On Mon, 05 Jan 2009 11:25:58 PST, Tim said:
Uh, no, actually CAs provide some weak assurance that the certificate is
the real one and associated with that server. A self-signed one
provides none. If you can't, in some way,
On Mon, 05 Jan 2009 12:47:20 PST, Tim said:
How is that better, really? Run tcpdump or ettercap... Either of the
tools are off the shelf.
And if the site is using a self-signed cert, how does a 3rd party tcpdump
manage to get a *decrypted* datastream? Yes, you can still do traffic analysis
They shouldn't let you post at all.
2009/1/5 n3td3v xploita...@gmail.com
-- Forwarded message --
From: full-disclosure-boun...@lists.grok.org.uk
Date: Sat, Jan 3, 2009 at 6:59 PM
Subject: Your message to Full-Disclosure awaits moderator approval
To: xploita...@gmail.com
On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote:
They shouldn't let you post at all.
LOL! Thanks for the chuckle!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
On Mon, 05 Jan 2009 13:29:52 PST, Tim said:
How is that better, really? Run tcpdump or ettercap... Either of the
tools are off the shelf.
And if the site is using a self-signed cert, how does a 3rd party tcpdump
manage to get a *decrypted* datastream? Yes, you can still do traffic
On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote:
On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote:
They shouldn't let you post at all.
LOL! Thanks for the chuckle!
Can we have conversation about my opinion on using 'cyber protest'
instead of 'cyber war'?
On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said:
Can we have conversation about my opinion on using 'cyber protest'
instead of 'cyber war'?
No.
I think the community has been getting confused on such matters.
The community isn't confused. Only the posers who are pretending to
be part of the
Congratulation's handrix, and few other people here.
for proving you amazing history and middle east knowledge.
few facts (I'm from Israel, and also in the idf, for everyone who want
few more reasons to hate me):
In the beginning of the 20th century there were almost no Arabs in the
land of
On Mon, Jan 5, 2009 at 10:03 PM, valdis.kletni...@vt.edu wrote:
On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said:
Can we have conversation about my opinion on using 'cyber protest'
instead of 'cyber war'?
No.
I think the community has been getting confused on such matters.
The community
On Mon, Jan 5, 2009 at 10:03 PM, n3td3v xploita...@gmail.com wrote:
On Mon, Jan 5, 2009 at 10:03 PM, valdis.kletni...@vt.edu wrote:
On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said:
Can we have conversation about my opinion on using 'cyber protest'
instead of 'cyber war'?
No.
I think the
On Mon, 05 Jan 2009 22:08:10 GMT, you said:
I think SANS is confused too;
But you've complained in the past that SANS is a bunch of posers, thus
proving my point. ;)
pgpAHe6OvUSph.pgp
Description: PGP signature
___
Full-Disclosure - We believe in
On Mon, 5 Jan 2009, n3td3v wrote:
On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote:
On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote:
They shouldn't let you post at all.
LOL! Thanks for the chuckle!
Can we have conversation about my opinion on using
Hi!
The prevailing use of self-signed certs on the Internet basically
destroys the usefulness of HTTPS, since it trains users to simply
click add exception and ignore the scary warnings because then I
get the lock icon, which means I'm safe!
[...]
stop being so effing
stingy and cough up
On Tue, 2009-01-06 at 00:25, Rob Thompson wrote:
That lame thread about palestine/Israel is just BS. Flat out. It has
_NO_ place here!
spamassassin's great -
header FD_BS Subject =~ /The war/i
It was Mozilla.com:
http://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html
Juha-Matti
Volker Tanger [vtli...@wyae.de] wrote:
Hi!
The prevailing use of self-signed certs on the Internet basically
destroys the usefulness of HTTPS, since it trains
No, I don't claim that Joe Sixpack will notice if they're ettercap'ed.
However,
fine distinctions like the difference between just throw ettercap at it and
this protects against passive sniffing but not active MITM are
often important in this business.
That's the thing. I don't think that
And as browsers usually do not check CRLs, there is no way preventing
the use of wrongfully signed certificates short of distributing a
software update (as was with the MS case). If browsers had a cert
cache and checked it similar to SSH, MitM-attacks would be much harder.
Well, now you're
On Mon, Jan 5, 2009 at 3:35 PM, Gary Wilson dra...@dragons.org.uk wrote:
Having had enough of the non-topic junk this list has become recently, I
went to unsub, but it seems the SSL cert is not valid/trusted.
For the mods, I guess:
Secure Connection Failed
lists.grok.org.uk uses an
Alright, enough of the off-topic crap. Back to the topic, being that
lists.grok.co.uk should get a non-self-signed cert. The cancer
infesting fd and the merits of CAs are irrelevant to the thread.
Oh, ok, so maybe you'd prefer we talk about Palestine, moderation, or
netdev's latest drivel?
I
On Mon, Jan 5, 2009 at 10:07 PM, Ed Carp e...@pobox.com wrote:
On Mon, 5 Jan 2009, n3td3v wrote:
On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote:
On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote:
They shouldn't let you post at all.
LOL! Thanks for the
I believe I stated *up front* that it doesn't secure against an active MITM
attack. Once ettercap presents a *different* certificate than the one you
were expecting, the victim can at least potentially notice (the same way
that OpenSSH complains if it discovers that a host key is different).
I
Good. I think almost everyone would agree that YOU need to be moderated.
Stop being a cry baby and go choke yourself to death on your fathers cock
you drug fucked faggot.
___
Full-Disclosure - We believe in it.
Charter:
On Tue, Jan 6, 2009 at 2:45 AM, Tim tim-secur...@sentinelchicken.org wrote:
Alright, enough of the off-topic crap. Back to the topic, being that
lists.grok.co.uk should get a non-self-signed cert. The cancer
infesting fd and the merits of CAs are irrelevant to the thread.
Oh, ok, so maybe
Coolz,
I think you misunderstood everything:
First : you are from Israel, so probably you read only Israeli newspapers.
In modern world we see news from reliable (independent) sources.
That makes your story not very believable.
But it can be worse: some people here do never read newspapers or see
I think you're the one who misunderstands. Nobody gives a shit what
you have to say, as it's completely OT.
Take your rant elsewhere.
On Tue, Jan 6, 2009 at 11:07 AM, Mainbox Notif rokade...@gmail.com wrote:
Coolz,
I think you misunderstood everything:
First : you are from Israel, so
When will this thread die?
Bitching at each other will prove nothing: beliefs in topics such as
national identity cannot be swayed by mere words, especially in the
form of argument.
Now, everyone stfu.
kthnxbai
___
Full-Disclosure - We believe in it.
Hello everyone,
A bit off topic..
Can somebody explain why signing a cert for a domain is still so expensive ?
Or do CA pays a lot of money to browsers so they do not a allow CA with a
better price.. ? Why can't a CA sign a certificate free of charge so
everyone who own a domain can have a https
It's off topic for this thread.
I think discussing the advantages and disadvantages of using a self
signed cert is pretty darned close to the OP's topic, but whatever.
Moderation, is, of course, relevant.
It comes up about every month. Get over it. Look through the list
archives for every
On Mon, Jan 5, 2009 at 2:53 PM, Adrenalin adrenali...@gmail.com wrote:
Hello everyone,
A bit off topic..
Can somebody explain why signing a cert for a domain is still so expensive ?
Or do CA pays a lot of money to browsers so they do not a allow CA with a
better price.. ? Why can't a CA sign
===
Ubuntu Security Notice USN-703-1 January 06, 2009
xterm vulnerability
CVE-2006-7236, CVE-2008-2383
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06
On Mon, 05 Jan 2009 23:55:59 GMT, Christopher Pritchard said:
previous certificate became invalid (for example due to a date issue). It
should also be possible to have semi-centralised CRLs that browsers would
check for occasions when the server admin wants to change certificates, they
could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Folks,
In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of
National Infrastructure) published the document Security Assessment of the
Internet Protocol. The motivation of the aforementioned document is
explained in the Preface
really is that ur boilerplate response of the week? gadi gadi gadi?
u fukin idiot.
On Fri, Jan 2, 2009 at 5:07 PM, n3td3v xploita...@gmail.com wrote:
On Fri, Jan 2, 2009 at 9:28 PM, KT listcli...@gmail.com wrote:
On 1/2/09, n3td3v xploita...@gmail.com wrote:
NEVER
On Fri, Jan 2, 2009 at
is this really what ur wasting ur life, and ours with? 1 fucking
word? get a fucking job.
On Mon, Jan 5, 2009 at 4:57 PM, n3td3v xploita...@gmail.com wrote:
On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote:
On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote:
I wrote:
address. I get the idea that the list has no COPPA filtering (no one 13 or
younger allowed), nor does it have any sort of maturity level filtering.
On Mon, Jan 5, 2009 at 3:51 PM, Biz Marqee biz.mar...@gmail.com wrote:
Stop being a cry baby and go choke yourself to death on your
Also stolen from the Palestinian people: their domain name.
The web site of the Permanent Observer Mission of Palestine to the
United Nations: http://www.palestine-un.org/
Click some of the links on the left and check the whois.
Larry Seltzer
eWEEK.com Security Center Editor
[SVRT-01-09] Redirection Vulnerability in Yahoo! Advertising Service
1. General Information
On December 22, 2008, SVRT-BKIS found a vulnerability in Yahoo! Wap Service.
This is the second vulnerability discovered by BKIS in cell phone Web
platform, the first one was found in Google Wap Proxy.
On Mon, Jan 5, 2009 at 8:49 PM, Larry Seltzer la...@larryseltzer.com wrote:
Also stolen from the Palestinian people: their domain name.
Larry Seltzer
eWEEK.com Security Center Editor
When someone in the press starts regurgitating lies, I've got to step
in and say something.
Lie #1: There
62 matches
Mail list logo