[Full-disclosure] CA20131024-01: Security Notice for CA SiteMinder

es Product Vulnerability Response Team: https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2013 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, ser

[Full-disclosure] OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption

bin/cvename.cgi?name=CVE-2013-5679 http://blog.h3xstream.com/2013/08/esapi-when-authenticated-encryption.html Google Issue #: 306 ( http://code.google.com/p/owasp-esapi-java/issues/detail?id=306) Contact details: Kevin W. Wall -kevin wall -- Blog: http://off-the-wall-secu

Re: [Full-disclosure] CAPTCHA re-riding attack in https://google.com

er, in this case, that captcha is only a > courtesy anyway. It's the middle ground between normal user and infected > machine/bot, where they give you a little extra leniency before totally > banning you anyway. If I'm misunderstanding, or if it applies on a wider > scale tha

[Full-disclosure] CAPTCHA re-riding attack in https://google.com

folks, I found CAPTCHA re-riding attack issue in https://google.com . PoC: Loop request with correct captcha (in this case the value of captcha is c

[Full-disclosure] CA20130725-01: Security Notice for CA Service Desk Manager

Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2013 CA. All Rights Reser

[Full-disclosure] CA20130528-01: Security Notice for CA Process Automation (CA PAM)

findings to the CA Technologies Product Vulnerability Response Team: https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2013 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other

[Full-disclosure] Updated - CA20130213-01: Security Notice for CA ControlMinder

/ If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright

[Full-disclosure] CA20130319-01: Security Notice for SiteMinder products using SAML

/ If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c)

[Full-disclosure] CA20130213-01: Security Notice for CA ControlMinder

Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2013 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -BEGIN PGP

[Full-disclosure] Updated - CA20121018-01: Security Notice for CA ARCserve Backup

rj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2012 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective

[Full-disclosure] CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux

chnologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 20

[Full-disclosure] CA20121018-01: Security Notice for CA ARCserve Backup

tentID=17 7782 Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2012 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -

[Full-disclosure] Anyone can log into Virgin Mobile USA accounts, read/write customer data

eir 6 million subscribers to defend against this attack. I contacted Virgin Mobile over a month ago about the issue and they have refused to fix it. Full details of the attack, as well as a history of my communication with Virgin Mobile, are available on my website: http://kev.inburke.com/kevin/open-s

[Full-disclosure] CA20120320-01: Security Notice for CA ARCserve Backup

gs to the CA Technologies Product Vulnerability Response Team: (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas CA Technologies Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBT2jmC

[Full-disclosure] CA20111116-01: Security Notice for CA Directory

erability Response Team: (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBTsQmQZI1FvIeMomJAQEUeggArMki8ZvdQG4MCAq2Aqw5wB

[Full-disclosure] CA20110720-01: Security Notice for CA Gateway Security and Total Defense

wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBTicU8pI1FvIeMomJAQHDpQgAlZ5TqT9B+I4zd20wzh8GhajqGb8BIuxo sCToQG5jq+kUX1QMnL

[Full-disclosure] From kernel memory disclosure to privilege escalation: when and how?

Hello! Could somebody write what threats there are when kernel memory disclosure is found? I mean not along with another bug (since kmem disclosure could lead to some interesting pointers addresses and values, etc), but only itself!? I guess it could lead to /etc/shadow disclosure, if some suid p

Re: [Full-disclosure] Linux kernel 2011 local root does it exist

On Wed, May 18, 2011 at 13:59, root wrote: > You can only jailbreak FreeBSD devices. FreeBSD is dead. Netcraft confirms it. kmw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsore

[Full-disclosure] CA20110510-01: Security Notice for CA eHealth

ity Response Team. (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas CA Technologies Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBTcnDXJI1FvIeMomJAQG7OAf/Vx

Re: [Full-disclosure] WTF

Works fine for me on Windows. C:\>ping www.compusa.com Pinging e3531.b.akamaiedge.net [96.17.206.102] with 32 bytes of data: Reply from 96.17.206.102: bytes=32 time=15ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Reply from 96.17

[Full-disclosure] CA20110426-01: Security Notice for CA Arcot WebFort Versatile Authentication Server

report your findings to the CA Technologies Product Vulnerability Response Team. (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Regards, Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 i

[Full-disclosure] CA20110413-01: Security Notice for CA Total Defense

Regards, Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBTaYTCZI1FvIeMomJAQFCSwgAttFjeDwbHrVyTNtO3ZhYkpphbszMUOVT JfOGb9vX9tzBa+u09OFRyAZic15zxzq6ilJzdwRqo5c1IXi+m4lOS6D1C5zrCIoA ZMo9EAmhTNROEoTAY6sEegapA+yTykcNXwmFygYu3vHqCbNhl0JZqjOgrm

Re: [Full-disclosure] Materials regarding Cyber-war

On 03/13/2011 07:13 PM, 김동욱 wrote: > > I'm looking for information or materials about cyberwar between > nations for research purpose. > Check out /Inside Cyber Warfare/ by Jeffrey Carr, published by O'Reilly. A little over a year old, it talks most of the higher profile pre-2010 cyberwar events.

Re: [Full-disclosure] [Full-Disclosure] http://security.goatse.fr/gaping-hole-exposed (is a troll)

Knowing one of the people listed in the shout-outs, I told them about the props and they got back with the following statement: "After doing some digging, [I] found out that they did it to their own website to generate publicity. The person responsible told me he didn't think anything would happen

[Full-disclosure] Chatango Group Chat Web-Application Cross-Site Request Forgery Vulnerability

http://www.example.com/image.png"; as a message, the image located at this address would result as the messages body. However, the application doesn't actually verify that the specified location actually contains an image or that it even exists. Due to the fact that the application is only able to

[Full-disclosure] CA20101209-01: Security Notice for CA XOsoft

indings to the CA Technologies Product Vulnerability Response Team. http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx Kevin Kotas CA Technologies Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBTQEo4pI1FvIeMomJAQFI3gf+PpMhF3fHNJq2Fk/7eYyxFdiG3OC

[Full-disclosure] CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls

roduct Vulnerability Response Team. (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Technologies Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBTA++gJI1FvIeMomJAQGYBwf/WMP4jOWP9/9F

[Full-disclosure] CA20100603-01: Security Notice for CA ARCserve Backup

s product, please report your findings to the CA Technologies Product Vulnerability Response Team. (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Technologies Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version

[Full-disclosure] CA20100406-01: Security Notice for CA XOsoft

CA Product Vulnerability Response Team. (line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBS7txcJI1FvIeMomJAQEvnQf/ZQ+LZTLLR

Re: [Full-disclosure] Voting for bans

On 23 March 2010 11:18, Jan G.B. wrote: > We all know that the email address he used to use is banned. Yep > We also know that our inboxes are filled with crap since he returned some > weeks ago. Yep, with a large amount of that being from narcissists that just *have* to get their jokes or ji

[Full-disclosure] CA20100318-01: Security Notice for CA ARCserve Backup

please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBS6KWRJI1FvIeMomJAQEWfQgA

[Full-disclosure] CA20100223-01: Security Notice for CA eHealth Performance Manager

-BEGIN PGP SIGNED MESSAGE- CA20100223-01: Security Notice for CA eHealth Performance Manager Issued: February 23, 2010 CA's support is alerting customers to a security risk with CA eHealth Performance Manager. A cross-site scripting vulnerability exists that can allow a remote attacker t

[Full-disclosure] CA20100222-01: Security Notice for CA Service Desk

-BEGIN PGP SIGNED MESSAGE- CA20100222-01: Security Notice for CA Service Desk Issued: February 22, 2010 CA's support is alerting customers to a security risk with CA Service Desk r12.1. The release of Tomcat as included with CA Service Desk r12.1 is potentially susceptible to a cross-sit

[Full-disclosure] CA20091208-01: Security Notice for CA Service Desk

mous Change History Version 1.0: Initial Release If additional information is required, please contact CA Support at http://support.ca.com/ If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://sup

Re: [Full-disclosure] The Cyber War Conspiracy

2009/12/5 Paul Schmehl : > --On December 4, 2009 10:44:20 PM -0600 valdis.kletni...@vt.edu wrote: >> On the other hand, nobody's ever seen me and Paul Schmehl at the same >> place >> at the same time... I wonder why... :) > Because we have no travel money.  :-) BSDCAN 2010 has been announced an

Re: [Full-disclosure] Microsoft: ‘Piracy no longe r poses a threat to us’

2009/12/3 dramacrat : > How many legit copies of Windows 7 Ultimate have they sold? Three? Or was it > four? > I guess this is their way of competing with free software... making > their software free (yes, yes, money-free vs freedom-free, i know) except to > those thick enough (or lawsuit vulnera

[Full-disclosure] CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System

additional information is required, please contact CA Support at http://support.ca.com/ If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 778

[Full-disclosure] CA20090818-02: Security Notice for CA Internet Security Suite

=17 7782 Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBSosOXJI1FvIeMomJAQE4qQf+KdeBdZUbZQmwe5ju2QjTShSQfvGsnQmd pF/39tsaJEXy+kiGxwYiGtkXAT9Ty8nIE6lmP2iN+u5lwgA92V7edG8NOFxsabmz PfcRFlQ4hgmEM9z8XvUqbqf3YO+yobhoIt779VWj4w7jQxuWvg6xW4GZ

[Full-disclosure] CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management

ducts, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBSnti5pI1FvIeMomJAQ

[Full-disclosure] CA20090806-01: Security Notice for Data Transport Services

7782 Kevin Kotas CA Product Vulnerability Response Team -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQEVAwUBSnti1JI1FvIeMomJAQFJCAgAkSSYbGTI7Q01XDvXA6vylRM/Vog3cEuG QWtbotLr7fBcDv24MeEhqCDAHN9EIyMfIey2DmM3hV1poUsGaogsXxxfANVBzKam 6fxQcizkov7p7Ux1wpR88N7hftZDdB12darUShQ2hE7//2HKFDiKJ3r6/JB

Re: [Full-disclosure] [Rumor] SSH 0-day

2009/7/9 Charles Majola : > >From the LWN article (OpenSSH maintainer Damien Miller), its probably > not real, well just have to wait and see Agreed. Even if you *do* believe the secer site, look at the particulars. It's a brute force. Properly configure your ssh servers (including rate-limiting

[Full-disclosure] [Rumor] SSH 0-day

2009/7/9 Charles Majola : > >From the LWN article (OpenSSH maintainer Damien Miller), its probably > not real, well just have to wait and see Agreed. Even if you *do* believe the secer site, look at the particulars. It's a brute force. Properly configure your ssh servers (including rate-limiting

Re: [Full-disclosure] (no subject)

2009/7/1 Inbox (Main) : > > Why not just ask michelle? > > Hope you don't mind: I forwarded your mail to michelle.nash2...@yahoo.com I'm guessing this could have something to do with it: http://www.nrtoday.com/article/20090619/LOGS/906199976/1051/NONE&parentprofile=1055 In particular, the sectio

Re: [Full-disclosure] apache and squid dos

2009/6/22 Mark Sec : > $php -f dos.php 1 localhost > PHP Fatal error:  Call to undefined function pcntl_fork() in > C:\Users\Administrador\Desktop\dos.php on line 68 > > Mmm it not works! :-/ http://www.php.net/manual/en/ref.pcntl.php kmw -- To take from one, because it is thought that his own

Re: [Full-disclosure] Windows 7 UAC compromised

2009/2/6 Yudi Rosen : > But Joe the Plumber doesn't want to have to click on endless 'confirm' > dialogs every time he tries to use the computer. Simply having him run as a > non-admin user only fixes half the problem. No, it doesn't fix anywhere *near* half of the problem; it doesn't address tha

Re: [Full-disclosure] Windows 7 UAC compromised

2009/2/5 Miller Grey : > No, it doesn't make sense...I don't think Redmond missed the point at all, > they're trying to introduce a concept totally new to the everyday user who, > like Valdis said, only "...wants his dancing hamster screensaver.", and will > blindly click any OK button that pops up

Re: [Full-disclosure] Windows 7 UAC compromised

2009/2/5 Miller Grey : > On Tue, Feb 3, 2009 at 3:40 PM, M.B.Jr. wrote: >> Windows says: Hello world! Check this out, world, this is really cool. >> Now I have, uh, something like, uh, "privileges management"! >> "UAC" is no more than a new commercial designation for something with >> about 40

Re: [Full-disclosure] [SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution

Lucio Crusca schrieb: > Any pointer to more technical details? You have checked this, haven't you? http://bugs.debian.org/512995 cheers -- Kevin Price http://www.kevin-price.de/ signature.asc Description: OpenPGP digital signature

Re: [Full-disclosure] DoS attacks

/2009/potential-latency-on-network-solutions-dns/ That might be a good guess.. andrew.wallace a écrit : > On Fri, Jan 23, 2009 at 8:45 PM, Kevin Fernandez wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Some days ago ISC published an article about

[Full-disclosure] DoS attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some days ago ISC published an article about some reports of spoofed DNS requests being sent to DNS servers to DDoS some targets: http://isc.sans.org/diary.html?storyid=5713 it is what happened to isprime: http://www.gossamer-threads.com/lists/nanog/us

Re: [Full-disclosure] Fresh Phish anyone?

On Dec 22, 2008, at 4:24 PM, anonymous pimp wrote: > What kind of a skiddie fuck sends every phished account to his email? Who the hell knows... maybe someone here that was bored is interested in looking into that. > This is the kind of phish every 12 year old kid on both sides of > Turkey us

[Full-disclosure] Fresh Phish anyone?

> Someone is bored and out making the rounds exploiting random asp pages and web-services. wget http://www.adehkz.net/eb.zip https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&errmsg=8&pUserId=&co_partnerId=2&siteid=0&pageType=1883&pa1=&i1=-1&UsingSSL=1&bshowgif=0&favoritenav=&ru=http%3A%2F%2Fmy

Re: [Full-disclosure] Microsoft issues out-of-band patch

Hi I'm not interested in getting into flaming or some personal argument, but how do you actually know this? I'm sure we all have ideas about how advanced the various security agencies are, but that is conjecture not factual statement. Cheers K Sent from my BlackBerry® wireless device -

[Full-disclosure] script that was used to flood FD a few years ago?

Does anyone have an archive of the script that was being used to send furry porn to the list via spoofed list members? I recall it was using a mysql db on the backend. It was sent out during this time frame: http://www.security-express.com/archives/fulldisclosure/2006-08/thread.html thanks

[Full-disclosure] Pin Pop... (ATM Pins?)

I have a buddy that is soliciting for help researching PIN numbers used in ATM's and things of that nature. He is in need of data-sets for statistical analysis. If you can help out... please do: http://www.pinpop.com/contribute.html http://www.pinpop.com/resources.html Thanks -KF

Re: [Full-disclosure] HTTP cache poisoning via Host header injection

2008/6/12 M. Shirk <[EMAIL PROTECTED]>: > But PHPNuke is not vulnerable right? I suppose there's a first time for everything ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored

Re: [Full-disclosure] Adobe Unchecked Overflow

I've been beating on CS3 a bit the past few days myself... I ran across the same issue. Here is a little helper function def addr_to_asc_pad(addr) low = (addr & 0x) high = (addr & 0x) >> 16 a = (low & 0x00ff) b = (low & 0xff00) >> 8 c

Re: [Full-disclosure] angry

You are black too? -KF On Apr 4, 2008, at 6:36 AM, Kollberg, Dirk wrote: > > > BTW, if someone know why I receive these penis reduction spam, > please let me know. > > Thanks, > Dirk > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mary > Landesman

[Full-disclosure] remember password manager..

the same domain. (or if the site has any xss) And i can confirm it's still unfixed in 2.0.0.12.. do you guys keep saving your passwords? :P Kevin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter

Re: [Full-disclosure] Southwest Airlines Ticket Silliness

Maybe they won't like the surge in drunk passengers on SWA flights, hell I dunno. =] -KF On Feb 2, 2008, at 1:32 PM, Adam Chesnutt wrote: > Why would I do this? It's not a TSA policy or setup, I'm pretty sure > they don't really care I've duped SWA out of $20

Re: [Full-disclosure] Southwest Airlines Ticket Silliness

post it here. http://www.tsa.gov/blog -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Security of online casinos

; here are a few links to start digging into: http://archives1.twoplustwo.com/showflat.php?Cat=0&Board=beats&Number=12541923&page=0&fpart=1 http://www.poker-king.com/poker-king-articles.php?article=282 http://www.freerepublic.com/focus/f-bloggers/1913888/posts Kevin On Dec

Re: [Full-disclosure] oh oh 0 day - MyTV/x Version 3.6.6 & 4.0.8 for MyTV.PVR allows local authentication bypass and root access on Apple Mac OS X

I don't recall off the top of my head what they were but there are other ways to use this program to obtain root. I believe the scheduled recording can be used to leverage root if I remember correctly. -KF On Nov 26, 2007, at 10:15 AM, David Wharton wrote: > Version 1.0 > October 1996 >

Re: [Full-disclosure] End of the world?

http://www.scottstevens.podshow.com/ -KF On Nov 13, 2007, at 11:49 AM, <[EMAIL PROTECTED]> wrote: > Check this out... > > http://www.rollingstone.com/politics/story/16956300/the_prophet_of_c > limate_change_james_lovelock > > > > -- > Need cash? Click to get a loan. > http://tagline.hushmail.com

Re: [Full-disclosure] Wiretapping

> *cough* *cough* Sprint *cough* *cough* excuse me. I have a bad cold. -KF > > 2) Abuse of the legally mandated CALEA infrastructure by a hacker. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.h

Re: [Full-disclosure] Wiretapping

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joel R. Helgeson wrote: > If your company is a criminal enterprise, then yes. If you fund or > support terrorism, you stand a pretty good chance. If you are like the > 99.999% of the companies out there that do their thing, trying to make > an honest

Re: [Full-disclosure] 300$ is more than 0$

wow... now you are talking iDefense money! Hell... I'll buy one for 500 bucks... then turn and resell it. -KF On Nov 10, 2007, at 4:49 PM, don bailey wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Ok, so the first person to disclose a Linux kernel > zero day exploit in the next wee

Re: [Full-disclosure] XSS - bank of america

even worse when its a bank. I dont usually look for it but... https://sitekey.bankofamerica.com/sas/signonScreen.do?reason=regular&msg=alert("XSS_is_bad_for_business");alert(document.cookie) all input from the client is evil! On 11/1/07, reepex <[EMAIL PROTECTED]> wrote: > lol pdp > > On Nov 1,

Re: [Full-disclosure] New term "RDV" is born

ker. > > On Fri, 28 Sep 2007 14:00:25 -0400 "Kevin Finisterre (lists)" > <[EMAIL PROTECTED]> wrote: >> The *REAL* questions should be: >> >> is it "oh" day or is it "zero" day? >> >> What is proper syntax? >> >

Re: [Full-disclosure] New term "RDV" is born

The *REAL* questions should be: is it "oh" day or is it "zero" day? What is proper syntax? 0day 0day 0day 0day Should you capitalize the D? how about the Z if you choose to go with Zero? -KF On Sep 28, 2007, at 1:24 PM, [EMAIL PROTECTED] wrote: > On Fri, 28 Sep 2007 17:29:51 BST, worried

Re: [Full-disclosure] 0day: PDF pwns Windows

Partial disclosure rocks... -KF On Sep 21, 2007, at 3:53 PM, Thierry Zoller wrote: > Dear All, > > pa> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows > Is this the way responsible disclosure works these days ? > "Adobe’s representatives can contact me from the usual place." > > Wow, now th

[Full-disclosure] Fwd: [Dailydave] Pwnpress: the blog guerrilla is cumming

Not sure if you guys have all seen this yet but it is interesting to say the least all I can say is .u wow. http://www.info-pull.com/code/pwnpress-gui.rb Looks like even grandma can play along now! -KF Begin forwarded message: From: "Michael Myers" <[EMAIL PROTECTED]> Date: Septemb

Re: [Full-disclosure] Point, Click ... Eavesdrop: How the FBI Wiretap Net Operates

What you mean like Jerry Franke ? The name is Toby btw... and they are not name drops .. they are call outs. -KF On Aug 30, 2007, at 12:02 AM, Joey Mengele wrote: > Dear List, > > On Wed, 29 Aug 2007 23:22:27 -0400 "Kevin Finisterre (lists)" > <[EMAIL PROTECTED]>

Re: [Full-disclosure] Point, Click ... Eavesdrop: How the FBI Wiretap Net Operates

Great... Sprint's incompetent ass running a secure network for eavesdropping. How ironic these goons can't even keep a handle on things down in Kansas City, now this. Lauren Proctor you still out there buddy? Sprint Security spreads lies -KF On Aug 29, 2007, at 9:27 PM, Ivan . wrote

Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory

MCA. They were worried > security researchers would be sued for trying to release vulnerability > information. But since that turned out to be unfounded, I guess we > don't > have to worry about the German thing. ;) > > BB > >

Re: [Full-disclosure] n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory

Would you have honestly provided *MORE* detail prior to the law being in effect? Doesn't the law refer to things that are intended to be used for illegal activity? I don't recall the advisories being any more verbose pre law Thanks. -KF On Aug 27, 2007, at 4:41 PM, Sergio Alvarez wrote:

Re: [Full-disclosure] Xbox Live Gamertag stolen

> On Fri, 17 Aug 2007 11:39:20 -0400 "Kevin Finisterre (lists)" > <[EMAIL PROTECTED]> wrote: >> He is a company conduit in my mind... if people are still having >> problems with with latin based tech support and I happen to have >> an >> alternate conduit

Re: [Full-disclosure] Xbox Live Gamertag stolen

else. > > J > > > On Fri, 17 Aug 2007 00:12:19 -0400 "Kevin Finisterre (lists)" > <[EMAIL PROTECTED]> wrote: >> Hrmm I am wondering if several people are toying with me or if >> >> something is really going on over in Xbox Live support? >>

Re: [Full-disclosure] Xbox Live Gamertag stolen

me about this... -KF On Aug 17, 2007, at 12:02 AM, Plotnikov, Slavik wrote: Kevin- I recently had my Xbox Live Gamertag stolen about 3 weeks ago. Obviously calling Xbox live support is proving to be pointless as they have not offered any assistance and have cancelled by Xbox live acct. I

Re: [Full-disclosure] Xbox live accounts are being stolen (is thetraining working?)

On Aug 9, 2007, at 12:20 PM, Jay wrote: > This list is about Full Disclosure, exploits vulnerabilities etc. > > Noone gives a rat arse whether some whiny n00bz cant play Halo. > > Find another list to gripe about customer service issues. Fire up your inbox filter... gripe about your list issues

Re: [Full-disclosure] Xbox live accounts are being stolen (is the training working?)

to hear of it happening again. -KF On Aug 9, 2007, at 11:26 AM, Scott Hirnle wrote: > Hi Kevin, > > For Hardware calls, we don't verify the same information as we do > on Live calls. The reason for this is because some people (in fact > many people) who call into the ha

Re: [Full-disclosure] Xbox live accounts are being stolen (is the training working?)

I find it kind of ironic that my Xbox broke last night after an update and I am now on the phone with a Xbox live representative. After the whole stolen accounts fiasco I remember calling in an having techs flat out refuse to work with you until you verified your full name, address, phone n

Re: [Full-disclosure] Xbox live accounts are being stolen

Hi Ashley... I can certainly understand your frustration. Although my account was "taken care of" and I was ultimately given some things to quiet me down, I never got an explanation of what *really* happened, I never got any information about who I could prosecute or anything like that. As

Re: [Full-disclosure] Am I missing anything ?

Yeah... Adriel loves the cock. -KF On Jul 23, 2007, at 6:40 PM, Joey Mengele wrote: No, I forgot. I now remember, thank you. As long as we agree that you were wrong, I was right, and you are an ignorant jackass who may or may not have had sexual relations with the Oreo named KF, I see no need

Re: [Full-disclosure] iPhone has a built-in spyware module?

I think this is a pretty common practice for most smart-phones / "internet communication devices". The SideKick comes to mind when reading this. Kevin On 7/18/07, Ivan . <[EMAIL PROTECTED]> wrote: not much detail in the claim http://vsiphone.blogspot.com/2007/07/iphone-has-

[Full-disclosure] ASA-2007-014: Stack buffer overflow in IAX2 channel driver

Asterisk Project Security Advisory - ASA-2007-014 ++ | Product| Asterisk| |--+-|

[Full-disclosure] ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver

Asterisk Project Security Advisory - ASA-2007-015 ++ | Product | Asterisk | |+---|

[Full-disclosure] ASA-2007-016: Remote crash vulnerability in Skinny channel driver

Asterisk Project Security Advisory - ASA-2007-016 ++ | Product | Asterisk | |+---|

[Full-disclosure] ASA-2007-017: Remote Crash Vulnerability in STUN implementation

Asterisk Project Security Advisory - ASA-2007-017 ++ | Product | Asterisk | |+---|

[Full-disclosure] kismet wireless sniffer: OSX x86 Airport Extreme Atheros5424 capture source.

This is a heads up email to let you know that Kismet wireless sniffer once again compiles on OSX machines and is now able to sniff on some Airport Extreme enabled macs. http://www.kismetwireless.net/blog/index.php?entry=/kismet/ entry-1183695339.txt I have tested multiple intel based Macs an

Re: [Full-disclosure] EXPLOITS FOR SALE (AUCTION SITE)

I DO NOT agree with selling any exploit and I definitely believe this is stupid. Do you agree that you are often spoon fed free information by individuals that are not paid for providing you a service? Is it so bad that some of these nice people would ask for a little compensation here a

Re: [Full-disclosure] iPhone Security Settings

If anyone winds up with crash dumps from when Tunes syncs with the iPhone I wouldn't mind having a few of them. They should be located in /Library/Logs/CrashReporter/MobileDevice/ Wee everything runs with Effective UID: 0 -KF On Jul 1, 2007, at 6:32 PM, Stephen Hildrey wrote: Fabio Pie

Re: [Full-disclosure] iPhone Security Settings

While you are at it... http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/ 061-3538.20070629.B7vXa/iPhone1,1_1.0_1A543a_Restore.ipsw -KF On Jun 29, 2007, at 8:10 PM, John Smith wrote: > http://www.andrew.cmu.edu/user/xsk/iPhoneSecuritySettings.html > > John > > _

[Full-disclosure] Some of you may enjoy this... (iPhone disassembly)

http://www.ifixit.com/Guide/iPhone -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Assorted browser vulnerabilities

The 522+ stuff I can confirm as vulnerable. That particular build number is associated with the current version of the "nightly" webkit build. http://nightly.webkit.org/ 419.3 is associated with the current Security updates on 10.4.9 I am pretty sure. -KF On Jun 5, 2007, at 2:08 PM, Michal

[Full-disclosure] ASA-2007-013: IAX2 users can cause unauthorized data disclosure

L PROTECTED]> >| >| | > | >| | > Date: 27 April 2007 08:02:36 BDT > | >| | > | >|

Re: [Full-disclosure] WEEPING FOR WEP

Small plane or Balloon perhaps? http://arstechnica.com/articles/culture/warflying.ars -KF On Apr 6, 2007, at 4:41 PM, Troy Cregger wrote: > Where I'm at, you'd be in a tree. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/

Re: [Full-disclosure] Question Regarding Wireless Frames

n the primary wifi0 and not a vap (athx). shut it first, then change it (ifconfig or tool such as macchanger), then bring it back up. hope this helps. Kevin On 4/6/07, Michael Holstein <[EMAIL PROTECTED]> wrote: You mean SSID not broadcast? Look for the client's network-specific probe

Re: [Full-disclosure] Busting The Bluetooth Myth

Anyone wanna buy a used BPA100? =] -KF On Apr 1, 2007, at 2:15 PM, Giorgio Fedon wrote: > - To Thierry: > > > Oh, dear, here is my "thinly veiled advert" for you : > > > - You can potentially be sued for this (I would sue you, > > see you are slandering a consultant here that g

Re: [Full-disclosure] Busting The Bluetooth Myth

Giorgio if anything he is blowing the whistle on the vendors that charge a metric shit ton for a piece of hardware that is not necessary. -KF On Apr 1, 2007, at 11:17 AM, Giorgio Fedon wrote: > | Hi, > | > | You missed the point completely. He's not promoting software > piracy but > | showing

  1   2   >