Re: [Full-disclosure] Expired certificate

On Jul 22, 2010, at 10:12 PM, Marsh Ray wrote: > On 07/22/2010 10:40 PM, Dan Kaminsky wrote: > >> There are fundamental sources of these failures that are not just >> "people are stupid". Remember the tales of failed +$100M PKI >> deployments around the turn of the millenium? > > I can imagine

Re: [Full-disclosure] Open Letter to Uncle Sam

So the US hacking scene is culled of those who get caught and the Chinese hacking scene populates the forces with those who get caught. So we have one nation with no skill for cyber defense and another populated by those stupid enough to get caught. The next few years should be entertaining...  

Re: [Full-disclosure] [Software Freedom Law Center paper] Killed by Code: Software Transparency in Implantable Medical Devices

--On Friday, July 23, 2010 10:37:03 -0400 Shawn Merdinger wrote: > fyi, an interesting read imho. > > > > The FDA has issued 23 recalls of defective devices during the > first half of 2010, all of which are categorized as “Class I,” meaning > there is “reasonable probability that use of the

Re: [Full-disclosure] Expired certificate

I agree, that would be a very expensive approach. But if you're in a situation where you have 500 servers with expiration dates staggered every 2 days, you need a better program manager. A much more likely scenario is that you have certs on all of your servers supporting Application A expire i

Re: [Full-disclosure] Open Letter to Uncle Sam

Well written. I should also add that even authoritarian countries treat their hackers better than the US. In China, for example, if a kid is caught hacking, he's given an offer of recruitment by the PLA. In the US, that same kid would be hauled off to jail. Now which country do you think is goi

[Full-disclosure] Open Letter to Uncle Sam

Dear Uncle Sam: Apparently the United States is having some issues with its “cyber command”effort. This is my way of helping you out and contributing to your so-called “home front”. I believe the following dissertation generally refle

Re: [Full-disclosure] [Software Freedom Law Center paper] Killed by Code: Software Transparency in Implantable Medical Devices

"Mr. X died of a defective open-source FOSS-approved pacemaker..." On Fri, Jul 23, 2010 at 4:37 PM, Shawn Merdinger wrote: > fyi, an interesting read imho. > > > > The FDA has issued 23 recalls of defective devices during the > first half of 2010, all of which are categorized as “Class I

[Full-disclosure] [Software Freedom Law Center paper] Killed by Code: Software Transparency in Implantable Medical Devices

fyi, an interesting read imho. The FDA has issued 23 recalls of defective devices during the first half of 2010, all of which are categorized as “Class I,” meaning there is “reasonable probability that use of these products will cause serious adverse health consequences or death.” At least s

[Full-disclosure] Advanced AIX 5l FTPd Exploit V2.0

Hello List, sry ppl - it needed some fixes and the exploit is now much more stable. (see attachment) Best Regards, Kingcope aix.c Description: Binary data ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-char

[Full-disclosure] [ MDVSA-2010:138 ] iputils

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:138 http://www.mandriva.com/security/

[Full-disclosure] [USN-930-4] Firefox and Xulrunner vulnerabilities

=== Ubuntu Security Notice USN-930-4 July 23, 2010 firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities CVE-2008-5913, CVE-2010-0654, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, C

[Full-disclosure] [USN-927-8] Thunderbird update

=== Ubuntu Security Notice USN-927-8 July 23, 2010 thunderbird update https://launchpad.net/bugs/559918 === A security issue affects the following Ubuntu releases: Ubuntu 9

[Full-disclosure] [USN-927-6] NSS vulnerability

=== Ubuntu Security Notice USN-927-6 July 23, 2010 nss vulnerability CVE-2009-3555 === A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory al

[Full-disclosure] [USN-957-1] Firefox and Xulrunner vulnerabilities

=== Ubuntu Security Notice USN-957-1 July 23, 2010 firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2

[Full-disclosure] [USN-927-7] nspr update

=== Ubuntu Security Notice USN-927-7 July 23, 2010 nspr update https://launchpad.net/bugs/599920 === A security issue affects the following Ubuntu releases: Ubuntu 9.04 Th

[Full-disclosure] Pwn1n6 r4nd0m n00bs s1nc3 0x7CF (Balkans Report)

Teh notorious wannabes #lamez, #deadagain, #piratesky gettin' pwnt again and again.. (Partial Disclosure) Pirate-Sky Crew - Most active users - SlaSerX, Vegeta, RedCross, d1z1n370, pLa$71k, TheZero, 3n1gm@, DenialOfService, Blo0d Primary domain - pirate-sky.com (forum database available at