Hi all and sorry for cross post,
after several months since I contacted Oracle informing them about ten
issues on Java applet security, they finally released an Java 6 update
22 which fixes several security issues
In particular the issues are the following, sorted by impact:
* Information
Hello all,
We don't send emails to communicate sponsorships as we undertsand is
quite disturbing and we all receive a lot of email.
But this is a special situation as I want to transmit a big THANK YOU to
the Hex Rays team, and specially to Ilfak Guilfanov, as he has been
absolutely kind with
Hey,
Michal thanks for the reply to defend credits :).
I had some moderation issues when I tried to send some word about this.
Just for sake of clarification:
I sent the advisory to Oracle on 20th April 2010. Oracle acknowledged
the issue on june.
If Roberto sent the advisory to Oracle then
In the patch for CVE-2008-5343 (GIFAR) Sun tightened their file parsing
rules for remote JAR files, making it harder to smuggle JAR files onto the
end of other filetypes. This makes it more difficult to create a GIF+JAR
hybrid file. AFAIK, local JAR files were considered out of scope and will
Hi Roberto,
nice to see you always alive and kicking!
It seems we found the same stuff :) my bad I haven't yet published it.
Soon also my advisory with some collateral effect^N^N^N^N^N^Nthoughts.
Cheers
Stefano
Il giorno mer, 20/10/2010 alle 00.20 +1300, Roberto Suggi Liverani ha
scritto:
(
Hey all,
I think it's Oracle bad.
I reported to Oracle this issue back on april 20th and probably Oracle
when Roberto reported the same stuff on August just said Thank you and
nothing more to Roberto.
Also Oracle seems to do mass credit so everyone can think that anyone
found anything among the
the keys to the interwebz!
CC: roberto.su...@security-assessment.com; full-disclosure@lists.grok.org.uk;
bugt...@securityfocus.com
From: d...@doxpara.com
Subject: Re: [Full-disclosure] Security-Assessment.com Advisory: Oracle JRE -
java.net.URLConnection class - Same-of-Origin (SOP)
Vendor: Microsoft
Product: Windows Mobile
Vulnerability: Double Free
Tested vulnerable versions: Windows Mobile 6.1 and 6.5
Tested on : HTC Touch (WM 6.1), HTC Touch2 (WM 6.5)
CREDITS: Celil Ünüver from SecurityArchitect.Org
CONTACT: celilunuver[n0sp4m]gmail.com
Vulnerability Details and
paranoid Uhm, why the redirection through Facebook? /paranoid
2010/10/21 Román Ramírez pat...@0z0ne.com
Hello all,
We don't send emails to communicate sponsorships as we undertsand is
quite disturbing and we all receive a lot of email.
But this is a special situation as I want to transmit
SEC Consult Security Advisory 20101021-0
===
title: Multiple critical vulnerabilities
product: Sawmill - Universal Log File Analysis
vulnerable version: Sawmill Enterprise v8.1.7.3
fixed version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:208
http://www.mandriva.com/security/
Sorry to all of those who think this is gossiping, but:
Wikileaks has been down for ca. 2 weeks now during which time the US has
at least cut off their financial channels.
This during a period where WL has announced another major leak release
this time re. Iraq.
What is also extremely
This will be my first and last post on this topic (again).
I've just finished watching some videos about what wikileaks have been
doing.
It appears that they released a bunch of documents that revealed information
such as GPS co-ords + details of those who co-op'd with soldiers. He also
posted
Hi Cal,
I can appreciate his previous efforts, but what he has done here is put many
lifes at risk, both civilians and soldiers.
Agreed.
Just to play devils advocate:
Would Barrack Obama also be culpable? His campaign platform included a
withdrawl from Iraq (Afghanistan was a different story).
Hey Cal - hope all is well...
Along those lines, I think it is also interesting to take into account how much
similar information is being distributed by military personnel themselves on
social sites like Facebook. Thomas Ryan did an interesting Blackhat
presentation on Robin Sage where a
Am 21.10.2010 18:54, schrieb T Biehn:
An entity that has the resources that would provoke such a hollywood
esque tweet wouldn't have the ability to gag the twitter account
before this release?
would it, would it want to, has it missed it..who knows?
Wouldn't that mean the tweet is a load
I believe that most of the times it is not what you defend but how you
defend it.
I believe in Government transparency but the way WL is going about it
it's not right, in my honest opinion.
So this is good news in my opinion...
-r
___
Full-Disclosure -
I have seen nothing released that reveals sensitive information such as GPS
co-ords + details of those who co-op'd with soldiers.
This is a rumor. If you have proof that this is not a rumor, please post it.
On Thu, Oct 21, 2010 at 11:51 AM, Cal Leeming [Simplicity Media Ltd]
According to the secretary of defense, it's definitely a rumor:
A letter from Secretary of Defense Robert M. Gates to
Comittee of Armed Services Chairman Carl Levin dated August 16 but
recently made available to the public says, The initial assessment in
no way discounts the risk to national
I apologise for this, I had heard this in, what I had believed to be, a
credible news report.
On Thu, Oct 21, 2010 at 8:58 PM, Camden Buzard camde...@aptalaska.netwrote:
According to the secretary of defense, it's definitely a rumor:
A letter from Secretary of Defense Robert M. Gates to
Agreed. I am all for the transparency, but WL is possibly putting our troops
at risk by releasing military strategy. I wouldn't expect JA to think that
there is any inclination of strategy in the documents they published, but
there is a lot of strategy and a LOT of information that is now visible
I am in the military, currently in Iraq, and these Wikileaks posts
have hurt us more than people realize. It does two things, first, it
demonstrates our tactics and procedures which allow insurgents to
conduct more effective attacks against us, and second, the information
it provides to insurgents
On Thu, Oct 21, 2010 at 11:32 AM, Charles Timko
charles.ti...@hotmail.com wrote:
Agreed. I am all for the transparency, but WL is possibly putting our troops
at risk by releasing military strategy. I wouldn't expect JA to think that
From:
===
Ubuntu Security Notice USN-1008-1 October 21, 2010
libvirt vulnerabilities
CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242
===
A security issue affects the
===
Ubuntu Security Notice USN-1008-2 October 21, 2010
virtinst update
https://launchpad.net/bugs/655392
===
A security issue affects the following Ubuntu releases:
Ubuntu
Hi,
Internet Explorer has a cross-origin leak through the window.onerror
callback.
At first glance, it's a minor leak but if you look around you can find a
significant impact on some subset of websites.
I wrote up more thorough details on how the attack works here:
Hello list.
I’m making a virtual network which has 10G traffic for testing 10G IDS
performance.
I use a Breaking point device. http://www.breakingpointsystems.com/cyber-
tomography-products/
Are there any tips or document about making 10G virtual network?
And what point is important?
How
27 matches
Mail list logo