Especially considering that all three use Tor to post on the list. I wonder why.
Other header/content details can be interesting as well...
2014-03-17 10:24 GMT+01:00 Pedro Ribeiro ped...@gmail.com:
On 16 Mar 2014 23:36, T Imbrahim timbra...@techemail.com wrote:
The thread read Google
: you could upload huge blobs and just take up space on the google servers.
How many people upload gigabytes of crappy videos on google servers,
hourly? So far, the DDoS didn't happen for some reason, even
considering the amount of users. There is a small potential to exploit
this via a botnet,
Too bad they killed it already.
2014-02-19 21:17 GMT+01:00 ICSS Security ctrlaltdel...@outlook.pt:
Hi,
Just releasing my new achievement.
What is?
RC Trojan AKA Remote Control trojan which allow the control of a computer
remotely in the same network (Lan/Wan).
It's build in
Absolutely shocking lack of security considerations.
Is it, really? I've got a feeling that companies don't give a s--t
about your data, your privacy, and so on (proved by numerous examples
out there), unless absolutely required to do so by law, and there is a
good reason behind that. It is not
is that it is the fault of the industry to push bad products on a public
that does not know enough to care about.
On Thu, Jan 16, 2014 at 3:02 PM, Źmicier Januszkiewicz ga...@tut.by wrote:
Absolutely shocking lack of security considerations.
Is it, really? I've got a feeling
January 2014 09:32, Źmicier Januszkiewicz ga...@tut.by wrote:
Absolutely shocking lack of security considerations.
Is it, really? I've got a feeling that companies don't give a s--t
about your data, your privacy, and so on (proved by numerous examples
out there), unless absolutely required to do
With all due respect, good sir... where's the root cause analysis?
Proof-of-concept files? Anything? Windbg dump doesn't really count as a
proof, you know, since anyone can fake it.
2013/9/2 Pedro Guillen pgn.pedroguil...@gmail.com
HI all!
I'm part of realpentesting members and although
Hmm, this dates back to 2011. Any news so far? I certainly didn't hear
about either Elsevier, ACM, or IEEE going down on their knees begging... It
still does look like nothing has changed despite all those people saying
their NO.
2013/8/9 Justin C. Klein Keane jus...@madirish.net
-BEGIN
Ah, and as a side effect, you get a bunch of free HTTP proxies -- the
script will fetch and print anything. Just to fix up the content type, but
this should not be an issue.
Finally, something useful.
I leave the google dork as an exercise for the reader.
Cheers,
Z.
2013/7/16 MustLive
Mario,
As far as I see, the code snippet provided (the only insn) dereferences an
attacker-controlled value. What happens next is not really clear since it
is only one insn in the dump and I am too lazy to actually install VLC and
dig in, but it shows that you can at least control the contents of
Well, I cannot reproduce the issue on 4.2.14, but there is nothing in
change logs for that version that can be related to virtio-net. They might
have done a silent fix for 4.1.x branch as well.
Cheers,
Z.
2013/6/27 Nick Boyce nick.bo...@gmail.com
On 6/21/13, Thomas Dreibholz dre...@simula.no
Hi,
Tested this on Windows 7 x64 host instead (no Linux box available atm);
confirmed the issue (consumes CPU and kills the host network adapter).
Can someone assign a CVE for this? Looks like this can be exploited to at
least DoS other VMs on the same host.
2013/6/21 Thomas Dreibholz
Why, hello there.
it appears to be a result of a vulnerability - or at the very least
weakness - in the implementation of libcurl; in particular, weak randomness
in generating the form boundary.
Is the boundary value generation required to be cryptographically strong?
It does not come as a
Hmm, interesting.
For some reason I fail to find the mentioned age requirements at the
official bug bounty page located at
https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
Am I looking in the wrong direction? Can someone please point to where this
is written?
With kind
Just to follow up with a hard copy of the page:
http://ctrlq.org/files/screenshots/d52409a7a5ac956568013624888a50e8.png
So that we all look at the same fixed text...
2013/5/29 Źmicier Januszkiewicz ga...@tut.by
Hmm, interesting.
For some reason I fail to find the mentioned age requirements
Dear list,
Well, I suppose this had to be a proof-of-concept piece of code to
demonstrate how port scanning can be done in PHP, not a production-grade
software. Adding input sanitization would increase the code size by a lot
and obscure the concept somewhat (not that there is much to be said
incompetent?
On Wed, Mar 6, 2013 at 7:46 AM, Źmicier Januszkiewicz ga...@tut.bywrote:
Dear list,
Well, I suppose this had to be a proof-of-concept piece of code to
demonstrate how port scanning can be done in PHP, not a production-grade
software. Adding input sanitization would increase the code
I'm wondering just how many security experts clicked on that link,
downloaded a PDF from some unknown source and opened it...
With kind regards,
Zmicier J.
2013/1/17 Andrew Terekhov ultra...@gmail.com
Why is this here?
There's nothing new/interesting in datasheets.
On Wed, Jan 16, 2013 at
Hey Mikhail,
Nice idea! Although it does not fit very well with Information must be
free principle I feel we all love and care about.
That aside, there are a few key stones missing in your arc, namely --
quality and trust. Nobody wants to pay for crap, you know, and right now I
just don't see
19 matches
Mail list logo
