Tell them your mom says that they have to stop it.
--
ciao
JT
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hi,
For the past few years I have been having my friends turned into informants
against me by an unknown investigator/group of investigators.
Being able to identify their handler and agency would make life simpler.
They've been being heavy handed, stealthy, lost friends have been threatene
For all the testers
Netstumbler, Wifi-Where and the like are now gone. I'm not sure if the
"no private API calls" rule was applied equally on all Apple Store
applications, or just those from certain class(es).
http://www.netstumbler.org/f18/apple-pulls-all-wifi-scanning-apps-app-store-23568/
I've tested loading a library from an application that requires admin
privileges from a normal user and it will prompt for UAC if needed or fail. I
understand where the jacking takes place, but you are making it seem like you
can bypass user permissions when you can't. At least that's what I g
Also, just to further clarify, the 'completely anonymous share' means all
connecting users get treated as anonymous and given rights to connect to
the same rights to the share.
As Windows Vista/7 connect out using their own credentials to connect to
the share, this is a must unless you are on
The language file installer can be completely legitimate. The actual
exploit is the process running the library from the remote location. This
will execute the library/code in the context of the running application
under the current user and will not present a warning dialog box depending
o
Hi Thor,
Thanks to Microsoft's "defense in depth," double-clicking an .exe from a remote
share
pops up a security warning. In contrast, double-clicking a data file that opens
a
vulnerable application (which downloads and executes a .dll from the same share)
doesn't trigger such security warning
If you are considering this "Remote Code Execution" then why not just have the
victim run an .exe from the "complete anonymous share" you've managed to get
people connected to and save all the trouble? This would still run as the
user context, and if the hijacked DLL tried to do something a no
/*
Exploit: Windows Vista/7 lpksetup.exe (oci.dll) DLL Hijacking
Vulnerability
Extension: .mlc
Author: Tyler Borland (tborla...@gmail.com)
Date: 10/20/2010
Tested on: Windows 7 Ultimate (Windows Vista Ultimate/Enterpries and
Windows 7 Enterprise should be vulnerable as well)
===
Ubuntu Security Notice USN-959-2 October 25, 2010
pam vulnerability
CVE-2010-0832
===
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory a
-Original Message-
From: Duboucher Thomas
Sent: Monday, October 25, 2010 07:02 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] African ISP SekuritY
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 25/10/2010 10:00, Louis McCarty a écrit :
> Hej!
>
> Another day
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 25/10/2010 10:00, Louis McCarty a écrit :
> Hej!
>
> Another day another pwn. You can see how they run things on negrolands.
I stopped reading there.
- --
Thomas.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wow. What an effective way to victimize several hundred innocent users to
stroke your own ego.
We should all do this... publish password lists every time we come across
another XSS bug.
Please, go google "Responsible Disclosure"...
On 10-10-25 4
13 matches
Mail list logo
