On Sat, 24 Mar 2012 00:52:45 -, Dave said:
> I am not an expert so please, for my education, correct me if I am wrong.
> Is it not so much the request, but what the request is made with?
It's a pretty safe bet that most of the 300 clicky-clicky types did *not* use
wget to test what it was.
>
El 24/03/12 05:27, klondike escribió:
> So I was bored with the nuit du hack prequals and decided to test a
> bit the e-mail service.
>
> The guys have a cool XSS injection on the fake webmail service which
> can be exploited with a properly crafted subject (i.e.
> alert('Hello!'); ). I thought the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/03/2012 23:26, Michal Zalewski wrote:
>> I find it very unfortunate that 300 supposed security professionals clicked
>> on a hidden link like that without first checking what it was, or if not
>> simply ignoring it like I did!!!
>
> So how do yo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/03/2012 00:39, valdis.kletni...@vt.edu wrote:
> On Fri, 23 Mar 2012 22:34:38 -, Dave said:
>> ii) Paranoia is healthy. If one runs a computer most people ARE out to get
>> you.
>
> A tad extreme, perhaps. There *are* 7 billion people on t
On Fri, 23 Mar 2012 22:34:38 -, Dave said:
> ii) Paranoia is healthy. If one runs a computer most people ARE out to get
> you.
A tad extreme, perhaps. There *are* 7 billion people on the planet, most of
whom have never heard of you either.. Of course, the ones that you never hear
from don
> I find it very unfortunate that 300 supposed security professionals clicked
> on a hidden link like that without first checking what it was, or if not
> simply ignoring it like I did!!!
So how do you meaningfully "check what it is" without actually
requesting the document?
And what's the differ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
And I thought curiosity killed only pussy cats.
I don't consider myself a security professional, but playing around with
computers since the early 80's has certainly taught me that:
i) Most links in forums.emails.blogs etc. benefit only the post
Gary/John: imagine how many more would have if I didn't send that reply.
I'm sure I skewed the results, even if only slightly, by doing that.
On Fri, Mar 23, 2012 at 3:41 PM, Gary Baribault wrote:
> I find it very unfortunate that 300 supposed security professionals
> clicked on a hidden link l
I find it very unfortunate that 300 supposed security professionals
clicked on a hidden link like that without first checking what it was,
or if not simply ignoring it like I did!!!
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6
he he, good catch :)
Anyway, it doesn't hurt anybody: it's just a vote.
Well, let me explain. I'm a journalist (non IT, mainstream) preparing an
article about different internet communities behaviors. I've posted similar
messages talking about a security issue, pron pics, divx, software and
breakin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:037
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:036
http://www.mandriva.com/security/
_
Hahahah, that's wonderful.
On Mar 21, 2012 12:06 PM, "Thor (Hammer of God)"
wrote:
> Actually, those promiscuous sub-VLANs are bad news. I got a virus from
> one that turned my hard drive into a floppy.
>
> t
>
> >-Original Message-
> >From: full-disclosure-boun...@lists.grok.org.uk [mai
Everyone,
Below is our announcement for the security issue reported to us from
Codenomicon, via CERT-FI. All previous versions of Apache Traffic Server are
vulnerable, and we urge users to upgrade to either v3.0.4 or v3.1.3
immediately. Both releases are available from our download site at
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in index.php for module handling that allows
for local file inclusion using a null-byte attack on the 'module' GET
parameter
'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)
Mark Stanislav - mark.stanis...@gmail.com
I. DESCRIPTION
---
A vulnerability exists in admin/index.php that allows for an
unauthenticated user to export the entire application database by acce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:035
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:034
http://www.mandriva.com/security/
_
18 matches
Mail list logo