Full-Disclosure mailing list submissions
Tanks
Tedleo
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hi
T Biehn wrote:
> The point really wasnt this trick (which was about eliminating LEAD-TIME) it
> was more so to prompt a discussion around various trivial tricks to write a
> more 'reliable botnet'.
Shortly: use coupious numbers of normal-looking domain names instead of
a single obviously rando
Yes, its possible, I mapped out something on a high level that would
use rss/xml and would evade most detection methods on the network...
Problem comes in is that stuff gets detected at infection-time and
gets reverse engineered. Stealthy botnets is easy, stealthy infection
is trickier.
On 2/19/09
Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001
Release Date. 23-Feb-2009
Vendor Notification Date. 20-Oct-2008
Product. Libero
Platform. Windows (verified), possibly others
Affected versions. Libero v5.3 SP5 (verified), possibly others
Severity Rating. Medium
I
II would use something like UDP or IGMP and modify the packets slightly. I
know that most routers will just pass them on and not worry about a few
weird things.
On Mon, Feb 23, 2009 at 2:56 PM, John C. A. Bambenek, GCIH, CISSP <
bambenek.info...@gmail.com> wrote:
> Yes, its possible, I mapped out
On Sat, Feb 21, 2009 at 9:30 PM, wrote:
> On Fri, 20 Feb 2009 09:24:29 EST, Smoking Gun said:
>
>> Ironically, your own quote"company"quote offered penetration testing
>> services at the insane pricing scheme of "we'll pentest0r joo for free
>> and if we find something you can pay us to find othe
1- We could do this ad infinitum, but "this list's lack of usual moderation
does not mean your opinion is
either respected, welcomed, or desired by anyone," Mr. Mugabe. But hey, at
least Valdis was on topic, right? Circular arguments get us everywhere!
2- Further, I for one welcome Valdis' opinion
On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun wrote:
> On Sat, Feb 21, 2009 at 9:30 PM, wrote:
> > On Fri, 20 Feb 2009 09:24:29 EST, Smoking Gun said:
> >
> >> Ironically, your own quote"company"quote offered penetration testing
> >> services at the insane pricing scheme of "we'll pentest0r joo
On Mon, Feb 23, 2009 at 10:26 AM, Michael Krymson wrote:
>
>
> On Mon, Feb 23, 2009 at 8:57 AM, Smoking Gun
> wrote:
>>
> Blah blah gross personal speculation blah...
>
> At any rate, if CEO Cloe decides to hire a pen-tester for $1,000 and gets
> back a scan with some dumpy reports on it (sorry,
"Look at me all smiles like a proud papa."
-Jesus
On Mon, Feb 23, 2009 at 8:31 AM, James Matthews wrote:
> II would use something like UDP or IGMP and modify the packets slightly. I
> know that most routers will just pass them on and not worry about a few
> weird things.
>
> On Mon, Feb 23, 200
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
...stealthy infection is trickier.
but not impossible, checkout Symantec/F-Secure joint analysis of
mebroot: https://forums.symantec.com/t5/blogs/blogprintpage/blog-
id/malicious_code/article-
id/244;jsessionid=A4811540934368155A4B0BEE4D0B0615. Now
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:050-1
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:051
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mr. Krymson,
1. Valdis' replies fall under other commonly used Latin phrases,
such as "ad nauseam" that the slightly educated use in conversation
to attempt emulation of both higher levels of education and
intelligence than they actually possess. Nic
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200902-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200902-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:049-1
http://www.mandriva.com/security/
Magento Multiple Cross-Site Scripting Vulnerabilities - Security Advisory -
SOS-09-002
Release Date. 24-Feb-2009
Vendor Notification Date. 21-Jan-2009
Product. Magento
Platform. Linux / PHP (verified), possibly others
Affected versions. Magento 1.2.0 (verified), possibly others
Severity Rating.
(-8
{Annnouncing CodeGate 2009 | hacking & defense contests}
CodeGate invites the best hackers out there to strut their stuff in
Seoul, South Korea this spring.
[Hacking Festival]
A $35,000 prize will be awarded to the best hackers from around the world.
To win the prize, teams must first place
My apologies, it appears that http://beist.org/codegate2009.txt has prize
money clarifications.
The Festival offers a ~$26500 USD prize and the Defense Contest pays ~$7300
USD
On Mon, Feb 23, 2009 at 10:51 PM, leet kune wrote:
> (-8
>
> {Annnouncing CodeGate 2009 | hacking & defense contests}
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2009-0002
Synopsis: VirtualCenter Update 4 updates Tomcat to 5.5.27
Issue date:2009-02-23
Up
21 matches
Mail list logo