On 17-Jan-2013 21:56:53 +0100, Luigi Rosa wrote:
> I was reading about Nokia HTTPS MitM. Many corporate firewall
> can MitM HTTPS for content inspection and many governments do
> this for their reasons.
> I was thinking: could it be possible to create a fake HTTPS
> stream to DoS the MitM att
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20121220-01: Security Notice for CA IdentityMinder
Issued: December 20, 2012
Updated: January 18, 2013
CA Technologies Support is alerting customers to two potential risks in CA
IdentityMinder (formerly known as CA Identity Manager). Two
vuln
CVE-2013-0177: Cross-Site Scripting (XSS) Vulnerability in Apache OFBiz
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache OFBiz 11.04.01
Apache OFBiz 10.04.04 and earlier releases in the series (10.04.*)
The unsupported Apache OFBiz 09.04.* versions may be also
On Wed, 16 Jan 2013 10:18:36 +0400, grem...@gremlin.ru said:
> On 15-Jan-2013 16:45:30 -0500, valdis.kletni...@vt.edu wrote:
> > > Also, what stops a person to file it under a company name if
> > > that's easier? I admit I'm not into this area, so I might be
> > > missing something fundamental...
On Fri, Jan 18, 2013 at 3:21 PM, wrote:
> On Wed, 16 Jan 2013 12:39:18 -0500, Almaz said:
>
>> How to detect system intrusions? What are the techniques? Can one character
>> difference in the output be an indicator of compromise?
>
> Paging Cliff Stoll.. Cliff Stoll to the courtesy phone...
Damn.
On Wed, 16 Jan 2013 12:39:18 -0500, Almaz said:
> How to detect system intrusions? What are the techniques? Can one character
> difference in the output be an indicator of compromise?
Paging Cliff Stoll.. Cliff Stoll to the courtesy phone...
pgpbzm07bhB35.pgp
Description: PGP signature
On Mon, Jan 14, 2013 at 10:34 AM, wrote:
> https://petitions.whitehouse.gov/petition/remove-united-states-district-attorney-carmen-ortiz-office-overreach-case-aaron-swartz/RQNrG1Ck
>
> Above link to remove this prosecutor needs to have signatures by
> February 11.
Congratulations. It looks like y
Hello All,
This post might be interesting for those concerned about the
state of Oracle's Java SE security.
We have successfully confirmed that a complete Java security
sandbox bypass can be still gained under the recent version
of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21).
MBeanInstantia
In the interest of full-disclosure, here is a remote exploit for the
vulnerability found by David Klein:
Demonstration
Novell NCP Pre-Auth Remote Stack Buffer Overflow
Connecting to host [127.0.0.1]...
Connected!
Sending message #1 (23 bytes)
<-- 44 6d 64 54 00 00 00 17 00 00 00 01 00 00 00 00 11
On 2013-01-17 10:20, COPiOUS wrote:
> Hello,
>
> First of all, the question is in the subject. Should say enough.
>
> In my opinion they are, since a software crack allows unauthorized
> use of software and the exposure of (possible) trade secrets, but I
> want to know how other people think about
On Thu, Jan 17, 2013 at 09:56:53PM +0100, Luigi Rosa wrote:
> If this message is offtopic, please excuse me.
>
> I was reading about Nokia HTTPS MitM. Many corporate firewall can MitM HTTPS
> for content inspection and many governments do this for their reasons.
>
> I was thinking: could it be po
==
Secunia Research 16/01/2013
- Oracle Outside In Technology Stream Filters -
- Paradox Database Handling Buffer Overflow -
=
==
Secunia Research 16/01/2013
- Oracle Outside In Technology Stream Filters -
- Paradox Database Handling Denial of Service -
===
13 matches
Mail list logo