Broadcom I suppose . . . ?
More details please
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
On Nov 16, 2013, at 6:59, mrame...@hushmail.com wrote:
Hi all,
I've been doing some investigation, and I come acrosss an ip address and a
mac address hardcoded in some libraries
is still considered
unauthorized access to systems not in your control no matter what you call it.
--
Jason Hellenthal
JJH48-ARIN
On Jul 10, 2013, at 9:38, Curesec Research Team c...@curesec.com wrote:
Hi List,
today, we will show a bug concerning OpenSSH. OpenSSH is the most used
remote
On Mon, Jan 21, 2013 at 5:54 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Jan 21, 2013 at 5:42 PM, Philip Whitehouse phi...@whiuk.com
wrote:
Moreover, he ran it again after reporting it to see if it was still
there.
Essentially he's doing an unauthorised pen test having alerted
Could this be exploitable from within the guest vm? Eg could I execute
commands on the hypervisor host as root by generating a malicious packet to
attack the e1000 driver from within the guest?
On Tue, Jan 15, 2013 at 3:26 PM, Florian Weimer f...@deneb.enyo.de wrote:
-BEGIN PGP SIGNED
On Mon, Dec 24, 2012 at 7:39 AM, Jason A. Donenfeld ja...@zx2c4.com wrote:
realizing. I'm copying the author on this email, as he may want to
include a warning message where nieve folks like myself can see it, or
document these somewhere if they're not already, or at least apply the
two
On Mon, Dec 24, 2012 at 7:39 AM, Jason A. Donenfeld ja...@zx2c4.com wrote:
hashes. A simple google search of
inurl:wp-content/plugins/w3tc/dbcache and maybe some other magic
An astute reader writes to me privately that the /plugins/ part of
that googledork isn't correct, and that the best way
://www.youtube.com/watch?v=sqZ_zYLFDSo
Merry Christmas.
- Jason
zx2c4
[1] http://wordpress.org/extend/plugins/w3-total-cache/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
On Mon, Aug 13, 2012 at 5:41 PM, Richard Miles
richard.k.mi...@googlemail.com wrote:
- Calls a file with a suid file without full path?
No.
- Allows to create a symbolic link inside
/Applications/Viscosity.app/Contents/Resources/ with the name of
ViscosityHelper?
No.
BTW, this file
On Mon, Aug 13, 2012 at 6:02 PM, Richard Miles
richard.k.mi...@googlemail.com wrote:
Thanks for fast reply. I'm still unsure if I understood properly.
Please reply on list.
Yes, it does exist. When you run Viscosity for the first time, it makes
that file SUID.
So, you only have one chance
This one is dead simple.
Exploit: http://git.zx2c4.com/Viscatory/tree/viscatory.sh
Demo: http://www.youtube.com/watch?v=cw2_j6wKwlQ
Product: http://www.thesparklabs.com/viscosity/
___
Full-Disclosure - We believe in it.
Charter:
Tunnel Blick is a fun punching bag. Lots of possible exploits.
Lots of vulnerable SUID code:
http://code.google.com/p/tunnelblick/source/search?q=openvpnstart.morigq=openvpnstart.mbtnG=Search+Trunk
One such exploit: http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker.c
Bla bla
In case there was any debate over what I meant by fun punching bag,
here's a shell script that gets root by a different vector:
http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker-for-kids.sh
http://www.youtube.com/watch?v=8DUNWEzaL2U
You can also fool the program into loading arbitrary
Thank you for the article.
All-in-all I find it to be more centric to the design of the software or
beit in this case PHP apps and not as the subject suggests .htaccess
files.
There are way too many get-ritch-quick upcoming PHP scripters out
there that are not aware or even nearly knowledgeable
Shit, Ill give the NSA a shell on any system... if it means achieving a
greater goal. Whether its wrong or not... let the bots decide who is the
better player as long as it brings the US into a primary position of
power.
On Wed, Jun 06, 2012 at 11:22:32PM -0400, Laurelai wrote:
On 6/6/12 2:23
Funny, I think I meant to add any system I own. I am all about DTRT and
support my government in any which way needed but creating shells on
systems I don't own is not my business.
On Sat, Jun 09, 2012 at 04:07:39PM +0300, John Doe wrote:
By any chance, Jason Hellenthal, do you work
:33 PM
To: Mateus Felipe Tymburibá Ferreira
Cc: Jason Hellenthal; Michael J. Gray; full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Google Accounts Security Vulnerability
Logging on to IMAP mail as one would be doing hundreds of times per day is
not going to reset the web
LMFAO!
On Sat, May 12, 2012 at 04:22:30AM -0700, Michael J. Gray wrote:
Effective since May 1, 2012.
Products Affected: All Google account based services
Upon attempting to log-in to my Google account while away from home, I was
presented with a message that required me to confirm
On Sun, Apr 22, 2012 at 08:56:23PM -0700, BMF wrote:
Ezekiel 23:20
On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
t...@hammerofgod.com wrote:
You dropped a FD on the BIBLE?? Dude, you're going straight to Hacker
Hell! :)
Who is going to work for Microsoft ?
Timothy
On Sat, Apr 21, 2012 at 09:27:59PM -0400, Jeffrey Walton wrote:
Gotta love it - defective spyware running as a driver or privileged
component. It reminds me of that DRM junk Adobe used to distribute
(Macrovision). It was a defective Windows driver that exposed users to
risk
LoL WuT!
Whats the difference between just encrypting your data with GnuPG... and
yes I read your about TGP page lol.
On Sun, Apr 08, 2012 at 10:54:34PM +, Thor (Hammer of God) wrote:
Please ignore (again). I need this key here to parse some FD archives.
?xml version=1.0?
!--TGP -
LoL its a good thing that Hush.com is also law abiding...
On Tue, Mar 27, 2012 at 03:19:22AM +, lawabidingciti...@mac.hush.com wrote:
Hi all,
I've spent some time over the last few days getting to know the Sality
botnet, which is estimated to have at least one million peers. It was
I tried to report this to the vendor in 2009. SHODAN OwnServer1.0:
Results 1 - 10 of about 11832 for OwnServer1.0 country:US.
-Jason Ellison
-- Forwarded message --
From: Jason Ellison info...@gmail.com
Date: Fri, Apr 10, 2009 at 5:02 PM
Subject: DVR Security Issue
To: sa
On Tue, Jan 24, 2012 at 10:10, Jeffrey Walton noloa...@gmail.com wrote:
Does ptrace defeat -fPIE?
No. When I find the offset via ptrace, I do this in a different /bin/su
than the one I eventually use for injection. This is because when you
ptrace an executable, if it is SUID, it will *drop*
I started on a ptrace based way of finding things, but I'm a bit of a
novice in this area. It's not working yet, but progress is here:
http://git.zx2c4.com/CVE-2012-0056/tree/exit-ptrace-finder.c
Any pointers?
On Mon, Jan 23, 2012 at 04:05, Jason A. Donenfeld ja...@zx2c4.com wrote:
Well done
Someone made an android version: https://github.com/saurik/mempodroid
On Sun, Jan 22, 2012 at 19:19, Jason A. Donenfeld ja...@zx2c4.com wrote:
Hey Everyone,
I did a detailed write-up on exploiting CVE-2012-0056 that some of
y'all might appreciate. Pretty fun bug to play with -- dup2ing all
On Mon, Jan 23, 2012 at 04:55, Jason A. Donenfeld ja...@zx2c4.com wrote:
Never seen checksec. Cool.
As it turns out, Fedora seems to do a good job at compiling (all? not
sure) their suid executables with -pie.
Revision. It does in fact work with fedora. /usr/bin/gpasswd.
http://git.zx2c4
\x6a\x3c\x58\x0f\x05);
2012/1/23 Jason A. Donenfeld ja...@zx2c4.com:
I started on a ptrace based way of finding things, but I'm a bit of a
novice
in this area. It's not working yet, but progress is here:
http://git.zx2c4.com/CVE-2012-0056/tree/exit-ptrace-finder.c
Any pointers
with shellcode.
sh-4.2#
http://git.zx2c4.com/CVE-2012-0056/tree/mempodipper.c
On Tue, Jan 24, 2012 at 08:35, Jason A. Donenfeld ja...@zx2c4.com wrote:
I really couldn't really decipher the python without squinting, and I
decided I didn't really like this method of going about it; it seems a bit
fuzzy. I
.com/749 . Enjoy.
Jason
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
=1077l2167l0l2282l7l4l0l0l0l0l148l403l2.2l4l0
On Sun, Jan 22, 2012 at 19:19, Jason A. Donenfeld ja...@zx2c4.com wrote:
Hey Everyone,
I did a detailed write-up on exploiting CVE-2012-0056 that some of
y'all might appreciate. Pretty fun bug to play with -- dup2ing all
over the place for the prize of getting to write
, the reason why I don't hard code 12 for the
length of the su error string is that it's different on different
distros.
On Mon, Jan 23, 2012 at 02:14, sd s...@fucksheep.org wrote:
2012/1/23 Jason A. Donenfeld ja...@zx2c4.com:
Server presently DoS'd, or dreamhost is tweaking again.
boring tl;dr
similar things you can do when running suid code that
will make it loose suidness, and also a variety of inspection
techniques.
On Mon, Jan 23, 2012 at 03:46, sd s...@fucksheep.org wrote:
2012/1/23 Jason A. Donenfeld ja...@zx2c4.com:
NICE! Well, I guess posting that blog post defeated the point
, and after it (until 3.3, I guess) are. Hope this
clarifies.
Jason
[1]
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=198214a7
On Mon, Jan 23, 2012 at 04:09, mark cunningham
markcunninghamem...@gmail.com wrote:
Hey great write up on the exploit, sorry
(and probably many others). Perhaps distributions should run
Checksec (http://www.trapkit.de/tools/checksec.html) on their
binaries.
On Sun, Jan 22, 2012 at 6:25 PM, Jason A. Donenfeld ja...@zx2c4.com wrote:
Server presently DoS'd, or dreamhost is tweaking again.
Cache link:
http
Frickin k1dz1es
On Thu, Jan 19, 2012 at 01:22:35PM +1100, xD 0x41 wrote:
On 18 January 2012 09:45, Jan Wrobel w...@mixedbit.org wrote:
Hi,
This TCP session hijacking technique might be of interest to some of you.
Abstract:
The paper demonstrates how traffic load of a shared packet
On Wed, Nov 30, 2011 at 11:05:08PM +0100, HI-TECH . wrote:
Hi lists,
sorry if I offended anyone with by referring to teso,
I really like teso as you might also.
all this happend because I was drunk hehe :
I hope you enjoy this release!
Am 30. November 2011 20:32 schrieb HI-TECH .
Hello Full Disclosure Hysterics Friends,
I have now read through five dozen complaints about how Ubuntu
is fundamentally an unsecure operating system, filled with more holes
than Swiss cheese.
If somebody could direct me toward a local root exploit against a fully
up-to-date Ubuntu 11.04 or
you count if the GUI can't do it, then the user can't either! a
real security attempt), but it is a method that could be helpful in making
different sorts of things this mailing list seems to like. So here ya go.
-- Forwarded message --
From: Jason A. Donenfeld ja...@zx2c4.com
This is useful for scrubbing wtmp/utmp:
http://git.zx2c4.com/lastlog/tree/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
You can usually find the update script in the cramfs. when you upload
a new firmware, they will have a script that deals with the system
image. It will contain all the information you need to recreate an
image file.
Jason Ellison
___
Full-Disclosure
list,
Sometime ago I remember reading an article on printers being used to
gain intelligence in an embassy or government agency. The printer
had a modified firmware... Did anyone else read that? Or was I
dreaming again?
The recent articles about this tactic being used against the US
/wooyun-2010-02113
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Regards, (jhell)
Jason Hellenthal
bit of interest seeing as they
would already have control of the whole router.
--
Regards, (jhell)
Jason Hellenthal
pgpKudFE4TQzy.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
I appreciate that!
-J
-Original Message-
From: Nathan Power [mailto:n...@securitypentest.com]
Sent: Wednesday, March 02, 2011 10:46 AM
To: Weir, Jason
Cc: Full Disclosure
Subject: Re: [Full-disclosure] Facebook URL Redirect
Vulnerability
Here's a snort rule that will detect this
alert tcp $HOME_NET any -
[69.63.176.0/20,69.63.176.0/20,204.15.20.0/22] $HTTP_PORTS
(msg:Facebook URL Redirect Vulnerability; flow:established,to_server;
content:GET; nocase; http_method; content:track.php?r=; nocase;
http_uri;
because they did not log into the domain.
Jason Lang
From: jcoyle () winwholesale com
Date: Fri, 10 Dec 2010 14:44:35 -0500
You are completely missing the point..
Local admins become Domain Admins.
From: Stefan Kanthak stefan.kanthak () nexgo de
To: bugtraq () securityfocus com
We have been using Sophos Enterprise Console.
From: mu...@commonwealthcare.org
To: full-disclosure@lists.grok.org.uk
Date: Tue, 26 Oct 2010 09:55:46 -0400
Subject: [Full-disclosure] looking for enterprise AV solution
Folks,
We
are looking an enterprise level AV-software to
We recently ran a scan against our exchange servers and got the error that our
server was vulnerable to an LDAP NULL BIND overflow. This vulnerability is now
making out network uncomplient to PCI and are having trouble with a way to fix
the problem.
I know we can't deny or shut up down LDAP
The funny thing about the cloud is that eventually there is going to be a
monopoly of one company that dominates in it. Just as Microsoft has done with
software, I can see Microsoft CloudSoft coming soon.
Date: Thu, 22 Apr 2010 09:03:26 +1000
From: ivan...@gmail.com
To:
List,
I found a security issue on a Seagate Black Armor 440 NAS. I'm
looking for a PoC at Seagate to discuss this issue.
Jason Ellison
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
I know, its insane. It is a new trend, though, just like people registering
gmail accounts just to flame and troll on FD!
Its like, your credability like, goes like, ok you start like at 0, and then
like, it goes like to -1, and like, then even lower like.
Absolutely genius.
x0x0x0x0x0x0x0x0x0x
That is why the world should use Linksys.
On Wed, Mar 4, 2009 at 11:30 AM, Cisco Systems Product Security Incident
Response Team ps...@cisco.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco 7600 Series Router Session Border
That is why most of them are submitted to bugtraq (ew), and not FD, where
they are often discredited in various ways. You see, bugtraq will reject 4
out of 7 postings if your not a subscriber to their super fun security
package, which offers lots of enjoyment of white hat and hacking zone-h
labs.
All bugs are worth something! Not.
On Wed, Mar 4, 2009 at 11:23 AM, valdis.kletni...@vt.edu wrote:
On Wed, 04 Mar 2009 09:13:40 EST, bobby.mug...@hushmail.com said:
Is the remark about Italia meant as an excuse for stupidity?
Racism is not acceptable on this list.
Oddly enough, I read it
to regret my unfortunate
association with the unruly beardlike growth connecting to me from the
south, and my unavoidable tenuous connection with those objectionable
and uncouth sideburns.
Your humble servant,
I baffi di Valdis
On Wed, Mar 4, 2009 at 12:55 PM, Jason Starks jstarks...@gmail.com
Mr. Mustache, it is obvious that I have more talent than a box of
chocolates, and that you envy the sadistic nature of your fellow trolls on
this list. Point blank.
On Tue, Mar 3, 2009 at 6:18 AM, bobby.mug...@hushmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Valdis,
I
That is one hell of a timeline.
On Tue, Mar 3, 2009 at 5:55 AM, ISecAuditors Security Advisories
advisor...@isecauditors.com wrote:
=
INTERNET SECURITY AUDITORS ALERT 2007-003
- Original release date: August 1st, 2007
- Last revised: January 11th,
Mr. Mustache,
There is a missing s on the end of my last name.
Yours truly,
Jason Bench Press Starks
On Tue, Mar 3, 2009 at 5:45 PM, bobby.mug...@hushmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mr. Stark,
Adhering to the tradition of my fathers, I do not sport any
17:54:51 -0500 Jason Starks
jstarks...@gmail.com wrote:
Mr. Mustache,
There is a missing s on the end of my last name.
Yours truly,
Jason Bench Press Starks
On Tue, Mar 3, 2009 at 5:45 PM, bobby.mug...@hushmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mr
am NOT amused.
Your humble servant,
V knír z Valdis
On Tue, Mar 3, 2009 at 6:01 PM, Jason Starks jstarks...@gmail.com wrote:
Right..
On Tue, Mar 3, 2009 at 5:45 PM, bobby.mug...@hushmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mr. Stark,
There.
On Tue
I've been using Gmail and thought you might like to try it out. Here's
an invitation to create an account.
---
Jason Starks has invited you to open a free Gmail account.
To accept this invitation and register for your account
Grow up, really.
On Mon, Mar 2, 2009 at 11:41 PM, Valdis' Mustache
security.musta...@gmail.com wrote:
I would like to point out that I have been able to create a hung
state in the Firefox browser by opening 30 simultaneous tabs pointed
at http://www.welcometointernet.org/lawnmower/ and
I guess these days it isn't so amazing that people can type, and even hit
send, rarely sharing their views face to face. Hiding in your grandmother's
closet with your indestructable, glow-in-the-dark keyboard from Best Buy is
sooo in. Anyways, free Kev.. speech!
On Thu, Feb 26, 2009 at 5:22 PM,
Better yet, name two.
On Thu, Feb 26, 2009 at 9:22 PM, Jubei Trippataka
vpn.1.fana...@gmail.comwrote:
On Fri, Feb 27, 2009 at 12:26 PM, ne...@feelingsinister.net wrote:
BM_X-Force_WP_final.pdf is called Application-Specific Attacks:
Leveraging the ActionScript Virtual Machine and if you
I'm going to say dnsmap isn't suid or sguid, and a segmentation fault can
occur after triggering a simple programming error (you've shown no signs of
code execution). Terrrific.
On Wed, Feb 25, 2009 at 10:36 AM, srl security.research.l...@gmail.comwrote:
Security Advisory:
PRODUCT
Yeah, 'stick it to the dev'! I hope he has learned his lesson and that he
will use more correct numbering systems instead of what ever he wants to,
just because he wrote the code..
On Wed, Feb 25, 2009 at 3:24 AM, srl security.research.l...@gmail.comwrote:
You should change chapter numbering
Sweet. If that is true, you should get to work on an actual exploit right
away. We wouldn't want the immortal ./ segmentation fault doesn't affect
your stature on this list.
On Wed, Feb 25, 2009 at 11:24 AM, srl security.research.l...@gmail.comwrote:
Dear Jason Starks,
It can be exploited
Everybody love everybody?
On Tue, Feb 24, 2009 at 4:49 PM, bobby.mug...@hushmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear SNOSOFT,
Thanks to you for proving every insult made to your company as
truths. Demonstrating monstrous volume of elementary computer
hacking
Of course. You get what you pay for and is there really any real point of
relevance in asking?
Jason
On Thu, Feb 19, 2009 at 11:03 PM, T Biehn tbi...@gmail.com wrote:
While I can never hope to live up to Jim Bell's seminal work 'assassination
politics' the following is a rough draft
=== Backtrace: =
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f08548]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7f08500]
./bof[0x8048467]
[0x41414141]
=== Memory map:
08048000-08049000 r-xp 08:01 5630493/home/jason/bof
08049000-0804a000 r--p
test
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
We are now close to this space being full circle. The next step is that
the researchers will offer the vendor a chance to compete for the
information on the vuln IP market and as a result winning vendors can
choose to keep it to themselves...
Yep, Microsoft has won and we will soon be back to
n3td3v wrote:
On Sun, Mar 23, 2008 at 10:44 AM, [EMAIL PROTECTED] wrote:
I think this the most worst and alarming situation ..where SANS like
organization is doing the way.. from onwards no body will report
info to SANS... E+1 t+1 b+1 j+1 it OFF!!!
SANS hasn't admitted a
Andrew Farmer wrote:
On 10 Dec 07, at 05:45, michele dallachiesa wrote:
why HTTPS is not the default in this type of services? this is a big
silent hole. maybe, today is less silent :)
The short version is because hosting things with SSL is still hard.
There's a few things which are
J. Oquendo wrote:
Crispin Cowan wrote:
This is a perfectly viable way to produce what amounts to Internet
munitions. The recent incident of Estonia Under *Russian Cyber Attack*?
http://www.internetnews.com/security/article.php/3678606 is an example
of such a network brush war in which
J. Oquendo wrote:
Jason wrote:
You present a valid position but fall short of seeing the whole picture.
As an attacker, nation state or otherwise, my goal being to cripple
communications, 0day is the way to go. Resource exhaustion takes
resources, something the 0day can deprive
JSPWiki Multiple Input Validation Vulnerabilities
Application: JSPWiki
Version: 2.4.103 and 2.5.139
BID: 25803
Credit: Jason Kratzer
Date: 9/24/2007
Background
JSPWiki is wiki software built around the standard J2EE components
It seems to me the average SNR here could be greatly improved with any
one of several commonly available community-based filtering
mechanisms. Digg and Slashdot are both examples of what I'm suggesting.
Now, before you break out the pitchforks and torches, I'm not suggesting
any changes to
Dear Symantec,
As long as we're burning digital books to mitigate our civil liability,
perhaps we could do a good job of it next time? Quietly disappearing
Russell Harding's advisory from the BugTraq archive didn't resolve your
potential liability for distributing links to material that
I still think this is useless. What am I going to do with hashes? This
whole Month of * BS is making me want to unsubscribe from the listing.
On 6/15/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Fri, 15 Jun 2007 16:59:01 -0300, M.B.Jr. said:
but only one string can produce that md5 hash
-- Forwarded message --
From: Jason Miller [EMAIL PROTECTED]
Date: Jun 10, 2007 9:07 PM
Subject: Re: [Full-disclosure] Month of Random Hashes (MoRH)
To: don bailey [EMAIL PROTECTED]
please explain the details of how useless this is?
On 6/10/07, don bailey [EMAIL PROTECTED] wrote
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: Jason Coombs [EMAIL PROTECTED]
Date: Wed, 6 Jun 2007 04:13:33
To:[EMAIL PROTECTED]
Cc:[EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: RE: [IACIS-L] Statement by Defense Expert
Dave_on_the_run [EMAIL PROTECTED] wrote
or you can have some fun and post everything about it, and email the
vendor 5 seconds before you post itbut thats not very nice..is it?
:(
On 4/25/07, Michael Holstein [EMAIL PROTECTED] wrote:
i'm just a new guy to this community...i was asking about the right
procedures that one should
old, nothing new.
On 4/20/07, Troy [EMAIL PROTECTED] wrote:
Last month I had an interesting experience with sears and tdbanknorth.
Here's the story:
I purchased appliances at sears... the experience was a nightmare in and
of itself as they screwed up the shipping date several times. Sears
to the MS patch being released, the ZERT patch was a great
resource to have out there.
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
http://blog.godshell.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
problems with the Microsoft patch. A problem with
the Realtek HD Audio Control Panel has been confirmed and patched by
Microsoft. Other problems have been reported but no additional
information on them has been released at this point.,
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
http
On 4/2/07, Larry Seltzer [EMAIL PROTECTED] wrote:
AS A much simpler solution is to use heap spraying (which works fine on
AS Vista) for systems that don't have DEP enabled.
TZ Are we talking Sofware DEP or Hardware enforce DEP ?
Heap spraying implies running code in the heap,
Actually,
On 4/2/07, Larry Seltzer [EMAIL PROTECTED] wrote:
LSHeap spraying implies running code in the heap,
JAActually, um.. no.. it doesn't
My understanding of heap spraying comes from
http://blogs.securiteam.com/index.php/archives/638: ...SkyLined's heap
spraying techqniue
too bad i don't get it.
On 4/1/07, V Comics [EMAIL PROTECTED] wrote:
vim:
foldmethod=expr:foldexpr=feedkeys(\\esc\\x3a%!cat\\x20-n\\CR\\esc\\x
3a%s/./\:)/g\\CR\\esc\\x3aq!\\CR):
a
Ask a question on any topic and get answers from real people. Go to
i didn't say your son got pwnd, kevin and yeah they both prob pissed
each other off. go figure.
On 3/24/07, Kevin Finisterre (lists) [EMAIL PROTECTED] wrote:
Its not my son... and as far as getting cocky, its a 2 way street for
sure in this situation.
-KF
On Mar 24, 2007, at 11:47 AM, Jason
this is old and i find it personally useless/retarded. complete waste
if a wardrivers time. if you can give me 5 cases of something like
this actually happening, with PROOF, please do. i will then change my
mind.
On 3/21/07, Nick Eoannidis [EMAIL PROTECTED] wrote:
For those who haven't read
someone has too much free time.
On 3/21/07, Stauf von Stauf [EMAIL PROTECTED] wrote:
Jason Miller wrote:
this is old and i find it personally useless/retarded. complete waste
if a wardrivers time. if you can give me 5 cases of something like
this actually happening, with PROOF, please do
I'm sorry but I find this funny actually. :-P Seems Microsoft has a weakness.
On 3/17/07, Kevin Finisterre (lists) [EMAIL PROTECTED] wrote:
There have been rumor going around that Bungie.net was hacked and
that a portion of Xbox live has been taken over because of it. Some
folks are having
Been following this project since before Whax. Still one of my fave
penetration testing distros. :-)
On 3/6/07, Mati Aharoni [EMAIL PROTECTED] wrote:
Dear List,
BackTrack v.2.0 Final is out!
It's taken us almost 5 months to pull ourselves out of the beta stage.
Every time we thought we
what a dumbass, don't bother clicking. it's just one of those lame click
games where you get people to click your link for points.
On 3/4/07, Slythers Bro [EMAIL PROTECTED] wrote:
sorry the good url is *
http://www.Php-exploit.info/index.php?id=3407com=#onlythecrimepaid*
On 3/4/07, Slythers
what are you babbling on about?
On 1/30/07, Jianqiang Xin [EMAIL PROTECTED] wrote:
Did anyone see web attack like this? If yes, is the attack generated by
worm, spamware, or virus? Thanks.
It is one packet with too many headers: The headers are as following:
Headers
Host :
On 1/24/07, Christian Kujau [EMAIL PROTECTED] wrote:
On Wed, 24 Jan 2007, [EMAIL PROTECTED] wrote:
-- Disclosure Timeline:
2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint
customers
2006.10.02 - Vulnerability reported to vendor
2007.01.24 - Coordinated public release of
and not only myspace accounts but also their respective email accounts as
they usually use same password :-)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
I'm going to have to agree with you there, Alex. :P,
On 1/15/07, Alex [EMAIL PROTECTED] wrote:
On Mon, 15 Jan 2007 10:04:32 -0500
North, Quinn [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]:doyouhonestlythinkiwillputmyrealpass
wordhere
...at least there is some hope left in the world :-\
.
Regards,
--
Jason Muskat | GCFA, GCUX - de VE3TSJ
TechDude
e. [EMAIL PROTECTED]
m. 416 .414 .9934
http://TechDude.Ca/
From: KT [EMAIL PROTECTED]
Date: Tue, 19 Dec 2006 12:16:29 -0800
To: full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED]
Subject: [WEB SECURITY
1 - 100 of 247 matches
Mail list logo