I've made some major revisions to TGP over that last couple of weeks, and am
releasing v1.1.13.3:
http://www.hammerofgod.com/tgp.html
It's on the main site now and I've moved all the pilot stuff over to the HoG
production site.
Notably, there is support for key creation to 16384 bits, which
Security Advisory
IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
Advisory Information
Published (dd/mm/yy):
23/06/2010
Updated (dd/mm/yy):
23/06/2010
Manufacturer: Linksys
Model: WAP54G
Hardware version: v3.x
Firmware version: ver.3.05.03 (Europe)
On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro faus...@gmail.comwrote:
I also don't want to change my ssh port, nor restrict incoming IPs, ... and
I use keys only to log in without entering password.
So you're not alone.
I had my IP changed several times, my servers are only hosting
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ ___ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( _ \ Y Y \
/__ /\___|__ / \_ __/|__|_| /
\/ \/.-.\/ \/:wq
Advisory Name: Local Privilege Escalation in InterScan Web Security Virtual
Apliance 5.0
Internal Cybsec Advisory Id: 2010-0604
Vulnerability Class: Local Privilege Escalation
Release Date: 22-06-2010
Affected Applications: InterScan Web Security Virtual Aplliance 5.0. Other
Advisory Name: Arbitrary File Upload in InterScan Web Security Virtual
Appliance 5.0.
Internal Cybsec Advisory Id: 2010-0605
Vulnerability Class: Arbitrary File Upload
Release Date: 22-06-2010
Affected Applications: Confirmed in InterScan Web Security Virtual Appliance
5.0. Other
Advisory Name: Arbitrary File Download in InterScan Web Security Virtual
Appliance 5.0
Internal Cybsec Advisory Id: 2010-0606
Vulnerability Class: Arbitrary File Download
Release Date: To be confirmed
Affected Applications: Confirmed in InterScan Web Security Virtual Appliance
This looks great, but I have a question about your how long would it take
to crack *this* password analysis on your web site. In your example, you
choose aaNotGood, a 13 character mixed case password, and said it could
be cracked in 44 days. But to crack a 13 digit mixed case password
Hey man - hope all is well.
FYI- I tried your example file and by default nothing worked on Windows 7. The
loading and embedded file says this file is blocked, The file spawn
requires a script prompt with a automation error after that, the windows
control panel didn't launch at all, and the
Took me a second to know what you were saying - I was already replying that I
*did* go through the required space. But I think you are right - in the
algorithm I'm using, I stop at the character in each column since I know what
it is. If I read you correctly, your saying that it would only
Cor ,
Sometimes you need anarchy to spread awareness! Which is primary
priority... Rest are secondary issues.
What next? Government should keep an updated statistic of antivrus
software that can survive the wild (well most of the time) and those
softwares that fail to do so at largest occasions.
On 6/23/10 4:22 AM, yersinia wrote:
On Thu, Jun 17, 2010 at 4:21 PM, Samuel Martín Moro faus...@gmail.comwrote:
I also don't want to change my ssh port, nor restrict incoming IPs, ... and
I use keys only to log in without entering password.
So you're not alone.
I had my IP changed several
In this attack, there's no need to throttle, the attacking computers hit
it once every 15 seconds or so from many different sources. My denyhosts
is not blocking 99.999% of the attempts.
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35
On 6/23/10 12:38 PM, Gary Baribault wrote:
In this attack, there's no need to throttle, the attacking computers hit
it once every 15 seconds or so from many different sources. My denyhosts
is not blocking 99.999% of the attempts.
Gary Baribault
Courriel: g...@baribault.net
GPG Key:
Am 22.06.2010 17:16, schrieb Paul Schmehl:
Yes, you should use antivirus software if you're running windows
Nope. For regular users clicking every link and using firefox and office
and nothing else, maybe. But for somewhat experienced people with a
large toolset on the machine: NO! Approximately
FYI, after taking it offline, there was confusion about what was being done and
when. The below comments are not an issue as I understand it.
If anyone would like to offer opinions after reading the markup, they are
welcome.
t
From: full-disclosure-boun...@lists.grok.org.uk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:123
http://www.mandriva.com/security/
ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-113
June 23, 2010
-- CVE ID:
CVE-2010-1199
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Firefox 3.6.x
-- TippingPoint(TM) IPS Customer Protection:
P.P.S. - There actually was a code bug where I didn't update the base when A-Z
+ was being used. The algorithm works and is unaffected though the results for
this password were not accurate with A-Z. This has been fixed and noted on
the site. Thanks John.
t
From:
Glad to hear it - my preface settings aren't working right so pardon the top
post.
I'm glad you replied with that info - that's good info... I can leverage the
same thing in RDP sessions then (or it seems like). I didn't get the full
implications from the post as you noted.
RE the MSFT bit,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Novell iManager Multiple Vulnerabilities
1. *Advisory Information*
Title: Novell iManager Multiple Vulnerabilities
Advisory Id:
I guess that explains the sheep.
From: Meadow
Sent: Wednesday, June 23, 2010 1:39 PM
To: Thor (Hammer of God)
Cc: Paul Craig; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Microsoft Help Files (.CHM): 'Locked File'
Feature Bypass
Thor - Zealand is where your wife was born.
Redspin Security Notice -- RSN-2010-01
Multiple vulnerabilities in OpenEMR Electronic Medical Record Software
Overview
Quote from http://www.oemr.org/
OpenEMR is a free medical practice management, electronic medical records,
prescription writing, and medical billing application.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:124
http://www.mandriva.com/security/
On Wed, 23 Jun 2010 20:12:24 +
Thor (Hammer of God) t...@hammerofgod.com wrote:
I know better than to bring up the Australia vs New Zealand
bit. Speaking of which, was there an Old Zealand? ;)
Yes, it's a province in Holland.
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
This site http://packetstormsecurity.org/
is up and running now.
Juha-Matti
Frank Stefan Sundberg Solli [frankste...@gmail.com] kirjoitti:
The site is down due to ddos amongst others, OTW, milw0rm, THC and HITB,
check out the mirror list of packetstorm, packetstorm is mirrored in
almost
26 matches
Mail list logo