On Fri, Nov 8, 2013 at 7:47 PM, coderman wrote:
> surprised not a peep about this one here yet,... hmmm
> a fun one ;)
>
> we are accustomed to old software adding risk;
> new (secondary effects of combined AUTH+ENC modes)
>also carries risk!
Well know possibility, yes. In any case the pro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2793-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
November 09, 2013
The following vulnerabilities have been found in Redaxo 4.5
(http://redaxo.org), an open source CMS for small and medium websites.
CSRF:
Redaxo has no CSRF protection and occasionally accepts GET variables in place
of POST, which can be exploited to overwrite user passwords or delete files by
a
"If exploited, this vulnerability might permit code execution
with the privileges of the authenticated user"
might explains the absence ;-)
Have a good one :-)
On 08.11.13 19:47, coderman wrote:
> surprised not a peep about this one here yet,... hmmm
> a fun one ;)
>
> we are accus
I’ve been lurking here for some months now and have seen plenty of
vulnerabilities go by for applications, and the occasional OS level exploit.
I don’t think I’ve seen a single post about cloud security.
Is ‘the cloud’, AWS in particular, believed to be secure? Is it simply not
targeted? Or w
Alex,
Not allowing anonymous SSH, doesn't mean you need a password for SSH. Actually,
certificates are way more secure than passwords.
Just a damned security guy
Jasper Kips,
Always waiting for the ricochet
> Op 8 nov. 2013 om 18:47 heeft Alex het volgende geschreven:
>
> I don't care about th
Actually, guys... im wondering if the lack of response is due to falling
user participation... what do you think about doing a promotion in Twitter
to bring more people into the mix here?
--
Robert Q Kim
Printing and Logistics In Hong Kong and Japan
http://www.youtube.com/watch?v=YrKx38pMlEo
2611
Sorry, I don't actually have a sample, I was just once infected with it.
Thank you for your concern.
Źmicier Januszkiewicz wrote:
Hi Jack,
Care to share a sample of this one?
Cheers,
Z.
2013/11/7 Jack Johnson :
It is a user friendly report about a new worm/rootkit (only goes into worm
mode w
On Fri, Nov 8, 2013 at 9:08 AM, David Miller wrote:
> ...
> I don’t think I’ve seen a single post about cloud security.
>
> Is ‘the cloud’, AWS in particular, believed to be secure? Is it simply not
> targeted?
>
Stallman has a term for it: Careless Computing.
http://techcrunch.com/2010/12/14/st
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
I will split my answer in two parts, as they represent both views I
regularly experience. They aren't all related to security.
The first problem is TCO. Cloud services are easy to set up (both as a
vendor and as a user), and have little to n
On 11/09/2013 at 7:32 AM, "David Miller" wrote:I’ve been lurking
here for some months now and have seen plenty of vulnerabilities go by
for applications, and the occasional OS level exploit.
I don’t think I’ve seen a single post about cloud security.
Is ‘the cloud’, AWS in particular, believed t
> The first problem is TCO. Cloud services are easy to set up (both as a
> vendor and as a user), and have little to no "hard" start-up costs.
> (costs that initially are billed as startup costs, before the service
> payments start).
Also see http://www.gossamer-threads.com/lists/openstack/dev/3277
On Sat, Nov 9, 2013 at 9:51 AM, wrote:
> On 11/09/2013 at 7:32 AM, "David Miller" wrote:
>
> I’ve been lurking here for some months now and have seen plenty of
> vulnerabilities go by for applications, and the occasional OS level exploit.
>
> I don’t think I’ve seen a single post about cloud sec
++
| XADV-2013003 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow |
++
Vulnerable versions:
- linux kernel 2.6.18 <=
Testbed: ubuntu
Type: Local
Impact
the advisory I released cancaled.
It's not a bug.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
15 matches
Mail list logo
