On Sun, Dec 12, 2010 at 12:02 PM, Jeffrey Walton wrote:
> On Fri, Dec 10, 2010 at 11:52 PM, Charles Polisher wrote:
>> Adam Behnke wrote:
>>> Hi everyone, InfoSec Institute author Russ McRee has written up an overview
>>> on tools to ensure maximum readiness for incident response teams, including
Christian Sciberras wrote:
> Just to satisfy my curiosity, but, when was the last AV update performed?
> One could assume some anti-virus would be up-to-date even if the last update
> was performed a month or so ago.
> On the other hand, an anti-virus update usually is done sometimes even
> several
Hello Full-Disclosure!
I want to warn you about new security vulnerabilities in Cetera eCommerce.
It's engine for online shops.
-
Affected products:
-
Vulnerable are Cetera eCommerce 14.0 and previous versions.
--
Details:
--
XSS
On Fri, Dec 10, 2010 at 11:52 PM, Charles Polisher wrote:
> Adam Behnke wrote:
>> Hi everyone, InfoSec Institute author Russ McRee has written up an overview
>> on tools to ensure maximum readiness for incident response teams, including
>> drill tactics. PCI-DSS audits often require IR testing val
Just to satisfy my curiosity, but, when was the last AV update performed?
One could assume some anti-virus would be up-to-date even if the last update
was performed a month or so ago.
On the other hand, an anti-virus update usually is done sometimes even
several times er day (well, mine does).
Hav
Adam Behnke wrote:
> Hi everyone, InfoSec Institute author Russ McRee has written up an overview
> on tools to ensure maximum readiness for incident response teams, including
> drill tactics. PCI-DSS audits often require IR testing validation; drill
> quarterly and be ready next audit cycle.
>
> ht
"George Carlson" wrote:
> Your objections are mostly true in a normal sense.
And in abnormal sense?
> However, it is not true when Group Policy is taken into account.
Group Policies need an AD. Cached credentials are only used locally,
for domain accounts, when the computer can't connect to th
2010/12/12 Levente Peres :
> Could some of you please give me some of your thoughts about this? And,
> maybe, what other methods of file system encryption are out there which are
> more secure?
>
I read an article almost two years ago highlighting an interesting
attack vector to the full encryptio
> Vendor Notified: December 7, 2010
> Vendor Fixed: N/A
> Vendor Dismissed: December 9, 2010
"Law #6: A computer is only as secure as the administrator is trustworthy"
http://technet.microsoft.com/en-us/library/cc722487.aspx#EFAA
___
Full-Disclo
So you are saying that the use can perform action on the domain?
Things like create/delete user accounts. Your initial statement does
not say anything about taking action on any network resources. I find
it hard to believe that would be the case because user would not have
a valid kerberos ticket b
Godaddy´s Workspace 5.3 XSSExplanation:The _javascript_ for special caracter filtering provided in email13.secureserver.net can be use to create a XSS attack, if we edit the
content of an email and put this will be filtered
and scramble, making the XSS impossible, BUT, if we write we
will by
Exploit Title: FreeAmp 2.0.7 .m3u Buffer Overflow - Egghunter# Google Dork:
N/A# Date: 11/12/2010# Author: zota (Thanks to Andrew;
andras.ka...@cert-hungary.hu)# Software Link:
http://letoltes.szoftverbazis.hu/bfc5ec1d5e80cee5b5d3f78459113ed93c51f649/4d03800a/freeamp-v2-0-7-JI2/freeampsetup_2_
Anyone sandbox'd this yet?
On 11 Dec 2010 10:34, "HI-TECH ."
wrote:
New version drops into root.
The prior version was broken.
(see attachment)
signed,
Kingcope
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosu
stormrider, Jeffrey, Thor... and all others,
You gave me quite a bit of thinking, reading and reconsidering to do.
I'm going to have to redesign the whole issue from scratch - not that
it's a bad thing. Better investing some more time and effort now, than
sweat maybe later. Thank you so much fo
You should take care of a few things when encrypting hard
drives and feeling secure with it.
* Do's *
A) Use a token. That means: Generate a lng key. Encrypt that key and
put the encrypted key on a thumb-drive. Make sure you leave no trace
when doing that step. (Good way is to make that par
On Sun, Dec 12, 2010 at 2:14 AM, Thor (Hammer of God)
wrote:
>> > Hello to All,
>> >
>> > If anyone have serious hands-on experience with this, I would like to
>> > know some hard facts about this matter... I thought to ask you,
>> > because here're some of the top experts in this field, so I coul
Another thing : you have to make sure the swap is encrypted or there
will be chances that the passphrase is just sitting there in clear...
Le dimanche 12 décembre 2010 à 09:20 +0100, news a écrit :
> See : http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
>
> ASFAIK, dmcrypt is the solution us
See : http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
ASFAIK, dmcrypt is the solution used by all distros around and it
doesn't support TPM.
So cracking the disk "just" require the passphrase.
Though you have to make sure it is not using CBC by default on CentOS,
otherwise it would be possib
18 matches
Mail list logo