The Insect Pro 2.1 new version is now accessible on Insecurity Research
servers!
Get it now to enjoy the positive changes that this update brings, based
directly on user feedback
Insect Pro is a penetration security auditing and testing software
solution designed to allow organizations
On Tue, Mar 08, 2011 at 12:36:01PM +1100, dave b wrote:
Hi all. It seems that mutt fails to check the validity of a SMTP
servers certificate during a TLS connection. In my mutt configuration
I have
set ssl_starttls = yes
set ssl_force_tls = yes
However, after performing the steps below I
HITB Magazine is currently seeking submissions for our next issue. If you have
something interesting to write, please drop us an email at:
editor...@hackinthebox.org
TOPICS
Topics of interest include, but are not limited to the following:
* New Attack and Defense Techniques
* Reverse Code
On 8 March 2011 19:00, Joachim Schipper joac...@joachimschipper.nl wrote:
On Tue, Mar 08, 2011 at 12:36:01PM +1100, dave b wrote:
Hi all. It seems that mutt fails to check the validity of a SMTP
servers certificate during a TLS connection. In my mutt configuration
I have
set ssl_starttls =
Actually it doesn't seem like switching the configuration 'fixes' the issue.
If I have
set smtp_url = smtps://tes...@lola.com
set ssl_starttls = yes
set ssl_force_tls = yes
It _still_ connects to the 'incorrect server' fine(I expect it to
connect to lola.com and it connects to gmail's smtp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:043
http://www.mandriva.com/security/
If I have
set smtp_url = smtps://tes...@lola.com:587
set ssl_starttls = yes
set ssl_force_tls = yes
mutt is unable to connect.
In this case, shouldn't you disable ssl_starttls ?
tim
___
Full-Disclosure - We believe in it.
Charter:
__
-- NSOADV-2011-003 ---
Majordomo2 'help' Command Directory Traversal (Patch Bypass)
__
Real free version (no donation needed) here:
http://insectpro.highprofilesite.com/
Quentin
2011/3/7 Juan Sacco jsa...@insecurityresearch.com:
The Insect Pro 2.1 new version is now accessible on Insecurity Research
servers!
Get it now to enjoy the positive changes that this update brings,
msf rip imo
On 7 March 2011 17:07, Juan Sacco jsa...@insecurityresearch.com wrote:
The Insect Pro 2.1 new version is now accessible on Insecurity Research
servers!
Get it now to enjoy the positive changes that this update brings, based
directly on user feedback
Insect Pro is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:044
http://www.mandriva.com/security/
===
Ubuntu Security Notice USN-1086-1March 08, 2011
linux-ec2 vulnerabilities
CVE-2010-4076, CVE-2010-4077, CVE-2010-4158, CVE-2010-4163,
CVE-2010-4175
===
A security issue
It seems to be a different version.
IMHO if I have to pay to download it then it's not really free. Insect
should follow the same donation policy as any open source project - download
should be free and donation should be optional. This is probably a non-issue
anyway but I feel the word free
Instead of telling me what configurations to use why don't you test
them out and tell me what happens?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
I agree, in order for it to qualify as 'free' it needs to be just that.
Forcing someone to make a 'donation' before you give them said free software is
SELLING that software. Saying it's free is not just misleading, it's a
blatantly *not* true.
Juan did however give me a download to test it
On 9 March 2011 11:13, Ryan Sears rdse...@mtu.edu wrote:
I agree, in order for it to qualify as 'free' it needs to be just that.
Forcing someone to make a 'donation' before you give them said free
software is SELLING that software. Saying it's free is not just misleading,
it's a blatantly
On Tue, Mar 8, 2011 at 8:06 PM, Pete Smith secli...@decapitate.us wrote:
On 9 March 2011 11:13, Ryan Sears rdse...@mtu.edu wrote:
I agree, in order for it to qualify as 'free' it needs to be just that.
Forcing someone to make a 'donation' before you give them said free
software is SELLING
Um. Sorry, but I didn't want to be sent 100 different configurations
to test when perhaps someone knows about a configuration which is
'correct'.
So my test case as you pointed out did contain an error.
Here are the test case(s) I think you wanted me to run.
1. a muttrc with just
set smtp_url =
I should add that mutt hanging on the
set smtp_url = smtps://tes...@lola.com:587
configuration is what I would expect to happen.
As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I
am not mistaken.
Please do point out if I have gotten this completely incorrect.
As port 587 is for port for TLS/STARTTLS and port 465 is for ssl if I
am not mistaken.
Please do point out if I have gotten this completely incorrect.
Nope, you're right, it looks like I got the two mixed up.
Good catch on the lack of certificate validation.
tim
20 matches
Mail list logo