Re: [Full-disclosure] Apple IOS security issue pre-advisory record

On Sat, 24 Mar 2012 00:52:45 -, Dave said: > I am not an expert so please, for my education, correct me if I am wrong. > Is it not so much the request, but what the request is made with? It's a pretty safe bet that most of the 300 clicky-clicky types did *not* use wget to test what it was. >

Re: [Full-disclosure] Oracle based personal data dumping attack on the nuit du hack CTF

El 24/03/12 05:27, klondike escribió: > So I was bored with the nuit du hack prequals and decided to test a > bit the e-mail service. > > The guys have a cool XSS injection on the fake webmail service which > can be exploited with a properly crafted subject (i.e. > alert('Hello!'); ). I thought the

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/03/2012 23:26, Michal Zalewski wrote: >> I find it very unfortunate that 300 supposed security professionals clicked >> on a hidden link like that without first checking what it was, or if not >> simply ignoring it like I did!!! > > So how do yo

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/03/2012 00:39, valdis.kletni...@vt.edu wrote: > On Fri, 23 Mar 2012 22:34:38 -, Dave said: >> ii) Paranoia is healthy. If one runs a computer most people ARE out to get >> you. > > A tad extreme, perhaps. There *are* 7 billion people on t

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

On Fri, 23 Mar 2012 22:34:38 -, Dave said: > ii) Paranoia is healthy. If one runs a computer most people ARE out to get > you. A tad extreme, perhaps. There *are* 7 billion people on the planet, most of whom have never heard of you either.. Of course, the ones that you never hear from don

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

> I find it very unfortunate that 300 supposed security professionals clicked > on a hidden link like that without first checking what it was, or if not > simply ignoring it like I did!!! So how do you meaningfully "check what it is" without actually requesting the document? And what's the differ

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 And I thought curiosity killed only pussy cats. I don't consider myself a security professional, but playing around with computers since the early 80's has certainly taught me that: i) Most links in forums.emails.blogs etc. benefit only the post

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

Gary/John: imagine how many more would have if I didn't send that reply. I'm sure I skewed the results, even if only slightly, by doing that. On Fri, Mar 23, 2012 at 3:41 PM, Gary Baribault wrote: > I find it very unfortunate that 300 supposed security professionals > clicked on a hidden link l

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

I find it very unfortunate that 300 supposed security professionals clicked on a hidden link like that without first checking what it was, or if not simply ignoring it like I did!!! Gary Baribault Courriel: g...@baribault.net GPG Key: 0x685430d1 Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6

Re: [Full-disclosure] Apple IOS security issue pre-advisory record

he he, good catch :) Anyway, it doesn't hurt anybody: it's just a vote. Well, let me explain. I'm a journalist (non IT, mainstream) preparing an article about different internet communities behaviors. I've posted similar messages talking about a security issue, pron pics, divx, software and breakin

[Full-disclosure] [ MDVSA-2012:037 ] cyrus-imapd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:037 http://www.mandriva.com/security/ _

[Full-disclosure] [ MDVSA-2012:036 ] libsoup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:036 http://www.mandriva.com/security/ _

Re: [Full-disclosure] is my ISP lying or stupid?

Hahahah, that's wonderful. On Mar 21, 2012 12:06 PM, "Thor (Hammer of God)" wrote: > Actually, those promiscuous sub-VLANs are bad news. I got a virus from > one that turned my hard drive into a floppy. > > t > > >-Original Message- > >From: full-disclosure-boun...@lists.grok.org.uk [mai

[Full-disclosure] [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256

Everyone, Below is our announcement for the security issue reported to us from Codenomicon, via CERT-FI. All previous versions of Apache Traffic Server are vulnerable, and we urge users to upgrade to either v3.0.4 or v3.1.3 immediately. Both releases are available from our download site at

[Full-disclosure] 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)

'phpMoneyBooks' Local File Inclusion (CVE-2012-1669) Mark Stanislav - mark.stanis...@gmail.com I. DESCRIPTION --- A vulnerability exists in index.php for module handling that allows for local file inclusion using a null-byte attack on the 'module' GET parameter

[Full-disclosure] 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)

'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670) Mark Stanislav - mark.stanis...@gmail.com I. DESCRIPTION --- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by acce

[Full-disclosure] [ MDVSA-2012:035 ] file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:035 http://www.mandriva.com/security/ _

[Full-disclosure] [ MDVSA-2012:034 ] libzip

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:034 http://www.mandriva.com/security/ _