Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

On 4/2/07, Larry Seltzer <[EMAIL PROTECTED]> wrote: LS>Heap spraying implies running code in the heap, JA>Actually, um.. no.. it doesn't My understanding of heap spraying comes from http://blogs.securiteam.com/index.php/archives/638: "...SkyLined's heap spraying techqniue (http://sf-freedom.blo

Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

On 4/2/07, Larry Seltzer <[EMAIL PROTECTED]> wrote: AS> A much simpler solution is to use heap spraying (which works fine on AS> Vista) for systems that don't have DEP enabled. TZ> Are we talking Sofware DEP or Hardware enforce DEP ? Heap spraying implies running code in the heap, Actually

Re: [Full-disclosure] firefox 2.0.0.2 crash

Yeah, firefox is prone if it's set as your GIF file handler, schmarty. On 3/12/07, Kristian Hermansen (khermans) <[EMAIL PROTECTED]> wrote: Firefox even crashes if you have it open and visit the site from lynx... $ lynx http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif

Re: [Full-disclosure] ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability

On 1/24/07, Christian Kujau <[EMAIL PROTECTED]> wrote: On Wed, 24 Jan 2007, [EMAIL PROTECTED] wrote: > -- Disclosure Timeline: > 2005.07.07 - Pre-exiting Digital Vaccine released to TippingPoint > customers > 2006.10.02 - Vulnerability reported to vendor > 2007.01.24 - Coordinated public release

Re: [Full-disclosure] UNOFFICIAL ZERT PATCH CAUSES NYC PLANECRASH

On 10/12/06, Paul Schmehl <[EMAIL PROTECTED]> wrote: --On October 12, 2006 11:22:36 PM -0400 "Scott T. Cameron"<[EMAIL PROTECTED]> wrote:> On Thu, Oct 12, 2006 at 10:19:20PM -0500, Paul Schmehl wrote: >> BTW, you completely misunderstand Godwin's Law.>>

Re: [Full-disclosure] Crap capitalistic artical in PC World mentions Full Disclosure

On 7/27/06, Joe Barr <[EMAIL PROTECTED]> wrote: I might add that the author is a closepersonal friend of mine.  ;)Homos. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secuni

Re: [Full-disclosure] Tool Release - Tor Blocker

Those acronoyms prove that I know more than you apparently. Way to demonstrate your l33t hax0r skills.Jason Areff CISSP, A+, MCSE, Security+ == Better than Steven Rakick -- security through obscurity isnt security --On 6/3/06, Steven Rakick <[EMAIL PROTECTED]> wrote: Here's

Re: [Full-disclosure] Tool Release - Tor Blocker

your need, then please respond to me personally with any suggestions you may have, but do not start a public flame war like you are attempting. Jason Areff CISSP, A+, MCSE, Security+ -- security through obscurity isnt security --On 6/3/06, [EMAIL PROTECTED] <[EMAIL PROTEC

Re: [Full-disclosure] Tool Release - Tor Blocker

AIL PROTECTED] > wrote:Umm what about the new ip addresses that are added to the tor network? http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?sortbw=1&addr=1&textonly=1This wouldn't really be a complete fix. /str0keOn 6/2/06, Jason Areff <[EMAIL PROTECTED]> wrote:> It has co

[Full-disclosure] Tool Release - Tor Blocker

from hackers. Thanks. Jason Areff CISSP, A+, MCSE, Security+ -- security through obscurity isnt security --CODE:/* MOD_DETOR*/   //blocks tor users from apache 2 server#include "http_config.h"#include "httpd.h"static void mod_detor_register_