Todd Troxell wrote:
I discovered rather inadvertently that laptops do not enjoy having
their USB VCC shorted to GND one bit. It is a sure DoS, in fact if
the machine has a stupid power supply, it could result in permanent
damage. It is kind of scary for kiosk machines like the those
Ben Bucksch wrote:
Anders B Jansson wrote:
I'd say that it's a design decition, not sure that it's a design
flaw.
It's all down to what you try to protect.
... connecting any device not 100% controlled by the company to a
company network is strictly forbidden, doing so would be regarded as
Slythers Bro [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
this is a mathematic tool where all bits of a double word have 3 states :
one , zero and
unknow
i implemented the addition , multiplication (with an integer), a new
concept fusion
(equivalent to = ) , and all basic
[EMAIL PROTECTED] wrote:
What a frikking idiot. That's the former chief executive officer who
recently died of Colonium-210 poisoning under mysterious circumstances.
Colonium my arse!
cheers,
DaveK
--
Can't think of a witty .sigline today
TheGesus wrote:
I was only quoting (with a little creative editing) the late(?),
great(?) Paul Milne of Y2K disaster fame.
Fair enough, in that case, Paul Milne is MAKING IT HAPPEN!
You're kinda-helping by propagating his sewage without a proper health
warning though; your argument is a
TheGesus wrote:
More and more people are hearing the recommendation to withdraw a
little extra cash out of the banks to prepare for cyber attacks. If
as many as 1.32% of bank depositors take their advice and withdraw all
their money, the banks will close their doors.
Al Qaeda threatens to
Gadi Evron wrote:
Noam Rathaus on using Google to anonymize attacks on websites:
http://blogs.securiteam.com/index.php/archives/746
By placing a URL on any web page, Google will find it, visit it and
then index it. With this mechanism, it is possible to anonymize
attacks on third party web
[EMAIL PROTECTED] wrote:
Per charter, please take politics off list.
What does that suggest to you?
cheers,
DaveK
--
Can't think of a witty .sigline today
___
Full-Disclosure - We believe in it.
Charter:
Last tuesday's updates (which I deferred installing until yesterday) left
a folder on my HD, called C:\c0772dab3463959f7c, containing a log file,
msxml6-KB927977-enu-x86.log, which contains install logging details for the
msxml patch.
Did everyone get this (or perhaps a similarly-named
[EMAIL PROTECTED] wrote:
Please take disagreements, flames, and arguments off the list if
possible.
Reposting the entire thing makes you a hypocrite. Why is it ok for YOU to
post that message but not ok for the OP to post it? Answer: it isn't.
How about getting the bloody tree trunk
0 0 [EMAIL PROTECTED] wrote in message
Yesterday I finished programming a keylogger,
After receiving the program, it really is as simple as sending it to
someone, telling them to run it, and watching the logs appear in your
email account!
Oh great. So now I can spy on morons. That's
Georgi Guninski wrote:
bye bye and all the best :)
So long, and thanks for all the 'sploits!
cheers,
DaveK
--
Can't think of a witty .sigline today
___
Full-Disclosure - We believe in it.
Charter:
[EMAIL PROTECTED] wrote:
On Sun, 12 Nov 2006 18:21:16 GMT, Dave \No, not that one\ Korn said:
Georgi Guninski wrote:
my question was:
when was the first provable *public* (as in common sense)
announcement of the exploitability of buffer overflows.
The use of smashing the stack
Georgi Guninski wrote:
my question was:
when was the first provable *public* (as in common sense)
announcement of the exploitability of buffer overflows.
The use of smashing the stack to seize control of the program flow was in
everyday usage on the Commodore PET from around 1979-1980ish.
Gadi Evron wrote:
Nothing really surprises me anymore. The quality of advisories and QA
people do seems to be dropping, especially when it comes to File
Inclusions. The level of false positives posted in the last couple of
weeks is staggering.
Folks use Google Code Search to find vulns, and
Peter Ferrie wrote:
file://
?
OK, I'll bite. Why are file:// URLs relevant to the discussion?
It allows arbitrary data to be passed to CMD.EXE, without first
owning the system.
No it doesn't. It passes arbitrary data to the windows gui shell exec
function. It doesn't invoke cmd.exe.
Antoine SANTO [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi,
I come to report a little strange discolsure discovered by my
co-worker Fx0day.
When you save session informations under putty and you need proxy
for a session,
We can find in plain clear text the login and
Bipin Gautam wrote:
Microsoft Virtual Machine VMWARE information disclosure
Vulnerability
Note: Though not limited to these two products, this trick can be used
as an genetic method to detect the presence of any virtual machine
Gene*R*ic. The word you're looking for is generic. Genetic
Aditya Sood wrote:
This post deals with the googling effects that google provide with its
search engine.
You just invented a new phrase that does not exist in any dictionary.
What are googling effects? And how did you expect everyone else in the
world to know a private phrase you just
Dragos Ruiu wrote:
The new Flash player adds network functions!
Hey, I can do it in three words!
Flash. Must. Die.
and thus there are many ways to bypass the only-connect-back-upstream
and port 1024 limitations on the SWF applet Socket() class. A
Limiting ports to less than 1024
Gadi Evron wrote:
I cover everything that I found so far on how Google Code Search can
be used to find vulnerabilities and backdoors in code.. and even
harvest valid email addresses or perform static analysis.
http://blogs.securiteam.com/index.php/archives/663
What's your new fav Google
Billy Hoffman [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Proof of Concept: http://www.spidynamics.com/spilabs/js-search/index.html
Hmm, doesn't work for me in FF1.0.6. Haven't tested with 1.5.x series.
Can send more information or do further testing if you want.
cheers,
Kenneth F. Belva wrote:
I've been defending Virtual Trust as an enabler for the past three
days on the full-disclosure list. So far, fairly successfully.
An enabler *of* anything in particular? Or just some kind of magic
enabling pixie dust, good for all purposes?
Here's the challenge:
? wrote:
So, WTF#1 is: what the hell makes them think my utterly clean
machine could possibly be infected? What kind of pseudo detection
technique are they using? So WTF#2 is: why the hell are they trying
to push obsolete old garbage on me?
I'm going to leave my workstation unplugged over
Is anyone else seeing this?
I just noticed the 'updates waiting to be installed' shield icon in my
systray. Popped it up, chose manual install to see what M$ was trying to
shove down my throat this time. It was offering me the Mydoom, Zindos, and
Doomjuice Worm Removal Tool (KB836528). The
Gadi Evron wrote:
Numbers...
I can't speak for others, but I can try to answer better than I did
on the botnets mailing list on whitestar.
On individual honey nets, even rather large ones, the number of unique
samples often assembled can be somewhere between 200 and 800
a month.. depending
[EMAIL PROTECTED] wrote:
Contex -
If you consider that America are
able to lie about the weapons of mass
destruction and then admit it,
America never lied about WMD.
America is not in a position to prove
Haven't seen this mentioned before, but it's part of ATT's explanation of
how a PI was able to falsely obtain the phone records of Thomas J. Perkins,
the board member who resigned over the illegal investigation:
http://www.thesmokinggun.com/archive/0905061hp3.html
[transcribed by me from
Michael Adams wrote:
A buffer overflow in variable 'buf' exists due to insufficient
validation of variable 'name' in function tor_resolve line 218 of
software at http://www.monkey.org/~dugsong/dsocks/
At a quick glance, this looks like it could indeed be overflowed quite
trivially by passing
lsi wrote:
If the user uses Browzar's default search page, it's obvious as hell:
2xx.206.1x6.1x5 - - [01/Sep/2006:20:49:19 +0100] GET
/parvati/ici_bse.htm HTTP/1.1 200 18754
http://www.browzar.com/search/browzar.asp?q=david%20brown%20prion;
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
[EMAIL PROTECTED] wrote:
please note that self-promotion is forbidden on the list.
That's 'gratuitous' self-promotion that is forbidden. Non-gratuitous
self-promotion, which is allowed, would be where the post is almost entirely
worthwhile security-related content with a brief plug for
naveed [EMAIL PROTECTED] wrote in message
void dummy(unsigned char* ptr,int sz)
{
for(int i=0;isz;i++)
fwrite(ptr[i],1,1,fptr);
}
:) Bit odd way of doing things!
cheers,
DaveK
--
Can't think of a witty .sigline today
Eliah Kagan wrote:
On 7/6/06, Edward Pearson wrote:
Yes, shame on you.
If Rob took you to court, you'd be in big fucking trouble.
Wow, feel the hate.
evilrabbi pointed it out, but maybe you didn't catch it...court
records are public...
Benjamin Krueger spoke of, SSN, birthdate, and other
Denis Jedig wrote:
n3td3v wrote:
Today's disclosure involves Google and Yahoo search engines:
All you need to do is put in the code to a web page, when Google and
Yahoo visit it, then the code exploits the software they use and
makes them start caching 'other' pages. Including 'no index'
Robert Kim Wireless Internet Advisor wrote:
http://www.frustratedcities.com/bush-foreign-policy-iran.html
compares the same stories from BBC FOX CNN WSJ and New York Times to
show you how EACH source is biased...
No it doesn't. It just puts up an rss feed from each of those sites next
to
[EMAIL PROTECTED] wrote:
Recently, I was introduced to the torrent network
(primarily because I wanted to download some Linux
distros). My curiosity made me download other audio
torrents to see the efficiency of the torrent network.
One thing I have noticed on my system is that there
is
3APA3A wrote:
RelevantKnowledge was found to contain backdoor proxy
component
rlvknlg.exe (Marketscore OSSProxy), which is configured to
allow
incoming network connections on TCP/8254, probably acts as open
proxy
and also performs keylogging and monitoring for active
n3td3v wrote:
i'm not having a major breakdown...
Methinks the lady doth protest too much.
cheers,
DaveK
--
Can't think of a witty .sigline today
___
Full-Disclosure - We believe in it.
Charter:
Pete Simpson wrote:
This demonstrates that if the model were valid the minimum possible
duration of complete collapse would be 87.9 seconds.
Well then, this demonstrates that your model is not valid.
cheers,
DaveK
--
Can't think of a witty .sigline today
James Evans wrote:
And now a very important message...
RealVNC is distributed under the GNU General Public License. As such,
the complete source code of RealVNC *must* be freely distributed. When
RealVNC (the company) received notice of this flaw in their software,
they were quite prompt in
Sol Invictus wrote:
I also remember LSD pesters Microsoft and they were rapidly sold
out.
I knew those guys were on something when they created Windows!!! They
had Dealers sell out of LSD ROFLMAO
Don't talk crazy. Everyone knows what operating system you get if you do
way too
john kalergis wrote:
So, let's see Washington... Virginia Ohio Illinois
Missouri
You're in Kansas, right?
woweverybody here is more than impressed
Well, I don't suppose *everybody* has had a sense of humour bypass. And
there's a valid point I was making
[EMAIL PROTECTED] wrote:
The number of US universities big enough to have 7,000 incoming students
is extremely limited. *that* little tidbit probably tells us more than
the fact his traceroute ends in Kansas.
Plus he just gave away that his parents work there, so we can cut it down
to
CrYpTiC MauleR wrote:
students attending. So everyone please dont wast your time trying to
play 'who can guess what school it is or where it is?' because I
really will not verify if you are correct or not and plain do not
want to play that game. I just asked FD on advice of what to do
Fixer wrote:
Brian Eaton wrote:
than a secure network. Plus a university network has fewer secrets
to protect than a business.
Depending on the University, I might or might not agree with that. I
know of several that have DoD funded research projects going on that
require Top Secret
n3td3v wrote:
I'm not anti corporate. I'm anti people working within them making bad
security choices, like Yahoo do. I'm anti Secunia, as they host FD,
only because of the footer URL. If there was no footer URL, they
wouldn't even have thought about hosting FD.
Try and get causality the
n3td3v wrote:
Remove the URL, no one wants it there.
How dare you presume to speak for everyone in the world, you arrogant
tosser? You haven't done a survey. You haven't asked anyone else's
opinion. About anything, ever. You just think you're better than everyone
else and must be
CrYpTiC MauleR wrote:
I am sorry I am not going to say who the school is.
You've already told us enough:
X-Originating-Ip: 70.129.230.224
04/22/06 22:06:09 Fast traceroute 70.129.230.224
Trace 70.129.230.224 ...
1 10.128.196.1210ms 10ms 10ms TTL: 0 (No rDNS)
2 80.1.202.77
48 matches
Mail list logo