What are your thoughts on an exploit for a client that connects to a
(malicious) service through the network? I certainly wouldn't call it
a local attack...
On Sun, Oct 11, 2009 at 8:18 PM, James Matthews nytrok...@gmail.com wrote:
If you classify a remote bug (anything that can be exploited
Well thats not very nice.
On Fri, Sep 25, 2009 at 12:53 AM, Richard Cyrios r.u.cyr...@gmail.com wrote:
24/09/2009 Tonight!, the vulnerability goes public and PSIRT is
informed.
and the world is thrown into chaos via an internal IP being disclosed.
08/09/2009 The PSIRT Incident
Ooops I made an lol.. or maybe I like talking as a third person? Haha.
In any regard, none of that is true, all made up.. except the problem.
Won't happen again :)
The lesson here is don't lie at all and especially not to trolls on
their property :P
On Wed, Sep 23, 2009 at 1:08 PM, Jeremy Brown
My apologizes if this is an isolated bug, but I was getting various
crashes, one being http://i28.tinypic.com/md1bhw.jpg . For those who
couldn't reproduce the bug, sorry for wasting your time.
On Sun, Sep 13, 2009 at 12:42 AM, Kema Druma kemadr...@gmail.com wrote:
Works Fine with SP3 + IE8,
http://sourceforge.net/projects/sevenzip/files/7-Zip/4.65/7z465.exe/download
Anybody else get a access violation when viewing this page with IE8?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Thanks, I should have mentioned I tested on Windows XP Pro SP3, I've
also heard it doesn't crash on Vista/IE8 as well. Anyone else with
results on XP SP3?
On Sat, Sep 12, 2009 at 9:27 PM, Jordan Bray jordanb...@gmail.com wrote:
On Sat, Sep 12, 2009 at 8:26 PM, Jeremy Brown 0xjbrow...@gmail.com
I'm guessing your not a Wordpress administrator, Fabio. Nice find
Laurent, as usual.
On Mon, Aug 10, 2009 at 10:48 PM, laurent
gaffielaurent.gaf...@gmail.com wrote:
Oh ok.
Then, let's avoid that function.
If it's useless to have a function who validate a reset passwd before
resetting it,
The primary use of word downloaded is frequently, but no always,
used by computer illiterates to describe the process of copying from
one device to another. This seems like just a mistake typing or
thinking to me.
2009/7/30 valdis.kletni...@vt.edu:
On Thu, 30 Jul 2009 12:32:46 +0200,
You seem to be very forgetful lately kcope! But it is ok, because your
research is always interesting. We forgive you :)
On Mon, Jul 27, 2009 at 3:50 PM, Kingcopekco...@googlemail.com wrote:
Hello list.
Just to clarify the NcFTPd vulnerability affects all operating systems
that NcFTPd runs on,
Whoever ./'d it should slashdot it!
On Thu, Jul 23, 2009 at 5:47 PM, Compsec Guycompsec...@hotmail.com wrote:
What's wrong with Slashdot today?
Best regards,
Danila Wartho
Med Windows Live kan du ordna, redigera och dela med dig av dina foton.
Does anyone use their real name on the internet anymore? If so, they
shouldn't. It makes the world go round and round and.. round.
On Thu, May 28, 2009 at 6:37 PM, RoMeO romeo.hax...@gmail.com wrote:
Takes a real genius to Google query your way into SQL injections..
Oh look, I can
Looks like somebody's been using a browser fuzzer :)
On Wed, May 27, 2009 at 9:14 PM, Thierry Zoller thie...@zoller.lu wrote:
From the very-low-hanging-fruit-department
Firefox Denial of
Nice work as always.
On Fri, May 15, 2009 at 3:21 PM, Giany giany...@yahoo.com wrote:
Well..I guess we are back to 2001.
--- On Fri, 5/15/09, Kingcope kco...@googlemail.com wrote:
From: Kingcope kco...@googlemail.com
Subject: [Full-disclosure] IIS6 + webdav and unicode rides again in 2009
I like you name, hehe.
On Thu, Mar 26, 2009 at 8:50 PM, Bugs NotHugs bugsnoth...@gmail.com wrote:
- Novell Netstorage Multiple Vulnerabilities
- Description
Novell NetStorage acts as a bridge between a company's protected Novell
network
and the Internet, providing protected file access
http://en.wikipedia.org/wiki/URL_redirection
XSS is often useful when its relevant...
Nice try, keep up the research Lorenzo!
On Wed, Mar 25, 2009 at 5:54 PM, Lorenzo Vogelsang
vogelsang.lore...@gmail.com wrote:
I don't know if this bug it's a serious one or not, i only posted a url
Maybe Adobe should rethink the word security. It seems,
misinterpreted at best, when implemented in most all of their
products. God help the developers.
On Tue, Mar 24, 2009 at 12:51 PM, ZDI Disclosures
zdi-disclosu...@tippingpoint.com wrote:
ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow
,
The vunts ja Valdis
On Fri, Mar 6, 2009 at 5:47 PM, bobby.mug...@hush.com wrote:
Dear list,
Which fuzzer on this list will help me find the most security
exploits?
Thanks,
-bm
On Fri, 06 Mar 2009 18:37:01 -0500 Jeremy Brown
0xjbrow...@gmail.com wrote:
Don't act like you've gave any
use the SAME way to fuzz for differents
app/protocol.
The only change i see is your last fuzzer .. written in a different
language, but still the same way ...
2009/3/5 Jeremy Brown 0xjbrow...@gmail.com
That is hilarious LOL!
On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln pete.lic...@gmail.com
Your right, Yahoo! Messenger, Adobe Acrobat, and Firefox only have
around 1000 users worldwide (yes, they all were pubically DoS).
On Fri, Mar 6, 2009 at 1:43 PM, julio sanchez pete.sanc...@gmail.com wrote:
What have you ever written? Let us see some of your code to poke fun
of. If it is as
what he likes.. Everybody
knows Petie is a troll on every list just use google
On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown 0xjbrow...@gmail.com
wrote:
The reason anyone writes a fuzzer is to find bugs. Those that I have
written are of course for the same purpose as the 101 listed: to find
satisfy this idiot with a response, thats what he likes..
Everybody
knows Petie is a troll on every list just use google
On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown 0xjbrow...@gmail.com
wrote:
The reason anyone writes a fuzzer is to find bugs. Those that I have
written are of course
With all due respect, this isn't the first security hole found in Mr.
Bernstein's software, but seemingly the first he will actually
acknowledge. Well done, Matthew Dempsky.
On Thu, Mar 5, 2009 at 1:05 AM, Matthew Dempsky matt...@dempsky.org wrote:
As a final update to this thread: Dan Bernstein
That is hilarious LOL!
On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln pete.lic...@gmail.com wrote:
11 fuzzers matchs for Jeremy Brown on this page LOL !
2009/3/5 Krakow Labs krakowl...@gmail.com
Krakow Labs maintains a current list of security driven fuzzing
technologies.
http
Carpel tunnel and OCD seem to be frequent disorders here.
On Wed, Mar 4, 2009 at 2:14 PM, bobby.mug...@hushmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mr. Stark,
What difficulties have you encountered while posting to this list?
- -bm
On Wed, 04 Mar 2009 13:59:45
That is actually decently accurate. Only thing is that these controls
should always (unless in a specific environment) have checks that
won't allow malicious events to occur. Even if controls aren't marked
as safe for automatic loading and execution, massive social
engineering can make them work
I vulnerability could technically be ANYTHING of value to the attacker
that is out of the programs normal, expected, or believed behavior.
Many people have many different views and that is why some
vulnerabilities are published, some are not. A bug that is usually
considered just a bug could have
On modern linux desktops, a simple double click is usually that an exe
needs if WINE is installed and integrated right.
On Fri, Feb 27, 2009 at 4:06 AM, James Matthews nytrok...@gmail.com wrote:
Ha, What happends when people see that they have to use wine to launch
windows exe's?
On Fri, Feb
Not all are practically exploitable, but exploitation seems to be
possible at least on ARM, XScale, and possibly PowerPC as
www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf
points out. As for examples.. doesn't look like they are public.
On Thu, Feb 26, 2009 at 6:52 PM,
balliwicked2
On Wed, Feb 11, 2009 at 11:05 AM, sr. static...@gmail.com wrote:
Well, i can resolve the IP's just fine. just can't connect to port 80.
I'm the fw / network person at my job, and i don't remember adding a
rule for this :-P
I can get there just fine now, seemed inaccessible to me
Pete, I've never asked for comments. I don't release 'a fuzzer a day'
either; those were coded across the months. This whole thread talks in
circles around itself and your opinion counts just like everyone
elses, peachy.
Jeremy
On Sun, Feb 1, 2009 at 4:51 PM, Pete Licoln pete.lic...@gmail.com
Forget cats, watch out for the ligers!
On Fri, Jan 30, 2009 at 2:50 AM, Nancy Kramer nekra...@mindtheater.net wrote:
Another cat not carrying prey would also work well. Lots of stray cats
like to come in when it is cold so this could very likely happen. The cat
the device was bought for
Create a blacklist for blacklists, then use Guninski's solution. Simple :)
On Fri, Jan 30, 2009 at 9:14 PM, Bipin Gautam bipin.gau...@gmail.com wrote:
On 1/31/09, Georgi Guninski gunin...@guninski.com wrote:
2. you fail to realize that blacklisting is not a solution - ask the
antivirus
32 matches
Mail list logo