-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2010-0013
Synopsis: VMware ESX third party updates for Service Console
Issue date:2010-08-3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID: VMSA-2010-0013
Synopsis: VMware ESX third party updates for Service Console
Issue date:2010-08-3
On Tue, Aug 31, 2010 at 4:26 PM, coderman wrote:
> ... it would have been nice to
> collect stats from the get go. then he might have shown only a 99.72%
> success rate.
on this subject, transparent MITM tools like MAORYYY!!*
and friends often succumb to resource exhaustion attacks. i
On Aug 31, 2010, at 6:49 PM, paul.sz...@sydney.edu.au wrote:
> Dan Kaminsky wrote:
>
>> iexplore.exe has a security model. Explorer.exe doesn't ...
>
> Very dim view. So, there is no way for a Windows user to access his
> "desktop", e.g. any data on a CD or USB stick, in a safe way? Seems so
Dan Kaminsky wrote:
> iexplore.exe has a security model. Explorer.exe doesn't ...
Very dim view. So, there is no way for a Windows user to access his
"desktop", e.g. any data on a CD or USB stick, in a safe way? Seems so
wasteful for MS to try and plug autorun viruses, then...
Thankfully, you a
Are you seriously suggesting that just because errors in implementation happen
(such as malformed gifs leading to bugger overflows, etc), that it's OK to have
a totally broken security model that doesn't even *try* to get it right?
No I'm suggesting to fix those implementation errors not focus o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:167
http://www.mandriva.com/security/
_
On Wed, 01 Sep 2010 00:59:06 +0200, Christian Sciberras said:
> > (and yes, "interpreted data" like shell scripts and Java .class files and
> > Flash
> > are the sort of neither-fish-nor-fowl that give security models headaches,
> > so
> > don't bother flaming about that. ;)
> OK. Also add exploi
On Aug 31, 2010, at 4:11 PM, paul.sz...@sydney.edu.au wrote:
> valdis.kletni...@vt.edu wrote:
>
>>> ... The victim is attempting to view a plain text file. Surely
>>> that can be done safely?
>>
>> Only if your OS's security model understands the fact that executable
>> code and data belong in
On Tue, Aug 31, 2010 at 4:14 PM, Dan Kaminsky wrote:
>...
> It's not that they can't. It's that they don't, and we have huge
> amounts of data confirming this. Have you never been to a Moxie
> Marlinspike talk? His success rates on SSL Stripping a tor node were
> 100%. 100%!!!
this was days into
On Aug 31, 2010, at 4:08 PM, paul.sz...@sydney.edu.au wrote:
> Dan Kaminsky wrote:
>
>>> I can differentiate my coolProposal.doc from msword.exe just fine..
>>
>> Uh huh. Here, let me go ahead and create 2010 Quarterly
>> Numbers.ppt.exe with a changed icon, and see what you notice.
>
> So yo
valdis.kletni...@vt.edu wrote:
>> ... The victim is attempting to view a plain text file. Surely
>> that can be done safely?
>
> Only if your OS's security model understands the fact that executable
> code and data belong in different security domains and thus different
> rules should apply about
Dan Kaminsky wrote:
>> I can differentiate my coolProposal.doc from msword.exe just fine..
>
> Uh huh. Here, let me go ahead and create 2010 Quarterly
> Numbers.ppt.exe with a changed icon, and see what you notice.
So you (Dan) can differentiate. Why couldn't other do the same?
Do you honestly
On Aug 31, 2010, at 2:20 PM, Charles Morris wrote:
> On Tue, Aug 31, 2010 at 5:15 PM, Dan Kaminsky wrote:
>
>>
>> Again, the clicker can't differentiate word (the document) from
>> word (the
>> executable). The clicker also can't differentiate word (the
>> document) from
>> word (the co
> (and yes, "interpreted data" like shell scripts and Java .class files and
> Flash
> are the sort of neither-fish-nor-fowl that give security models headaches, so
> don't bother flaming about that. ;)
OK. Also add exploits in non-executable data as well (such as a certain gif...).
What was your
>From a user perspective, why can't someone run Solitaire.exe off a
USB? (as a plain example)
Consider exploits, such as BOFs caused by bad file formats, how do you
know which is secure or not?
The main difference between a BOF and this issue is that it is a
software fault, whereas the hijack "issu
On Wed, 01 Sep 2010 08:34:47 +1000, paul.sz...@sydney.edu.au said:
> Christian Sciberras wrote:
>
> > Why do you say harmless? Because you know a text file can't do
> > anything at all.
>
> Exactly. The victim is attempting to view a plain text file. Surely
> that can be done safely?
Only if yo
Christian Sciberras wrote:
> Why do you say harmless? Because you know a text file can't do
> anything at all.
Exactly. The victim is attempting to view a plain text file. Surely
that can be done safely?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
Sch
See, that's where the whole industry is failing at.
There's only two kinds of files: trusted and untrusted.
Why do you say harmless? Because you know a text file can't do anything at all.
What if it was, for example an html page which when viewed would cause
a BHO to be installed, such as in a ve
Christian Sciberras wrote:
> ... the user has opened the "bad" file ...
The victim "views" a "data" file, does not (directly) run an executable.
The data file could be as harmless as a Word document or a plain-text
file.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.
Adding to Charles' this dll hijacking is even less than a non-issue
considering that the user has opened the "bad" file in the first
place.
I don't see it a matter of changing the cwd, but rather the user
shouldn't be running stuff which he doesn't know about.
It's the same analogy Charles mention
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2101-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2010
On Aug 31, 2010, at 2:01 PM, Charles Morris wrote:
>>
>>> ... Don't run applications from untrusted locations ...
>>
>> You got it wrong. Only trusted applications are run. - The attacker
>> prepares a WORD.DOC (and a RICHED20.DLL) file in some place. The
>> victim clicks on the WORD.DOC file
On Tue, Aug 31, 2010 at 5:15 PM, Dan Kaminsky wrote:
>
> Again, the clicker can't differentiate word (the document) from word (the
> executable). The clicker also can't differentiate word (the document) from
> word (the code equivalent script).
>
> The security model people keep presuming exists
On Tue, 31 Aug 2010 11:12:42 EDT, Charles Morris said:
> Do you run random executables from flashdrives you find on the floor?
> Even if it has a solitaire icon? No.
No, they have to be found out in the parking lot. :)
pgp8tILkp5yVe.pgp
Description: PGP signature
__
>
>> ... Don't run applications from untrusted locations ...
>
> You got it wrong. Only trusted applications are run. - The attacker
> prepares a WORD.DOC (and a RICHED20.DLL) file in some place. The
> victim clicks on the WORD.DOC file, using his own installed MSWord.
>
Aaah, well if that is the
Charles Morris wrote:
> ... Don't run applications from untrusted locations ...
You got it wrong. Only trusted applications are run. - The attacker
prepares a WORD.DOC (and a RICHED20.DLL) file in some place. The
victim clicks on the WORD.DOC file, using his own installed MSWord.
Cheers, Paul
1. OVERVIEW
The KeePass application is vulnerable to Insecure DLL Hijacking
Vulnerability. Similar terms that describe this vulnerability
have been come up with Remote Binary Planting, and Insecure DLL
Loading/Injection/Hijacking/Preloading.
2. PRODUCT DESCRIPTION
KeePass Password Safe is a fre
ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-168
August 31, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Apple
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Cust
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:166
http://www.mandriva.com/security/
_
You've written exactly what I was thinkingexcept considering the
big brains discussing this, I didn't deem the email worth a nickel.
But now I thought, well, why not express this concern?
Considering the "DOS via popups" (or "DOS in IE6") which we've been
having increasingly as of late, I real
On Fri, Aug 27, 2010 at 11:27 AM, matt wrote:
> Dan,
> While I agree with most of what you're saying, I do find this to be a pretty
> serious issue, and here's why.
> 1) The file doesn't have to be fake. It could be a legitimately real ppt,
> vcf, eml, html, whatever. The program(s) load the rog
"Elazar Broad" writes:
>
> Can't you? The world is full of unpatched systems. You can even find
> systems where patches are not installed because it is running a
> piece of
> mission critical software and they would lose support if they
> installed
> any patches (I am not making this up).
>
>
>
There are several security issues within the popular NING platform that
can be combined to silently take control of user accounts, write self
replicating malicious applications (malware), and more.
Attempts to contact NING in order to resolve these issues were unsuccessful.
Additional Details:
===
Ubuntu Security Notice USN-981-1August 31, 2010
libwww-perl vulnerability
CVE-2010-2253
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubunt
===
Ubuntu Security Notice USN-980-1August 31, 2010
bogofilter vulnerability
CVE-2010-2494
===
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu
Netbook laptop with Mickey Mouse theme.
No one suspects a 30 year-old typing on such a Netbook!
On Mon, Aug 30, 2010 at 9:11 PM, Richard Miles
wrote:
> I'm interested in build a list of cool and useful gadgets for hacking.
> On my list I have
>
> KeyGhost - http://www.keyghost.com/
> Programma
Hi,
i'm not really a crypto guy and I'm having problems explaining something;
basically my understanding of RSA PKI is that the padding bytes are added
because RSA is a deterministic algorithm and that without the padding an
attacker with knowledge of the plaintext and access to the resultant c
I'm interested in build a list of cool and useful gadgets for hacking.
On my list I have
KeyGhost - http://www.keyghost.com/
Programmable USB Keystroke Dongle -
http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
Micro Spy Wireless Camera ( http://www.homespy.com/came
It would be funny to see advertisers send targeted SMS ads using this. I bet
that the advertisers of web sites that participate in iframe ads would also get
this information, assuming the Phone would load up iframe ads.
I think the provider should fix this, because if someone developed an explo
40 matches
Mail list logo