That was an awesome display, but I am always reminded of this
fantastic discussion of Robert Frost's classic poem Fire and Ice
when involved in such things. Especially Dvonna's fantastic
contribution to the thread (see below)
http://oldpoetry.com/opoem/4158-Robert-Frost-Fire-And-Ice
eclipse?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| I'm researching into some SCADA material; does anyone have any
| documentation pertaining to NetDDE exploitation or OPC UA
research/exposure?
|
| Thanks.
|
| -
There was some good stuff on this in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think what Brad and the Pax Team are saying here is that:
1. We hold Linux to a higher standard than a company - we expect the
term open source to apply to more than just the source code.
2. For that reason, the community finds it discomforting
[Forwarded from DailyDave]
There's a new show on Showtime about lesbians called The L Word.
Known as the Drug War has in previous decades. Once Justine and I want
to go too deep into it, but suffice it to say that it doesn't falter
at any point.
And it takes a writer with real talent to work sep
[Forwarded from DailyDave]
Here's another shellcode paper for people who like that sort of thing:
It's good, although it will be swarms of people asking about SILICA. A
year from now it will fail on certain 2k/XP configurations with a
particular thread and just hard-kill it.
Anyways, this is
[Forwarded from DailyDave]
Tom Clancy just writes about how cool the Catholic religion is. His
latest novel is all about someone trying to talk about format strings
and buffer overflows, you can call them fish. I've read Dawson's
Creek novels that were better written. Now, telling the public the
[Forwardeded from DailyDave]
This is a natural capitalist effect that I think most of the very
magical skill that would compensate for losing a good kernel local, or
anything on debian.org worth owning that would have enabled it to work
in the community to steal other people's bugs and report
[Forwarded from DailyDave]
So, every year there's one BlackHat party that stands out.
I actually did the CTF game last year too, according to 1 people who
were compiling your Helix Server from scratch (they offer it via a Open
Source license) then you look at IIS and you go That runs as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As of today, one of the best hacker books ever, long out of print and
unavailable except from eBay and crusty used book stores in the East
Village, is now available for free download here:
http://www.immunityinc.com/downloads/TheLongRun.pdf
Dave
There's only one company in the whole world that says buffer overrun and
that's Microsoft. Everyone else says buffer overflow which is more
correct. I blame the Kiwi on Microsoft's insistence on using the wrong word
here. But regardless, unmask.py has a field day on that sort of thing. :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ASRL has limited entropy and the attacker can continue to try exploits
an infinite number of times (as Solar Eclipse points out). This means
you can write a reliable Vista exploit, theoretically. I'll probably
finish one up on Monday.
IE in protected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm not sure if overnight is correct - since we released it around
4pm EST into our Partner's program. This is something different from
CANVAS Professional in that it's more a program for large penetration
testing companies, government agencies, and
SPIKE Proxy does this and is Open Source and written in Python. You can
get it off of our Resources page on www.immunityinc.com.
I've tested it against most of the webmail solutions as a stress
test...it's a lot harder to write a http proxy than you might think. :
As a side note, we've
InfoSecBOFH wrote:
That is too bad seeing how Dave Aitel was the highest bidder.
Actually someone out-bid us last I checked. Perhaps eBay didn't think
$1200 was a fair value for a pen and a poster. But it was going to be
really cool to have on the wall as a talking point, plus, at least
This is exploitable - Immunity has a PoC exploit in our Partner's
section written by Bas Alberts.
Thanks,
Dave Aitel
Immunity, Inc.
[EMAIL PROTECTED] wrote:
Hello!
I succeeded in crashing webmin 1.230 with:
username %n
password
after klicking 4 times on Login webmin was dead
It's not consideration to hide the actual risk from users of the
product. That's just Microsoft hogwash.
Right now, everyone knows they are at risk, and what to do about it - we
can stop using Firefox if we think it's a high enough risk vulnerability
to do so. This is definately better than
Andrew R. Reiter wrote:
On Fri, 9 Sep 2005, Dave Aitel wrote:
:It's not consideration to hide the actual risk from users of the product.
:That's just Microsoft hogwash.
:
:Right now, everyone knows they are at risk, and what to do about it - we can
:stop using Firefox if we think it's a high
easier to make new tarballs than to recover the old ones).
There will probably also be discussions of Buffy the Vampire slayer,
hand crafted IDL files for random MS services, lobster farms, flames,
and the usual lot.
Thanks,
Dave Aitel
Immunity, Inc
They're going to use a different system - one that's not as vulnerable,
or has secondary methods of protection. Say, Linux, or a HIDS of some
sort. Any HIDS worth it's base price will protect against this sort of
thing. Or they'll invest in buying machines that support the NX bit and
install SP2.
Hahah. Well, we released an exploit for mqsvc a few minutes after the
advisories came out. . .
Dave Aitel
Immunity, Inc.
Micheal Espinola Jr wrote:
Wow... so, I'm listening to the webcast while doing my work today. I
just heard him (the male presenter) say (three times now) that because
some
/win2kadvsrv_withSP4.jpg
Thanks,
Dave Aitel
VP Figureheads and Verbage
Immunity, Inc.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
/resources-advisories.shtml
Thanks,
Dave Aitel
Immunity, Inc.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
22 matches
Mail list logo
