On 01/24/2012 07:18 PM, Mario Vilas wrote:
>> Guys, could you please read carefully everything before you reply?
> I read carefully. It still didn't make sense, though.
>
>> And you wouldn't be allowed to use copy&paste while you edit sensitive
>> documents either, I guess?
> I don't know how you c
have the clipboard disabled...
On 01/25/2012 08:44 AM, Peter Osterberg wrote:
> I think Ben's report make complete sense actually, it would be better to
> have the clipboard feature as a default. Security before features... =)
___
Full-Disclosure - We b
On 25.01.2012 5:45, Ben Bucksch wrote:
> On 25.01.2012 00:52, Henri Salo wrote:
>> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
>>> On 25.01.2012 00:09, Dan Kaminsky wrote:
IP KVM, in which the foreign server basically gets only inbound
Keyboard and Mouse and outbound unco
you are seriously more retarded than even the n3td3v+me+you
together...damn army..!
On 25 January 2012 19:29, Peter Osterberg wrote:
> Wasn't the original thread originally about VNC?
>
> On 01/25/2012 09:27 AM, GloW - XD wrote:
>> derp, do you know what KVM IP is ?
>> readup on how that relays
nice to send THIS one to fd, and you ssomehow admit to knowing it here
yet, i told you what it was, exactly, dont try make me look bad fag,
or i will drop your fucking domain, for a month :)
ciao beech,.
xd
On 25 January 2012 19:55, Dan Yefimov wrote:
> On 25.01.2012 5:45, Ben Bucksch wrote:
>>
ooops my bad, wriong guy, or, you dont understand this either ?
On 25 January 2012 19:55, Dan Yefimov wrote:
> On 25.01.2012 5:45, Ben Bucksch wrote:
>> On 25.01.2012 00:52, Henri Salo wrote:
>>> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
On 25.01.2012 00:09, Dan Kaminsky
I could never lower myself to your level so I guess you win
On 01/25/2012 10:32 AM, GloW - XD wrote:
> you are seriously more retarded than even the n3td3v+me+you
> together...damn army..!
>
>
> On 25 January 2012 19:29, Peter Osterberg wrote:
>> Wasn't the original thread originally about VN
>> IP KVM, in which the foreign server basically gets only inbound
>> Keyboard and Mouse and outbound uncompressed pixels.
>
> That is *precisely* what VNC is: an open-source IP KVM.
No, it's not. I won't go into the differences because other people
already did in this thread.
> And please don't
I'm not sure how the clipboard works in Linux desktops (I understand
it's a little different), but at least in Windows environments data
has to be copied to the clipboard when you hit Ctrl-C. It can't be
copied when you hit Ctrl-V because then the applications wouldn't know
if there is anything to
Fair enough :)
On Wed, Jan 25, 2012 at 10:59 AM, Peter Osterberg wrote:
>
>
> On 01/25/2012 10:54 AM, Mario Vilas wrote:
>> The bottom line is, the problem here is using VNC for what Ben is
>> using it. There are many more problems with that scenario and
>> clipboard sharing may be the least of t
This could be also used in some cases to Refer requests from "paypal" or
such payment systems when there is no/bad validation checks on an
e-commerce website.
ie:
if(Referer.Contains("paypal.com"))
{ ok }
but what if i control "mypaypal.com"?
Le 24/01/2012 20:14, Jan Wrobel a écrit :
> Hi,
>
>
On 01/25/2012 10:54 AM, Mario Vilas wrote:
> The bottom line is, the problem here is using VNC for what Ben is
> using it. There are many more problems with that scenario and
> clipboard sharing may be the least of them.
That may very well be true. I am not trying to debate that.
__
That's not necessarily true. On windows you can add custom clipboard formats
that would contain a 'link' to the original source, causing the data to be
actually
passed when pasting. An example of this is when one copy+pastes a file.
See the Windows Clipboard API for more info.
Chris.
On Wed, Ja
hrm now thats indeed of interest... good to point out...thx.
On 25 January 2012 21:09, Jerome Athias wrote:
> This could be also used in some cases to Refer requests from "paypal" or
> such payment systems when there is no/bad validation checks on an
> e-commerce website.
>
> ie:
> if(Referer.Co
Windows is even more secure, have you actually, read any of the code /
On 25 January 2012 21:30, Christian Sciberras wrote:
> That's not necessarily true. On windows you can add custom clipboard formats
> that would contain a 'link' to the original source, causing the data to be
> actually
> pas
INSECURE i mean*
On 25 January 2012 21:30, Christian Sciberras wrote:
> That's not necessarily true. On windows you can add custom clipboard formats
> that would contain a 'link' to the original source, causing the data to be
> actually
> passed when pasting. An example of this is when one copy+
No, I only read the manual.
Now go troll somwhere else. :)
On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD wrote:
> Windows is even more secure, have you actually, read any of the code /
>
>
> On 25 January 2012 21:30, Christian Sciberras wrote:
> > That's not necessarily true. On windows you can
On 25.01.2012 08:44, Peter Osterberg wrote:
> I don't think that is what Ben is saying. The clipboard get sent to the
> the server even before it is pasted, this happens without the user
> knowing of it.
>
> Notepad would have the paste button grayed otherwise, if the clipboard
> is empty, right? S
fuckoff you ragdoll... i dont troll, and many on this fucking list
knows it... fuckit... i aint paying shit to anyone on this list, enjoy
finding your 0days, and, the next admins, go ahead and rm me, coz i
will be dropping your ass of a FD , until it makes me.
go die, and, maybe, you wont have mone
and stupidly, you forgot to addin the second PRIVT post i sent you,
saying i meant *insecure :)
now, go try tell me windows vnc is secure again...and, then setup a
vnc on your box, and, under win32, try your best, when your ready,
yell out, so i can make a compete fucking fool of ya.
ok ?
if this i
yea yea, we got it now, ill say one thing to FD, your all putting,
one really cool thing i was doing, to a halt.
enjoy, ask zx2c4 about it.
On 25 January 2012 21:09, Jerome Athias wrote:
> This could be also used in some cases to Refer requests from "paypal" or
> such payment systems when th
For the record...
who are the other 'many on this list' that know you don't troll other than
your alter egos?
'course you don't troll can you quote me where I ever said VNC is
secure?
With that, I'll let you troll in peace. I have no interest talking to you
anyway... :)
On Wed, Jan 25, 2012
The vendor was notified. They have chosen not to fix the issue at this time.
The Vendor Response section has the details:
Vendor Response:
Due to the fact that the component in question is an installation script,
the vendor has stated that the attack surface is too small to warrant
a fix:
"We gi
On Wed, Jan 25, 2012 at 08:43:34AM -0600, Trustwave Advisories wrote:
> The vendor was notified. They have chosen not to fix the issue at this time.
> The Vendor Response section has the details:
>
> Vendor Response:
> Due to the fact that the component in question is an installation script,
> th
On Wednesday 25 Jan 2012 15:22:39 Henri Salo wrote:
> There is A LOT of these open installation pages in the Internet. It is not
> uncommon to leave those open by accident. Some people also do this,
> because they just don't understand the risks. I am wondering if WordPress
> would apply patch if
Dear full-disclosure
I wrote to you to tell you about serious serious vulnerability in all
Windows versions.
If you turn machine on before system is configured, then you be able to set
user password yourself, big gaping hole
I make big large botnet to fully utilise this impressive vulnerabil
Yes it does.
wp-admin/setup-config.php?step=1 on any wp install where it exists gives
this:
The file 'wp-config.php' already exists one level above your WordPress
installation. If you need to reset any of the configuration items in this
file, please delete it first.
On Wed, Jan 25, 2012 at 4:11
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-018
January 25, 2012
- -- CVE ID:
CVE-2011-3478
- -- CVSS:
9.7, AV:N/AC:L/Au:N/C:C/I:C/A:P
- -- Affected Vendors:
Syman
On Wed, Jan 25, 2012 at 2:55 AM, Ben Bucksch wrote:
> Dear coderman,
>
> posting mails that were explicitly marked "offlist" on the public list is
> no-go.
you must be new around here... why not let everyone learn from your fail?
___
Full-Disclosure -
What was the "offlist" message he was referring to? Cause yeah, he sounds
pretty new here with that kind of message. People bring in outside
conversations all the time, especially if they feel it is relevant to the
topic at hand.
Speaking of the topic at hand: I agree with the crowd that says it i
Title:
==
Verkehrsbetriebe Berlin - SQL Injection Vulnerability
Date:
=
2012-01-25
References:
===
http://www.vulnerability-lab.com/get_content.php?id=138
VL-ID:
=
138
Introduction:
=
VBB Verkehrsverbund Berlin-Brandenburg GmbH
Der VBB koordiniert die Interes
Title:
==
Acolyte CMS v1.5 and v6.3 - SQL Injection Vulnerabilities
Date:
=
2012-01-25
References:
===
http://www.vulnerability-lab.com/get_content.php?id=397
VL-ID:
=
397
Abstract:
=
A Vulnerability Laboratory researcher discovered a critical (remote) SQL
Injec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2393-1 secur...@debian.org
http://www.debian.org/security/ dann frazier
January 25, 2012
We apologize if you received multiple copies of this CFP and we appreciate
if you help to forward the CFP.
The Second International Workshop on Privacy, Security and Trust in Mobile
and Wireless Systems (MobiPST 2012)
München, Germany, July 30 to August 2, 2012
Recently, mobile wire
Funny but no, this does not need a non-installed wordpress.
2012/1/25 Benji
> Dear full-disclosure
>
> I wrote to you to tell you about serious serious vulnerability in all
> Windows versions.
>
> If you turn machine on before system is configured, then you be able to
> set user password yoursel
*UPDATE* After attacking several government sites to protest controversial
US legislation in past weeks, hacktivist group Anonymous is setting its
sights on one of the Internet's biggest targets: Facebook. Or maybe not.
Sources Form karmacyberintel.net
for more details
http://www.karmacyberintel
Anonymous deletes CBS.com, solicits opinions on who to hack nextsources
form karmacyberintel.net
for more details
http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/
___
Full-Disclosure - We believe in
(CBS) - The week began on a high note for Internet activist. The biggest
organized effort to blackout websites in solidarity over the Stop Online
Piracy Act (SOPA) and Protect IP Act (PIPA) was a huge success
sources form
for more details
http://www.karmacyberintel.net/2012/01/megaupload-anonymo
# Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution
# Vulnerability
# Date: 25.01.2012
# Author: otr
# Software Link: http://www.nomachine.com/documents/plugin/install.php
# Version: <= 3.x
# Tested on: Linux, Windows, Mac OS X x86, Mac OS X PPC, Solaris
# CVE : None, yet
Summary
If we cared, we'd visit that site of our own volition. Secondly, even if we
were interested: most of the people on these lists are intelligent enough
not to click on links from spammers. Third, even if the content were
interesting, even if this were the place for it and even if you hadn't
spammed:
On a personal note, maybe OFF...
I fail to see the gain in such retaliations, especially in organized
ones... First the Megaupload retaliation, now the UN... and for what...
I know people want to be heard, but this is plainly sending the wrong
message.
This will give decision makers EXACTLY
stfu idiot.
they can do wtf they want, think about that!
now, go fuck yaself...and enjoy mailing on FD and secunia is like,
got smtp problems now ;)
tc.
GLOW
you all thought im some fuckwit called n3td3v ,for this, you all pay!
I, single fucking handedly, will destroy secunia , and this bs lis
Douchebags are all the same everywhere, even if you aren't Andrew
Wallace, this does not make you not a douchebag.
Sorry.
Good luck with your packets!
Andrew
On 1/25/2012 4:24 PM, xD 0x41 wrote:
> stfu idiot.
> they can do wtf they want, think about that!
> now, go fuck yaself...and enjoy m
Bandwidth bills.
2012/1/25 karma cyberintel
> Anonymous deletes CBS.com, solicits opinions on who to hack nextsources
> form karmacyberintel.net
>
> for more details
>
>
> http://www.karmacyberintel.net/2012/01/anonymous-deletes-cbs-com-solicits-opinions-on-who-to-hack-next/
>
>
> __
Anonymous is definitely not a group (as in a group that has actual
members), you should know better.
2012/1/25 karma cyberintel
> *UPDATE* After attacking several government sites to protest
> controversial US legislation in past weeks, hacktivist group Anonymous is
> setting its sights on one
> Those who try to manage potentially malicious servers do so over IP KVM,
in which the foreign server basically gets only inbound Keyboard and
Mouse and outbound uncompressed pixels.
Feature or bug, vnc or ip kvm, the same behavior has a virtual box virtualized
machine with shared clipboard. Y
Reporting three day old news to Full-Disclosure.
Awesome.
On Wed, Jan 25, 2012 at 1:51 AM, karma cyberintel <
karmacyberint...@gmail.com> wrote:
> Anonymous deletes CBS.com, solicits opinions on who to hack nextsources
> form karmacyberintel.net
>
> for more details
>
>
> http://www.karmacyberin
+1
On 2012-01-25 12:17 PM, "adam" wrote:
> If we cared, we'd visit that site of our own volition. Secondly, even if
> we were interested: most of the people on these lists are intelligent
> enough not to click on links from spammers. Third, even if the content were
> interesting, even if this wer
I am pretty sure their host is gonna be suspending them after the DDoS that
just hit them.
(their real host that is, not the proxy.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
Hi Henry,
I don't see a timeline. What was the vendor's response?
Jeff
On Fri, Jan 20, 2012 at 11:29 AM, Henry Paduwa wrote:
> Hi,
>
> I discovered that Vopium (http://vopium.com/), a popular VoIP app for Android
> and iPhone, is simply leaking in *clear text* :
>
> - your login
> - your IMEI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25/01/2012 20:16, adam wrote:
> If we cared, we'd visit that site of our own volition. Secondly, even if we
> were interested: most of the people on these lists are intelligent enough
> not to click on links from spammers. Third, even if the content
yea...well, they think I am you...so...
lol, i hope they do :P
coz, you will get fuxed, for anything i have said :)
later!
On 26 January 2012 09:10, andrew.wallace wrote:
> My lawyers are looking through this thread to see if anything libelous has
> been said against me or the n3td3v organisatio
stfu idiot..
now go look at your boxes :) and netstatsand enjoy being part of,
a much nicer, smaller organisation wich is only here, to destroy you
all. :)
bye!
oh btw, secunia,.com is also, owned.
have phun!
GLOW
On 26 January 2012 09:19, Dave wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
This guy is full of win, it's like watching the special Olympics in HD.
On Wed, Jan 25, 2012 at 12:51 PM, Henry M wrote:
> Reporting three day old news to Full-Disclosure.
>
> Awesome.
>
> On Wed, Jan 25, 2012 at 1:51 AM, karma cyberintel
> wrote:
>>
>> Anonymous deletes CBS.com, solicits opinio
well.. thats exactly whats happening :)
so, hope your lawyer, is a fucking GUN!
lol.. thats just, i hope, your twelling truth and DO have this
power...to ruin them... as id love to watch :)
under, your name, or, mine..your in UK, im not... :)
oh, they been defaming, for ages now..and, ignoring also
You are not anonymous, you are reachable anywhere in the world.
hahah yes sir.
suck my dick now, and stfu, actually no keep talking, itll give me
more reasons, to own you and put you in my 'army' also :)
so, ill ddos your own site, with your own box, k :)
enjoy, security expert :P
hahahahaha
i will destroy FD this year, mark these words.
On 26 January 2012 10:19, Richard Golodner wrote:
> On Thu, 2012-01-26 at 08:24 +1100, xD 0x41 wrote:
>> you all thought im some fuckwit called n3td3v
>
> Not me my brother, I know the real nutdumb.
> I also recognize cool, and perhap
I'm impressed that Andrew continues to maintain the "dumbest person on FD"
position without actually being on FD.
On Wed, Jan 25, 2012 at 5:26 PM, xD 0x41 wrote:
> You are not anonymous, you are reachable anywhere in the world.
>
>
> hahah yes sir.
> suck my dick now, and stfu, actually no keep
I have found the perfect image to describe my thoughts on this current
clash of intellectuals.
http://www.threadbombing.com/data/media/27/arguing.jpg
On Wed, Jan 25, 2012 at 4:26 PM, xD 0x41 wrote:
> You are not anonymous, you are reachable anywhere in the world.
>
>
> hahah yes sir.
> suck my d
On 2012-01-25, at 16:36, Sanguinarious Rose wrote:
> I have found the perfect image to describe my thoughts on this current
> clash of intellectuals.
>
> http://www.threadbombing.com/data/media/27/arguing.jpg
Alternatively (also, a more memorable link):
http://www.internetargument.com/
On Wed, Jan 25, 2012 at 6:53 PM, Levente Peres wrote:
>
> This will give decision makers EXACTLY what they WANT.
Those who have already given up democracy think that way.
People must choose (participate more often in decision making), not a
few conglomerates' puppets.
Marcio Barbado, Jr.
__
On Thu, 26 Jan 2012 09:20:17 +1100, xD 0x41 said:
> yea...well, they think I am you...so...
> lol, i hope they do :P
> On 26 January 2012 09:10, andrew.wallace
> wrote:
> > My lawyers are looking through this thread to see if anything libelous has
> > been said against me or the n3td3v organisat
> On 2012-01-25, at 16:36, Sanguinarious Rose wrote:
>> I have found the perfect image to describe my thoughts on this current
>> clash of intellectuals.
>>
>> http://www.threadbombing.com/data/media/27/arguing.jpg
-1
___
Full-Disclosure - We believe in
Ubuntu just released patches: [USN-1342-1]
(http://www.ubuntu.com/usn/usn-1342-1/).
On Sun, Jan 22, 2012 at 6:25 PM, Jason A. Donenfeld wrote:
> Server presently DoS'd, or dreamhost is tweaking again.
>
> Cache link:
>
> http://webcache.googleusercontent.com/search?hl=en&safe=off&biw=1009&bih=687
Andrew Farmer wrote:
> Alternatively (also, a more memorable link):
>
> http://www.internetargument.com/
I think the sentiment in that one is overstated.
"Usually" -- really?
"Sometimes" maybe...
"Aspiring to" -- getting closer...
Regards,
Nick FitzGerald
__
65 matches
Mail list logo
