I can see how it can be stored securely, but how would distribution
after recovery be accomplished?
In an envelope? Or by sending me a one-time random https-link where I
can retrieve it myself? Sounds like more trouble compared to what can be
gained from it. Wouldn't it be just as easy to send a
SEC Consult Vulnerability Lab Security Advisory 20110407-0
===
title: Libmodplug ReadS3M Stack Overflow
product: Libmodplug library
vulnerable version: 0.8.8.1
fixed version: 0.8.8.2
I guess so, in the sense that, they are both fucking retarded websites?
On Wed, Apr 6, 2011 at 12:36 PM, maksim.file...@fuib.com wrote:
Kinda plaintextoffenders.com?
wbr,
- Max
full-disclosure-boun...@lists.grok.org.uk wrote on 01.04.2011 02:17:24:
Inc leartext st...@incleartext.com
People should be using a different password for every external service
anyway, so technically this shouldn't even matter ;)
On Wed, Apr 6, 2011 at 5:42 PM, Thor (Hammer of God)
t...@hammerofgod.comwrote:
This isn’t necessarily true – without knowledge of how the data may be
encrypted and what
Tbh, I'd be unhappy about any company storing a password in anything other
than a hash of itself. But, like many things in life, we have absolutely no
control over it, so best to just use a new pass for every external service
:)
On Wed, Apr 6, 2011 at 7:48 PM, Peter Osterberg j...@vel.nu wrote:
Hi Full-Disclosure,
I'm trying to figure out what kind of cipher was used in this:
GGobQ2bsqd64PXVAmaDiDBg=
Looks like Base64, but it's not. The original string is:
du...@example.com
Thanks all!
wbr,
- Max___
Full-Disclosure - We believe in it.
The facebook and twitter like button are bugued. You can easily increase their
counters using a bug, and trick people into makink them believe that a webpage
has been like by thousands of people.
explanation here:
http://blog.guessmyheritage.com/twitter-and-facebook-like-buttons/
On Wed, 06 Apr 2011 18:10:29 BST, Cal Leeming said:
People should be using a different password for every external service
anyway, so technically this shouldn't even matter ;)
You're new here, aren't you? :)
pgpt9sj2oQD91.pgp
Description: PGP signature
People ***should*** be using
so ***technically*** this shouldn't even matter
I was taking the piss lol.
On Thu, Apr 7, 2011 at 3:59 PM, valdis.kletni...@vt.edu wrote:
On Wed, 06 Apr 2011 18:10:29 BST, Cal Leeming said:
People should be using a different password for every external service
Actually it is a valid Base64 string - it just decodes to 24, 106, 27, 67, 102,
236, 169, 222, 184, 61, 117, 64, 153, 160, 226, 12, 24. To get
du...@example.commailto:du...@example.com you would have to XOR that
resulting binary string with 124, 31, 118, 46, 31, 172, 108, 174, 217, 80, 5,
44,
I'm trying to figure out what kind of cipher was used in this:
GGobQ2bsqd64PXVAmaDiDBg=
Looks like Base64, but it's not. The original string is:
du...@example.com
Thanks all!
As Thor mentioned, since the ciphertext is not a multiple of a common
block cipher's block size (8 or 16
On Thu, 07 Apr 2011 11:22:56 +0300, maksim.file...@fuib.com said:
I'm trying to figure out what kind of cipher was used in this:
GGobQ2bsqd64PXVAmaDiDBg=
Looks like Base64, but it's not. The original string is:
du...@example.com
I'll place a bet (based on the trailing =), that in fact
lol thor ;p
Max, can you give a little more information as to the source of this? Are
you able to give us more samples? (preferably, du...@example.comm,
du...@example.co, and test).
If it's using a one time pad, you've got no chance lol, but sometimes these
things just use really heavily
phplist: cross site request forgery (CSRF), CVE-2011-0748
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2748
http://int21.de/cve/CVE-2011-0748-phplist.html
Description
phplist is a mailing list software written in PHP.
Up to version 2.10.12, it provided no protection
14 matches
Mail list logo
