during the Recent Attack
Gadi Evron (Beyond Security)
- Strategic Lessons from the Estonian "First Internet War"
Jose Nazarijo (Arbor)
- Botnet statistics from the Estonian attack
Andrew Fried (Treasury Department)
- Phishing and the IRS - New Met
(or try to). For now though, it is about one vulnerability
ignored at a time, and working on our communities.
Gadi Evron.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
e all busy, but I hope some of you will have the time to look into
this.
I am aware of and have assisted several ISPs, who spent some time and
effort exploring this threat and in some cases acting on it. If anyone can
share their experience on dealing with
The Security Forum, TAUSEC at Tel Aviv University, next lecture will be on
Sunday, Apr 29, 2007 at 18:00 (6 P.M)
Location: Tel Aviv University Lev Auditorium
Map: http://www2.tau.ac.il/map/unimapl1.asp
Attendance is free, light refreshments will be served
A GRID event will take place just before
http://www.theregister.com/2007/04/17/hackers_service_terminated/
"A 21-year-old college student in London had his internet service
terminated and was threatened with legal action after publishing details
of a critical vulnerability that can compromise the security of the ISP's
subscribers."
I ha
-- Forwarded message --
Date: Sat, 14 Apr 2007 18:40:53 +0200
From: Jerome Athias <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [exploits] RPC vuln in DNS Server
Quote from HD Moore:
"This module has been added to the development version of Metasploit 3, it
will be mer
Support Intelligence releases daily reports on different fortune 500
companies which are heavily affected by the botnet problem, with many
compromised machines on their networks.
You can find more information on their blog:
http://blog.support-intelligence.com/
They are good people, and they know
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
> Gadi,
>
> Gadi Evron wrote:
>
> > For a real current attack.
>
> Understandably. This is the attack which this thread is about, as
> indicated in the subject line of the e-mail.
>
> To recap, you used the
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
> Gadi,
>
> Gadi Evron wrote:
>
> > It has relevance to what you replied to.
>
> No doubt - but unfortunately not the part of it that I was actually
> responding to; this isn't actually a reply to what I said,
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
> Gadi,
>
> Gadi Evron wrote:
>
> >> I'm thinking that an attacker with write access to %systemroot% probably
> >> has juicier, simpler targets to attack (which potentially let them run
> >> code
On Mon, 2 Apr 2007, Andrea "bunker" Purificato wrote:
> [0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g)
Not a 0day. Just publicly released exploit code.
This is:
1. Patched.
2. Not publicly exploitable.
Gadi.
>
> Grant or revoke dba permission to unprivileged user
> Tested on "Ora
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
>
> Gadi Evron wrote:
> > Although eEye has released a third-party patch that will prevent the
> > latest exploit from working, it doesn't fix the flawed copy routine. It
> > simply requires that any cursors loaded m
http://blogs.technet.com/msrc/archive/2007/04/01/latest-on-security-update-for-microsoft-security-advisory-935423.aspx
Gadi.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponso
Hi, more information about the patch released April 1st can be found here:
http://zert.isotf.org/
Including:
1. Technical information.
2. Why this patch was released when eeye already released a third party
patch.
The newly discovered zero-day vulnerability in the parsing of animated
cursors is
indeed just an email message, sent among
friends.
- Begin quoted message -
Date: Fri, 16 Feb 2007 02:32:46 -0600 (CST)
From: Gadi Evron
To: [EMAIL PROTECTED]
Subject: [reg-ops] Internet security and domain names
Hi all, this is a tiny bit long. Please have patience, this is important.
On
t;
I still like Monochrom's RFID song better. :)
(thanks Sid)
Gadi.
--
"beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi"
- HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.
On Fri, 16 Mar 2007, Hakuna Matata wrote:
> is there any English version of this site available
>
Sorry, no.
> --Hakuna
Gadi.
--
"beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi"
- HD Moore to Gadi Evron on IM, on Gadi's inte
TAUSEC - The Security Forum, hosted by Tel-Aviv University, next meeting
will take place on: Sunday, March 18, at 18:30.
Location: Tel-Aviv University, Lev Auditorium
Map: http://www2.tau.ac.il/map/unimapl1.asp
Attendance is free, light refreshments will be served
Schedule:
-
18:30 - A t
-
3. Are PHP applications also a target of this initiative?
No they are not. If you want a month of PHP application bugs you can
subscribe to the bugtraq or full-disclosure mailinglists.
-
http://www.php-security.org/
Gadi.
___
Full-D
Jamie Riden, Ryan McGeehan, Brian Engert and Michael Mueter just released
an Honeynet paper on Web security called: Know your Enemy: Web
Application Threats
You can find their paper here:
http://honeynet.org/papers/webapp/
The paper is very good, and deals with all kinds of web threats such as
SQ
Hi, this did not hit bugtraq yet for some reason and it is serious. In AV
circles we are all worried about the abuse potential for this in malware.
uTorrent 1.6 build 474 (announce) Key Remote Heap Overflow Exploit
http://milw0rm.com/exploits/3296
Further Burak CIFTER wrote on this concern, compa
x.php/archives/815
Gadi.
>
> --Jeremy
>
> > -Original Message-
> > From: Gadi Evron [mailto:[EMAIL PROTECTED]
> > Sent: Monday, February 12, 2007 11:17 AM
> > To: [EMAIL PROTECTED]
> > Cc: botnets@whitestar.linuxbox.org;
> > full-disc
On Thu, 15 Feb 2007, Damien Miller wrote:
> On Tue, 13 Feb 2007, Gadi Evron wrote:
>
> > We all agree it is not a very likely possibility, but I wouldn't rule it
> > out completely just yet until more information from Sun becomes
> > available.
>
> What more i
to the community and industry on this without
too many PR/legal blocks getting in their way are very encouraging,
releasing information on the vulnerability, how it happened and why, a
quick beta patch and even discussing openly on mailing lists.
I am in awe. Now it
On Tue, 13 Feb 2007, Peter Ferrie wrote:
> > I have to agree with a previous poster and suspect (only
> > suspect) it could somehow be a backdoor rather than a bug.
>
> Reminds me of the WMF SetAbortProc() "backdoor" accusation.
> :-) It was just bad design.
>
You know what? As unlikely as we a
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>
> >Yeah, a backdoor is a remote possibility. But it's also an arbitrary and
> >needlessly complex one. Maybe it's a nefarious plot by our UFO-appointed
> >shadow government, but chances are, it's not (they have better things to
> >do today).
>
> And
On Tue, 13 Feb 2007, Gadi Evron wrote:
> On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
> >
> > >On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
> > >>
> > >> >
> > >> >Am I missing something? This vulnerability is close to 10 years old.
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>
> >On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
> >>
> >> >
> >> >Am I missing something? This vulnerability is close to 10 years old.
> >> >It was in one of the first versions of Solaris after Sun moved off of
> >> >the SunOS BSD platform and over
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>
> >
> >Am I missing something? This vulnerability is close to 10 years old.
> >It was in one of the first versions of Solaris after Sun moved off of
> >the SunOS BSD platform and over to SysV. It has specifically to do w=
> >ith
> >how arguments are
On Tue, 13 Feb 2007, Michal Zalewski wrote:
> On Tue, 13 Feb 2007, Gadi Evron wrote:
>
> > I have to agree with a previous poster and suspect (only suspect) it
> > could somehow be a backdoor rather than a bug.
>
> You're attributing malice to what could be equally
one mentioned on DSHIELD.
Gadi.
>
> Oliver
>
> -----Original Message-
> From: Gadi Evron [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 13, 2007 1:46 AM
> To: Oliver Friedrichs
> Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
> Subje
a lot
of action recently.
>
> Oliver
Gadi.
>
> -----Original Message-
> From: Gadi Evron [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 11, 2007 10:01 PM
> To: bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Solaris telnet vuln
Websense just released a blog post on how sites get defaced for malicious
purposes other than the defacement itself, such as installing mallicious
software on visiting users.
This is yet another layer of abuse of web server attack platforms.
You can find their post here:
http://www.websense.com/s
Are file inclusion vulnerabilitiess equivalent to remote code
execution? Are servers (both Linux and Windows) now the lower hanging
fruit rather than desktop systems?
In the February edition of the Virus Bulletin magazine, we (Kfir
Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:
If you run Solaris, please check if you got telnet enabled NOW. If you
can, block port 23 at your perimeter. There is a fairly trivial
Solaris telnet 0-day.
telnet -l "-froot" [hostname]
On Wed, 24 Jan 2007, Andre Gironda wrote:
> On 1/24/07, Gadi Evron <[EMAIL PROTECTED]> wrote:
> > How many OPK's are being released today.. anyone?
> >
>
> Ovulation Predictor Kits?
>
> OEM Preinstallatio
On Fri, 12 Jan 2007 [EMAIL PROTECTED] wrote:
> The Web Application Security Consortium is also doing such a project at
> http://www.webappsec.org/projects/honeypots/ . May be worthwhile to share
> data perhaps?
My thoughts exactly!
Although.. it is high time we started getting out of the mindset
f the Virus Bulletin
magazine, from:
Kfir Damari, Noam Rathaus and Gadi Evron (yours truly).
The SecuriTeam and ISOTF Web Honeynet Project would like to thank
Beyond Security ( http://www.beyondsecurity.com ) for all the support.
Special thanks (so far) to: Ryan Carter, Randy Vaughn and the rest of th
-- Forwarded message --
Date: Wed, 3 Jan 2007 20:11:34 -0600 (CST)
From: Gadi Evron <[EMAIL PROTECTED]>
To: funsec@linuxbox.org
Subject: [funsec] AV and Marketing Babes
We discussed NOD32's marketing with putting "NOD32 protects your ass" on
babes
CCC was amazing! I am definitely going next year again. For more videos
and presentations suggestions, skip to the link below.
One of the greatest surprises for me at 23C3 was my personal introduction
to Monochrom ( http://monochrom.at/ ,
http://en.wikipedia.org/wiki/Monochrom ), a group of hacker
ecretive uses for third-party
intelligence operations.
Gadi Evron.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
erences like
> http://www.securityfocus.com/bid/21589/exploit
> etc.
>
> The metadata information of 12122006-djtest.doc states the following:
>
> Created: 16th Aug 2006
> Author: sarahbl
Not a 0day.
>
> - Juha-Matti
>
>
> Gadi Evron <[EMAIL PROTECTED]&g
On Thu, 14 Dec 2006, Jerome Athias wrote:
> Gadi Evron a écrit :
> > On Tue, 12 Dec 2006, Joxean Koret wrote:
> >
> >> Wow! That's fun! The so called "Word 0 day" flaw also affects
> >> OpenOffice.org! At least, 1.1.3. And, oh
On Tue, 12 Dec 2006, Joxean Koret wrote:
>
> Wow! That's fun! The so called "Word 0 day" flaw also affects
> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> with the file:
This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
mode, on a mailing list (fuzzi
The agenda and schedule for the workshop can be found here:
http://isotf.org/isoi2.html
Gadi.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secuni
k-VK.zip
>
> http://xforce.iss.net/xforce/xfdb/21727
I hear buffer overflows were invented quite a few years back, too. :)
That makes most new bof's irrelevant!
Gadi.
>
>
> Regards,
> -d
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
&g
d
cross-file scripting is used, calling for different functions and
parameters, nor how many functions you obfuscate your code through, it can
be read and maniuplated.
We made several email and phone attempts over the past couple of months to
reach cajamurcia and report this security issue to th
e communication, as a covert
channel.
Noam Rathaus.
(with thanks to Gadi Evron and Lev Toger)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
can be verified if seeded
and advertised via trusted sites. Large torrent sharing sites are the main
threat.
Gadi Evron.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On Wed, 8 Nov 2006, Gadi Evron wrote:
> On Wed, 8 Nov 2006, Thomas Pollet wrote:
> > Windows handles UNC paths the same way as local paths. Another mechanism
> > used to load a remote dll using a UNC path is described in
> > http://opensores.thebunker.net/pub/mirrors/black
ot the same case,
> but it's also possible.
Unrelated, as to my post, I am explaining my meaning in a follow-up to FD
and here.
Further, thinking about it, this code execution stuff was mentioned by YOU
of all people a while back. I guess I had the same epiphany.
Gadi.
>
On Wed, 8 Nov 2006, Thomas Pollet wrote:
> Windows handles UNC paths the same way as local paths. Another mechanism
> used to load a remote dll using a UNC path is described in
> http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield.
On Wed, 8 Nov 2006, onisan wrote:
> One thing is in this makes it even more interesting, most of the firewalls
> do not block this download, so it's smallest and most dangerous downloader
> at the same time :o
What Alex did is very impressive! Matthew Murphy came up with the idea
originally, I thi
On Mon, 30 Oct 2006, bf wrote:
> "So, knowing full-well security is out of our hands, and relies on the
> security of our users. Knowing full-well that the same technology can be
> used to bypass 2-factor authentication, how do organizations handle their
> own security, if they are to have clients?
On Fri, 27 Oct 2006 [EMAIL PROTECTED] wrote:
> Ummm are you for real? You are posting this as a vulnerability?
>
> Chances are if they have trojaned or gained priviledged access to your
> workstation it shouldnt be
> to much trouble to alter config of firewall or skirt outbound connectivity.
>
>
On Thu, 26 Oct 2006 [EMAIL PROTECTED] wrote:
> So how fast is this "record time?" As fast as Hitler's Blitzkrieg
> tactics? That's pretty fast!
Yahoo! released a fixed version.
Gadi.
___
Full-Disclosure - We believe in it.
Charter: http://lists
>
> Does anyone have more information on this issue?
>
Yes. SecuriTeam is currently assisting a researcher with reporting this
issue to Yahoo! security.
Yahoo! security responded in record time, as they often do, and are
working to resolve this potential security vulnerability.
An official repor
So, here we go. Real-life uses for vulnerabilities.
Below is an example of just ONE "drop-zone" server in the
United States, which has "600 financial companies and banks".
Several gigs of data.
How do these things work?
They get installed by the use of a web vulnerability, an email attachment
o
On Tue, 24 Oct 2006, Georgi Guninski wrote:
> On Fri, Oct 20, 2006 at 05:27:35PM -0500, Gadi Evron wrote:
> >
> > 1. He speaks Real English.
>
> en -> zh -> en
> Has is any countermeasure the bastard which should die to the language?
> Machine-assisted language
in most cases are
built to deal with this threat.
What's never going to happen?
With security done right, on a wide-scale, with a decent systems design,
network, policy, monitoring and responce - a lot can be done and 0days can
also be avoided, even (and especially) with business co
- DDoS: DNS Amplification Attacks - Gadi Evron
Level: Technical/Medium
DNS, DDoS, botnets, amplified attacks reaching over 10 Gbps. How
is it done, case studies, packet captures and defenses.
19:00 - Break
19:20 - Zeroday Emergency Response Team (ZERT) patch for the VML
On Fri, 20 Oct 2006, Dr. Neal Krawetz wrote:
> On Fri Oct 20 15:49:53 2006, Gadi Evron wrote:
> >
> > Cool article, but n3td3v is not gobbles. For one, easy analysis shows he
> > is English.
> >
> > Gadi.
>
> Thanks Gadi.
>
> However, I'm g
Gil kept working on tiny PE, and many others started pitching in ideas.
Apparently, one of the latest idea Gil was playin with (as mentioned in
his first post) Optional Header Size. Apparently, as two reversers in anti
virus companies let him know, a virus played with this too, which got tiny
PE d
On Mon, 16 Oct 2006, Gadi Evron wrote:
> sort of challenge to see if someone else can get there first (without,
> say, making the URL shorter). :)
Crunched further
New binary at 384 bytes is here:
http://ragestorm.net/tiny/tiny2.exe
Blog entry on how this was done is here
Gil Dabah (who did the cool code crunching on the unsupported systems
ZERT VML patch) just wrote some incredible code crunching. I don't
understand most of it.
The challange was to create a PE that downloads a file from the Internet
and executes it, which will be smaller than what his friends did.
t subjects.
Submission is simple, email us directly with your topic and some data to
back it up by December 10th, to [EMAIL PROTECTED]
For more information please visit:
http://isotf.org/isoi2.html
For the agenda of our previous workshop hosted by Cisco Systems, Inc.,
please visit:
http://isotf.org/isoi.
On Wed, 4 Oct 2006, Alexander Sotirov wrote:
> Rewriting the entire function in asm is a lot of unnecessary effort. Why
> didn't
> you add a simple length check and a 5-byte jump to it in the vulnerable
> function?
>
> Patch right before the call to _IE5_SHADETYPE_TEXT::TOKENS::Ptok, check the
>
This isn't terribly shocking, and seems rather preliminary. Still,
very interesting.
Jose Nazario worked out some numbers using the Google code search.
http://monkey.org/~jose/blog/viewpage.php?page=google_code_search_stats
Interesting quotes:
some stats based on simple queries used to find bug
I cover everything that I found so far on how Google Code Search can be
used to find vulnerabilities and backdoors in code.. and even harvest
valid email addresses or perform static analysis.
http://blogs.securiteam.com/index.php/archives/663
What's your new fav Google hack?
Gadi.
_
> So how is this a patch when you are simply automating a simple work
> around?
>
> If this can be called a patch then we should be able to say that
> Microsoft released a patch in their bulletin on this issue where they
> describe exactly how to set the killbit.
>
> A *real* patch would actually
A ZERT patch has now been released and is avilable on our site (
http://isotf.org/zert/ ).
A full patch (for limited Windows versions, which is built very nicely) is
available from Determina.
Our patch automates the Microsoft suggested workaround.
Thanks,
Gadi.
__
Exploit code is available publicly:
http://www.milw0rm.com/exploits/2440
SANS diary:
http://isc.sans.org/diary.php?storyid=1742
And this is so massively exploited, it makes VML look cute. There's a
rootkit, some other malware, and haxdor! (a phishing trojan horse)
Thanks to Roger Thompson at exp
Is here. Several companies are rehearsing their old products and
buzzwording them for DDoS mitigation or botnets, but not Trend Micro.
Trend Micro released a brand new product, implemented with the novel idea
of utilizing DNS to detect bots on an ISP or corporate network.
Whether by massive reque
y use that. All things being even, third party patches should be
a last resort.
Gadi.
>
> Gadi Evron wrote:
> > On Sun, 24 Sep 2006, Bill Stout wrote:
> >
> >> http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be
> >> ing.html
&
On Sun, 24 Sep 2006, Bill Stout wrote:
> http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be
> ing.html
> "This exploit can be mitigated by turning off Javascripting.
>
> Update: Turning off Javascripting is no longer a valid mitigation. A
> valid mitigation is unregistering
For orgs which are not ISP's, I just emailed this to nanog.
-
Hi guys, several ISP's are experiencing a flood of calls from customers
who get failed installations of the recent IE 0day - VML - (vgx.dll).
If you are getting such floods too, this is why.
This is currently discussed on the botn
?BlogID=80) report
that sites seen exploiting this 0day in-the-wild have previously been
seen utilizing Webattacker. If Webattacker indeed uses this 0day... it
will be spread far and wide.
No patch in sight. Easy to exploit.
Gadi.
On Tue, 19 Sep 2006, Gadi Evron wrote:
> Sunbelt Softw
Sunbelt Software released a warning on a new IE 0day they detected
in-the-wild, to quote them:
"The exploit uses a bug in VML in Internet Explorer to overflow a buffer
and inject shellcode. It is currently on and off again at a number of
sites.
Security researchers at Microsoft have been informe
In the public hacking world, so far we have mostly seen USB technology
from security vendors... not the attackers side.
A few years ago we had discussions on pen-test
(http://archives.neohapsis.com/archives/sf/pentest/2004-06/thread.html#2),
and later bugtraq and FD on these risks, following an ar
On Thu, 14 Sep 2006, Dude VanWinkle wrote:
> On 9/14/06, Gadi Evron <[EMAIL PROTECTED]> wrote:
> > This counts bot samples. Whether they are variants (changed) or
> > insignificant changes such as only the IP address to the C&C, they are
> > counted as unique.
>
On Thu, 14 Sep 2006, Dave "No, not that one" Korn wrote:
> Can you go into detail about the methodology you're using here? How do
> you "get to a number" of 15,000 from a number "between 200 and 800"? Is
My comment here was in regard to what most honey nets see.
> this a statistical extrapo
> hi guys
> i ask gadi on the botnets listserv on where he got the number 12K for
> bots every month on his the world of botnets article [
> http://www.beyondsecurity.com/whitepapers/SolomonEvronSept06.pdf
You did..
> ] .. he gave no real answer.
> does that number sound right to anybody? where d
So, at defcon, one of the evenings, at one of the tables... several people
sat. Some of them were decent and therefore shall remain nameless. When
introductions were made, we realized that
The others were:
Morning_Wood, the bantown fa*ot spammer, and me.
We have a picture together, morning, h
Hi guys, here is a forward of my follow-up to the previous message.
Gadi.
-- Forwarded message --
Date: Sat, 12 Aug 2006 13:12:30 -0500 (CDT)
From: Gadi Evron <[EMAIL PROTECTED]>
To: botnets@whitestar.linuxbox.org
Subject: what can be done with botnet C&C'
I decided to email this here as well, I don't speak much of botnets in the
security community, but rather in the network world, and the interest rate
has sky-rocketted lately.
-
The few hundred *new* IRC-based C&Cs a month (and change), have been
around and static (somewhat) for a while now. A
Okay, so we all like to diss on Cross-site scripting vulnerabilities. They
are indeed vulnerabilities, but there are so many of them that they have
become tiresome, to say the least.
Today, a serious cookie-stealing XSS in paypal was reported. Automatically
it was put down. I will try and address
genda
--
09:00 - 09:05 - Preview of the day - Gadi Evron (Beyond Security)
09:05 - 09:30 - Early sessions - botnets from different perspectives,
hosted by Paul Vixie (ISC):
ISP's Barry Greene (Cisco)
Anti Virus industry Joe Hartmann (Trend Micro)
DynDNS providersJoshua Anderson (Af
for executables for potential AUP violations or compromises.
Really, the sky is the limit even if this is not the holy
grail. It's... cool.
Gadi.
On Tue, 18 Jul 2006, Gadi Evron wrote:
> Guys, HD and the guys at Websense are obviously very cool for noting this
> Google hackin
Guys, HD and the guys at Websense are obviously very cool for noting this
Google hacking technique and exploiting it (HD publicly).
Still, this thing can be used far and wide.. a lot more than just for
known signatures of malware, etc.
I was lucky enough to be playing with this for a bit before We
Hi. You can find the information and latest agenda on the DA workshop on
this URL:
http://isotf.org/isoi.html
It will be updated in the next few days to include a suggested hotel and
the rest of the names missing for the listed lectures.
Quick reminders:
10th of August, hosted by Cisco in San Jo
t.pdf
Gadi Evron.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Beyond Security's beSIRT just released this document, detailing one of the
recent Cyber-terrorism defacement attacks on pro-Israeli servers by Team
Evil, following the political tensions in Gaza, with:
*. Tech details.
*. Log of the incident response team, detailing the experience.
*. Some conclus
> > mate if you care, or give a shit. I have over 300 *different* crashes
> > in word ( total over 5k files that crash word), from using two basic
> > templates and then fuzzing them
>Out of curiosity, how do you determine conclusively that they're in fact
>different crashes, rather than just dif
On Sat, 8 Jul 2006, J.A. Terranson wrote:
>
> On Sat, 8 Jul 2006, Gadi Evron wrote:
> And, for the second time, in the second forum (but with no answer as yet),
> I ask "Why is this closed to these communities?". These are the very
> communities most closely involved w
end a
request. We would be happy to learn of your interest.
The workshop is closed to reporters.
Please verify your arrival by August 1st, space is limited.
Costs:
--
Attendance is free.
--
Gadi Evron, ISOI/DA Coordinator,
[EMAIL PROTECTED]
___
> C|Net isn't the underground, nor is the NCSA who made the announcement
> they reported (June 27, 1997):
> http://news.com.com/2100-1023-200992.html
I think we all got this wrong, the subject line asks:
"Are consumers being misled by "phishing"?"
Answer: Yes.
__
7 6 14
1659 ERX-TANET-ASN1 21 6 71
12322 PROXAD AS for Proxad ISP7 6 14
Randal Vaughn Gadi Evron
Professor ge at linuxbox.org
Baylor Universi
YES! (just responding to the subject line. Gather that, eh? Consumers are
misled by phishing! Wow!
> Kiddie flaming mood?
It happens. I will get tired after this post (most likely).
> Its not about being annonying, its about misleading the consumer with
> catch phrases to describe social enginee
I guess I'm in kiddie flaming mood this week. About time too, been a
while.
> I believe the industry coined up "phishing" to make more money out of
> social engineering. Its obvious now that both are over lapping. Only
> the other day Gadi Evron was trying to coi
shareholder value.
>
> Brate Sanders
I am far from a Microsoft marketing expert... but what you say is
interesting.
>
>
>
>
> - Original Message
> From: Gadi Evron <[EMAIL PROTECTED]>
> To: bugtraq@securityfocus.com
> Cc: [EMAIL PROTECTED]; full-disclosu
101 - 200 of 618 matches
Mail list logo