[Full-disclosure] [SECURITY] [DSA 1872-1] New Linux 2.6.18 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1872-1secur...@debian.org http://www.debian.org/security/ dann frazier August 24, 2009

[Full-disclosure] rPSA-2009-0122-1 idle python

rPath Security Advisory: 2009-0122-1 Published: 2009-08-24 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Deterministic Weakness Updated Versions:

[Full-disclosure] rPSA-2009-0123-1 apr-util

rPath Security Advisory: 2009-0123-1 Published: 2009-08-24 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Remote Deterministic Denial of Service Updated

[Full-disclosure] rPSA-2009-0124-1 curl

rPath Security Advisory: 2009-0124-1 Published: 2009-08-24 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Indirect Deterministic Weakness Updated Versions:

[Full-disclosure] Sexless schadenfreude: the potential extremist Michael Crook.

Some kid died. I want someone caring liberal to hug me, but no! You may remember me from such films as the EFF DMCA apology. I'm afraid he may take the next step and become a risk to himself or others. He spends his spare time proselytizing extremist and radical viewpoints on my blog in

Re: [Full-disclosure] Sexless schadenfreude: the potential extremist Michael Crook.

He's a friendless loser with no skills nor intelligence. There's probably twenty million of them on the internet; the only difference between this one and the others is that Michael hasn't discovered /b/ yet. 2009/8/25 Michael Crook michael.cr...@hushmail.com Some kid died. I want someone

Re: [Full-disclosure] Sexless schadenfreude: the potential extremist Michael Crook.

On Tue, 25 Aug 2009 10:07:07 -, Michael Crook said: ~ John Doe / n3td3v (http://www.twitter.com/n3td3v) P.S. This is an anonymous, Hint: Look up big words like anonymous in the dictionary, make sure you're using them correctly. It adds that extra luster of competence to your postings.

Re: [Full-disclosure] Sexless schadenfreude: the potential extremist Michael Crook.

I'm sure the man already has his big eye on Michael, especially since his last name is Crook, these are facts they wouldn't miss. On Tue, Aug 25, 2009 at 10:49 AM, valdis.kletni...@vt.edu wrote: On Tue, 25 Aug 2009 10:07:07 -, Michael Crook said: ~ John Doe / n3td3v

[Full-disclosure] [SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1833-2 secur...@debian.org http://www.debian.org/security/ Florian Weimer August 25, 2009

[Full-disclosure] iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability

iDefense Security Advisory 08.25.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 25, 2009 I. BACKGROUND Autonomy KeyView SDK is a commercial SDK that provides many file format parsing libraries. It supports a large number of different document formats, one of which is the Microsoft

[Full-disclosure] Oracle PL/SQL Injection Flaw in REPCAT_RPC.VALIDATE_REMOTE_RC

Hey all, The Oracle REPCAT_RPC.VALIDATE_REMOTE_RC function executes blocks of anonymous PL/SQL that can be influenced by an attacker to execute arbitrary PL/SQL. As this package is only accessible directly by SYS this flaw would not normally present a risk. However, the

[Full-disclosure] Oracle 11g (11.1.0.6) Password Policy and Compliance

Many security standards require the tracking of users' password history to prevent password re-use. In Oracle 11g (11.1.0.6), if a security administrator has enabled 11g passwords exclusively then tracking password history is broken. This can affect compliance. This was addressed by Oracle in

[Full-disclosure] Bypassing DBMS_ASSERT in certain situations

DBMS_ASSERT can be used to prevent PL/SQL injection. In certain cases it can be bypassed. This is documented in a paper I wrote in July 2008 but am only publishing now: http://www.databasesecurity.com/oracle/Bypassing-DBMS_ASSERT.pdf Cheers, David Litchfield NGSSoftware Ltd

[Full-disclosure] H4RDW4RE presentations updated

Greetings: The following presentations are now available online. Dr. Karsten Nohl, H4RDW4RE Chief Scientist, Hacking at Random 2009: (Three sessions) 1) Cracking A5 GSM Encryption 2) Breaking Hitag2 3) Deep Silicon Analysis All links available at http://www.h4rdw4re.com/news/news.htm Chris

[Full-disclosure] Flex website scanners

Any good flex website application scanners? Most of the free automated web application scanners like paros, nikto, etc do not look at flex/ flash web pages. We are looking at a website and need some basic automated scanning tool to cover the flex/ flash part Thanks

Re: [Full-disclosure] Flex website scanners

Check out SWFScan. It does what a scanner is supposed to do, which is find low-hanging vulnerabilities. The tool does a pretty good job at decompiling for the most part, but you still really need to do manual analysis on the code!! You should never rely on ANY scanner to do 100% of your

[Full-disclosure] WPA attack improved to 1min, MITM

The Beck/Tews WiFi WPA attack presented at PacSec has been improved (down to 1 min, MITM) by 2 .jp researchers (Ohigashi, Morii) http://bit.ly/clCpm Remember: avoid WPA/TKIP and force AES only encryption in WPA2 - don't let your access point automatically fall back automatically to the

[Full-disclosure] НА: WPA attack improved to 1min, MITM

- Исходное сообщение - От: Dragos Ruiu d...@kyx.net Отправлено: 26 августа 2009 г. 6:13 Кому: Full-Disclosure mailing list full-disclosure@lists.grok.org.uk Тема: [Full-disclosure] WPA attack improved to 1min, MITM The Beck/Tews WiFi WPA attack presented at PacSec has been improved