I am aware of this. However it is not the default and far from standard.
Just saying encrypted disks are the exception and not the norm.
On Jul 13, 2013 10:31 PM, "Dennis E. Hamilton"
wrote:
>
> Bit Locker full disk encryption has been available since Windows Vista.
It was improved in Windows 7 an
Since when was full disk encryption standard in windows 7 let alone windows
environments in general? Sure there are probably some but nonetheless
On Jul 13, 2013 6:47 PM, "Alex" wrote:
>
> You didn't tell us how you cracked the full disc encryption. (There are
ways around controls, but that is why
You didn't tell us how you cracked the full disc encryption. (There are
ways around controls, but that is why we have multiple security layers.)
Am 13. Juli 2013 22:49:11 schrieb valdis.kletni...@vt.edu:
On Sat, 13 Jul 2013 22:13:38 +0300, Moshe Israel said:
> All secured/regulated systems as
On Sat, 13 Jul 2013 22:13:38 +0300, Moshe Israel said:
> All secured/regulated systems as required by most
> certifications/standards/best practices.
You're new in the industry, aren't you? :)
The point you're missing is that the vast majority of computers aren't covered
by said certifications a
Hello participants of Mailing List.
After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I've made next update of the software. Today DAVOSET v.1.1 was released -
DDoS attacks via other sites execution tool
(http://we
On Sat, 13 Jul 2013 13:23:18 +0200, Alex said:
> This one is a classic, but it will fail integrity checks of
> tripwire/ossec/whatever you use.
What percent of systems actually do this?
On Sat, 13 Jul 2013 14:19:19 +0200, Alex said:
> And trigger automated incident/alarm
Trigger the automated al
So, I've been toying with this on many systems. Every lan system would do
the same thing you describe. Unfortunately, I haven't been able to test lan
sucessfully yet.
Then I had several remote systems that would take 2 minutes to respond to a
valid user (root and another valid user as given by some
Sorry for the cross posts
We are opening a second call for short talks aimed at young
researchers as well as beginning/ongoing projects. The deadline is
August 31st 2013.
This second call aims at offering the possibility
* for “young” researchers to present ongoing work, first results,
projects,
Hello list!
These are Cross-Site Scripting and Content Spoofing vulnerabilities in
TinyMCE Image Manager plugin for TinyMCE.
-
Affected products:
-
Vulnerable are TinyMCE Image Manager 1.1 and previous versions.
-
Affect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11.07.2013 17:41, Jann Horn wrote:
> On Wed, Jul 10, 2013 at 03:38:59PM +0200, Curesec Research Team
> wrote:
>> By testing several OpenSSH installations we figured there is a
>> delay of time when it comes to cracking users (not) existing on a
>> s
Swap out tripwire/ossec/whatever you use?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
What you describe is CVE-2006-5229. While the CVE description does not
explicitly say "long passwords", it does cover the general idea. Read the
mail list posts associated with it and it shows people testing based on
minor differences in password length. Stands to reason that 39,000
character
Trustwave SpiderLabs Security Advisory TWSL2013-018:
Multiple Vulnerabilities in OpenEMR
Published: 07/12/13
Version: 1.0
Vendor: OEMR (www.open-emr.org)
Product: OpenEMR
Version affected: 4.1.1 patch-12 and prior
Product description:
OpenEMR is an ONC-ATB Ambulatory EHR 2011-2012 certified elec
Am 11.07.2013 16:41, schrieb Jann Horn:
> FYI, the openssh guys have known this for quite a while and they don't
> treat it as an issue worth fixing. They don't want to introduce extra
> anti-timing code just to prevent user enumeration from working.
Oh really?
> By the way: If you can hog the CPU
Corda Path Disclosure and XSS
FOREGROUND SECURITY, SECURITY ADVISORY 2013-002
- Original release date: July 12, 2013
- Discovered by: Adam Willard (Software Security Analyst at Foreground Security)
- Contact: (awillard (at) foregroundsecu
When we developed our open source
project(http://code.google.com/p/auxbrowser/), we found several common
security mistakes.
Security Issue #1 - FEATURE_LOCALMACHINE_LOCKDOWN
If an application uses Microsoft web browser object to access internet,
it's extremely important to have this enabled.
And trigger automated incident/alarm
Am 13. Juli 2013 13:54:04 schrieb Julius Kivimäki :
Swap out tripwire/ossec/whatever you use?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and spons
This one is a classic, but it will fail integrity checks of
tripwire/ossec/whatever you use.
Am 12. Juli 2013 17:45:57 schrieb Chris Arg :
Swap out a binary while in recovery...for instance the magnify.exe binary
with cmd.exe. Reboot and at the login screen (if it's still enabled) run
the mag
18 matches
Mail list logo
