Re: [Full-disclosure] IE handling the HTML notes incorrectly may lead to XSS attacks

I think it's worth to note that MSIE expects an *expression* in the conditional (it's a feature). Hence even if you disable direct XSS, there still would probably be more ways an *expression* could be used to write HTML code. As such, I don't think they should be fixing this (since it is

Re: [Full-disclosure] An enemy of the infosec community needs to be brought to justice

On Sun, Aug 7, 2011 at 5:50 PM, valdis.kletni...@vt.edu wrote: ... Second, if I was gonna do something like this, I'd make sure that click22.vt.edu actually resolved to something interesting. it does resolve to something interesting - if you're in the right place ... like behind a middle,

[Full-disclosure] NiX Online Web Proxy with pentest mode?

Hello list, is there interests of any kind to subjects feature? I mean web proxy https://myproxylists.com/nix_web_proxy/ with same features as firefox add-ons tamper data, modify headers and modify cookies has? I think it would be quite cool feature while having 50-100 proxies to choose from

Re: [Full-disclosure] IE handling the HTML notes incorrectly may lead to XSS attacks

Javascript: if(alert(1)); // executed i(alert(1)); // not executed (TypeError: i is not a function) It's worth to note that Firefox (5) does execute the inside function, whereas Chrome (13) and IE(9) do not. Talk about browser consistency... On Mon, Aug 8, 2011 at 9:38 AM, CnCxzSec衰仔

Re: [Full-disclosure] Yet Another Chinese Multimedia Player Supplies Thousands Of Open Proxies

On Sun, 2011-08-07 at 16:27 -0400, valdis.kletni...@vt.edu wrote: On Sat, 06 Aug 2011 19:59:23 EDT, Mr. Hinky Dink said: 23,000+ showed up in July. Over 16,000 new ones in the first week of August. Somebody doesn't get it.

[Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x07

Hi guys, Day seven of MOHSEP has been released along with some potentially exciting news. Link is here: http://mohsepblog.blogspot.com/2011/08/sunday-august-7th-2011.html Until tomorow! Herr E Balls ___ Full-Disclosure - We believe in it. Charter:

[Full-disclosure] [SECURITY] [DSA 2291-1] squirrelmail security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2291-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst August 8, 2011

Re: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x07

Since by now everyone would have probably figured that there is one per day surely anyone who is interested can just look themselves... Or maybe you can only send a email if both these criteria are actually met: 1) Are actually Humorous. 2) Are actually quality photoshops and not more accurately

[Full-disclosure] TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability

TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-13 August 8, 2011 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: McAfee -- Affected Products: McAfee Security-as-a-Service

[Full-disclosure] TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability

TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-12 August 8, 2011 -- CVSS: 8.3, (AV:N/AC:M/Au:N/C:P/I:P/A:C) -- Affected Vendors: McAfee -- Affected Products:

Re: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x06

Christian, How do you know how hard is life between studying for your CISSP exam for twelve years and getting rejected for being a mentor at Defcon Kids just because of that one time with the priests in Jaurez (and YES it was only once)? I don't think you do because if you did you would not be so

Re: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x07

wow you are OBVIOUS complete noob. Everyone know month have days. So must have one per day - that's why it's Month Of Humorous Stefan Esser Photoshops. I send email for people to know when the photoshops are ready. I don't want hungry Esser fans hurting fingers / breaking keyboards by hitting F5

[Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x08

Hey guys, Day 0x8 of mohsep is released! Today has really really complex humorousness so if u semi-lit-rate ret00d like smith hacker d00d from decapitate afghan crew then maybe u haves trouble to understands. this hum0r takes lots of points: 1) u have to have seen gr8 hacker film teh matr1x 2)

Re: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x08

You really really love him eh? it's ok. On 08/08/2011 06:38 PM, Herr E Balls wrote: Hey guys, Day 0x8 of mohsep is released! Today has really really complex humorousness so if u semi-lit-rate ret00d like smith hacker d00d from decapitate afghan crew then maybe u haves trouble to

Re: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x08

Dude, we don't care. Please quit spamming FD and (optionally) go find something useful to do with your time. On Mon, Aug 8, 2011 at 11:38 PM, Herr E Balls mohsep.submissi...@googlemail.com wrote: Hey guys, Day 0x8 of mohsep is released! Today has really really complex humorousness so if u

Re: [Full-disclosure] [MOHSEP] Month Of Humorous Stefan Esser Photoshops - 0x08

This. -- Douglas Huff On Aug 8, 2011 6:31 PM, elfius elf...@gmail.com wrote: Dude, we don't care. Please quit spamming FD and (optionally) go find something useful to do with your time. On Mon, Aug 8, 2011 at 11:38 PM, Herr E Balls mohsep.submissi...@googlemail.com wrote: Hey guys, Day