hi, all.
i was wondering if you guys know of any password recovery software (free or
otherwise) for recovering password-ed documents created from iWork 09 (Pages,
Numbers, Keynote).
been scouring the search engines a mile deep with no luck. posted the same
query in Apple's discussion forum, t
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I respectfully defend our statement as very realistic. The .Net exploit
provided in the advisory is all that is required to work; no code-behind is
required because the vulnerability related to "innerhtml" lies in the .Net
code.
The specific flaw is actually in
System.Web.UI.HTMLControls.Html
On Fri, 12 Feb 2010 16:54:48 +0100, Christian Sciberras said:
> And who do you know what the bugs are? Risk modeling cannot solve this
> kind of issue. Vulnerabilities aren't intentional.
> It isn't intentional that I could piggyback a particular process and
> get kernel access. Since vulnerabilit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:036
http://www.mandriva.com/security/
I think she wants to unsubscribe and doesnt understand why shes getting so
much email from you.
Rosa, if youre trying to unsubscribe from this mailing list, go to
https://lists.grok.org.uk/mailman/listinfo/full-disclosure, enter your email
address at the bottom and click on the button that s
OK, coconuts and flames aside, a serious question then... You know, in case
I'm really missing something here...
Let's move past the "probability of system compromise" in the sense of any one
system and look to what I think you are really getting at, which is "of all the
systems we have, some
"Another Thing, your emails are arriving very followed to my buzon... Because?"
I don't mean to be rude, but I just don't think this is going to work. If the
most my translation engine gives me is something about coconuts, a "ladron"
being put in my house, and emails following your buzon (what
On Fri, 12 Feb 2010 13:09:55 +0100, Christian Sciberras said:
> There's a time for finding fancy interesting numbers and a time to get
> the system going with the least flaws possible.
You don't want "the least flaws possible". We can get very close to zero
flaws per thousand lines of code - but
Probably the same thing that original poster thought it had to do with a
security mailing list, and the same thing that your reply to his reply has ;)
The real question isn't "why is this on a mailing list" but "who cares if he's
gay or not in the first place." Now if you pardon me, I need to g
She said that we should create "something" unbreakable.
Rosa, si no quieres recibir correos te puedes desusucribir, en la liga
que dice hasta abajo. Aunque sospecho que ya te gusto estarlos leyendo jeje.
Saludos.
On 12/02/10 11:43, Thor (Hammer of God) wrote:
"Throw a coconut"? Craig, did
On Fri, Feb 12, 2010 at 7:08 AM, Cody Robertson wrote:
> Doesn't work for me
It has been verified against multiple GMail users. You can try the
direct link as well, but the issue is more effective within the "Buzz"
interface. It doesn't look like you tested from a gmail account
either (hawkhost
> Well, yeah. I suppose it's *possible* that your system's weak password
> system will allow a hacker to get in, and from your system hack into
> the LHC and control it to spawn a black hole that eats the Earth. And
> even that is still a finite, not "infinitum".
I'll site the 2009 Verizon Busine
"Throw a coconut"? Craig, did you throw a coconut at me? Or did Val throw a
coconut at me? I feel a Monty Python joke coming on.
Rosa, I don't speak Spanish, so I don't know what that really means.
t
From: Rosa Maria Gonzalez Pereira [mailto:analui...@hotmail.com]
Sent: Friday, February 12,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/12/10 3:37 AM, Kristian Erik Hermansen wrote:
> Greetings,
>
> Google Buzz is an incredibly useful new social networking service.
> However, it is also quite vulnerable to persistent CSRF attacks when
> data is pulled from external data feeds. F
Saben, en verdad no se mucho de computacion, redes, prgramas y que se yo, pero
por lo poco que he visto
para una persona que le heche "coco" a esto pienso que si puede, despues de
estudiarlo muy bien, meterse
en lo que quiera, deberian de inventar algo o crear un sistema donde el
"ladron" no
-"The problem is that you can't *guarantee* correct function. You *know* the
damn thing will escape with bugs, no matter how hard you try. The question
is how damaging the bugs are, and how much you want to spend preventing
the bugs *through the entire life cycle - design, development, and deploye
On Fri, 12 Feb 2010 14:37:25 +0100, Christian Sciberras said:
> Let's presume 100k was spent on risk modeling, which actually is way
> less then the norm, where was the gain again?
Citation for "less than the norm", please? I've participated in lots of risk
modeling sessions that cost *way* less
UUyyy no que feo... ¿por que hablan usando palabras "secretas"?
Date: Fri, 12 Feb 2010 09:51:35 +0100
From: a...@experian.dk
To: this1...@gmail.com; sahald...@ymail.com
CC: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Ron Livingston likes to touch little boys
y
Porque hablan tanto de vulnerabilidad y no entiendo como es que su informacion
llega tan fácil a mi buzon de correo
___
> From: paul.cr...@security-assessment.com
> To: full-disclosure@lists.grok.org.uk
> Date: Fri, 12 Feb 2010 13:25:51 +1300
> Subj
Let's presume 100k was spent on risk modeling, which actually is way
less then the norm, where was the gain again?
Why exactly does the flaws have to be fixed economically instead of
designing the system correctly in the first place?
And on this same argument, why spend a huge amount of time (money
Hello,
> safe_mode and open_basedir usually use small providers. Of course, this
> is idiotic use safe_mode and open_basedir when we can bypass it via
> symlinks.
>
The Hardened-PHP project already explained in 2006 that open_basedir and
symlink do not mix. It is a not fixable design problem. So
Dr. Craig,
Again, why aim at getting probabilistic results when a system is known
to be flawed? Might as well use the budget on fix such a system, no?
There's a time for finding fancy interesting numbers and a time to get
the system going with the least flaws possible.
Why should any entity bother
Christian Sciberras wrote:
> What exactly are the implications of this?
> Surely no one [website] accepts paths.
>
safe_mode and open_basedir usually use small providers. Of course, this
is idiotic use safe_mode and open_basedir when we can bypass it via
symlinks.
--
Best Regards,
-
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> ) Y Y \
/__ /\___|__ / \___ >/|__|_| /
\/ \/.-.\/ \/:wq
Hi Jenna,
So please tell me - what has this to do with a security mailing list? Could you
please discuss this absolutely off-topic subject on your own and in private
emails?
Thank you for your cooperation.
Yours sincerely,
Martin
Von: full-disclosure-boun...@lists.grok.org.uk
The key part of the advisory for me wasn't VIEWSTATE as much as it was the
controls, but this statement you made seemed pretty outrageous (with regard to
ASP.NET):
'These vulnerabilities show that unsigned client-side viewstates will ALWAYS
result in a vulnerability in the affected products.
The key part of the advisory for me wasn't VIEWSTATE as much as it was the
controls, but this statement you made seemed pretty (with regard to ASP.NET):
'These vulnerabilities show that unsigned client-side viewstates will ALWAYS
result in a vulnerability in the affected products.'
I would d
{ Ariko-Security - Advisory #1/2/2010 } =
SQL injection vulnerability in apemCMS
Vendor's Description of Software:
# http://apem.com.pl/?sc=oferta
Dork:
#Powered by apemCMS
Application Info:
# Name: apemCMS
# Versions: ALL
Vulnerability Info:
# Type: SQL inject
The simple answer to these posts is that I am passionate about this topic.
This has allowed me to be drawn into a flame war with Tim, something he is
far better at.
Risk and economics matter to security. Like it or not, money is a limited
resource and spending it on the most effective measures th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1994-1 secur...@debian.org
http://www.debian.org/security/ Raphael Geissert
February 11, 2010
This is a good follow up
http://www.youtube.com/watch?v=8lMbk4DeN7E
On 12/02/2010 08:51, Anders Klixbull wrote:
> you'd like to gobble that sausage wouldn't you
>
>
>
>
> *From:* full-disclosure-boun...@lists.grok.org.u
you'd like to gobble that sausage wouldn't you
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of jenna
Sent: 12. februar 2010 00:11
To: Sam Haldorf
Cc: full-disclosure@lists.grok.org.uk
Subject: Re
Greetings,
Google Buzz is an incredibly useful new social networking service.
However, it is also quite vulnerable to persistent CSRF attacks when
data is pulled from external data feeds. For instance, I encourage
you to follow me me on Google Buzz by utilizing my profile below and
clicking "FOLL
34 matches
Mail list logo
