[Full-disclosure] Halvar Flake denied entry to USA for BlackHat

http://addxorrol.blogspot.com/2007/07/ive-been-denied-entry-to-us-essentially.html http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-hf.html -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full

Re: [Full-disclosure] MySpace e-mail importer rasies security concerns

in mind. LinkedIn at least uses HTTPS by default, which should deter sniffing. I don't think MySpace gives you the same luxury... -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Re: [Full-disclosure] windows arp dos

work and I am lazy. Did you hook in to find what windows code is producing the majority of this DoS? Maybe some unnecessary loop added in Windows XP SP2? It it not surprising I guess. But again, a dumb local attack, unless proxy ARP is configured... -- Kristian Hermansen

Re: [Full-disclosure] Month of Random Hashes: DAY SEVENTEEN

hashes of hashes? -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] 6 Month Vista Vuln Report, Debunked

that is absolutely critical to the conclusions, rather than just Other OS's have more bugs, see, look at my graphs... -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

[Full-disclosure] PATCH: Anonymous Spoofing via Multicast ARP (dsniff / arpspoof)

; + break; case 'i': intf = optarg; break; -- Kristian Hermansen --- arpspoof.c.orig 2007-06-22 21:24:26.169638763 -0400 +++ arpspoof.c 2007-06-25 23:08:51.786962797 -0400 @@ -31,12 +31,13 @@ static struct ether_addr spoof_mac

[Full-disclosure] Month of DoS Bugs (MODB)

An entire month dedicated to denial of service would be quite entertaining... -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

Re: [Full-disclosure] Month of [something] Bugs

-days? Heh...good luck :-) -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] hiding routers

conditions. However, I am still interested in how likely an organization is to try something like this for both legitimate and illegitimate purposes. -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full

Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

-bit ASLR entropy means it is not very likely to hit your offset :-) Has anyone even attempted a 64-bit XP/Vista ANI exploit? -- Kristian Hermansen ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Re: [Full-disclosure] firefox 2.0.0.2 crash

Exactly... Date: Mon, 12 Mar 2007 11:28:38 -0500 From: Jason Areff [EMAIL PROTECTED] Subject: Re: [Full-disclosure] firefox 2.0.0.2 crash To: Kristian Hermansen (khermans) [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Message-ID: [EMAIL PROTECTED] Content-Type: text/plain

Re: [Full-disclosure] firefox 2.0.0.2 crash

OK Data transfer complete /usr/bin/firefox '/tmp/ggdfOe/L23367-1095TMP.gif' lynx: Start file could not be found or is not text/html or text/plain Exiting... -- Kristian Hermansen ___ Date: Fri, 09 Mar 2007 20:31:40 +0200 From: T?nu Samuel [EMAIL PROTECTED] Subject: [Full-disclosure

[Full-disclosure] Re: SOX whistleblowers' clause Compliance

To have a totally anonymous email, why not use a public email service like mailinator, combined with TOR to route your HTTP traffic to that service? Now, mailinator may keep logs, but they can only go back to the TOR host... -- Kristian Hermansen

[Full-disclosure] Re: Snatching IP on LAN, how to DoS/block such machines?

a PacketShaper from Packateer. It is a layer7 filtering device with a nice web admin tool that allows you to customize any protocol's bandwidth usage (0 KB/s if you want). So, that is something else for you to check out...where do you work? -- Kristian Hermansen [EMAIL PROTECTED] signature.asc Description

[Full-disclosure] Re: plz suggest security for DLL functions

) Local Denial Of Service As stated here by many before, if someone has enough time and resources, they will get at your code. The best you can do is to frustrate them so much that the analysis consumes their time for friends, beer, wo/men, etc... -- Kristian Hermansen [EMAIL PROTECTED] signature.asc

Re: [Full-disclosure] Microsoft Windows and *nix Telnet Port Number Argument Obfuscation

discovery to please post it here (Nick didn't respond to my email). I am interested to know more about it, and maybe the original discoverer found other things as well...thanks -- Kristian Hermansen [EMAIL PROTECTED] Cisco Systems, Inc. ___ Full-Disclosure - We

[Full-disclosure] Re: alpha numeric exploitation

On Thu, 2005-05-26 at 20:36 +0100, [EMAIL PROTECTED] wrote: Anyone got any ideas how to do this with only alpha numeric chars? Would dissembler do what you want? It should be able to squeeze the ascii shellcode for you ;-) http://www.phiral.com/research/dissembler.html -- Kristian Hermansen

[Full-disclosure] Miva Merchant 4.x Tax Calculation Bypass Vulnerability w/ PoC

and is a horrible rip-off product. Use osCommerce instead, since it is also more secure and Open Source. If you want to be raped, economically and mentally, use Miva. http://www.oscommerce.com/ -- Kristian Hermansen [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part

[Full-disclosure] Hack Your Credit Card Company

out to Jon Hermansen for a few details which helped with further exploitations. -- Kristian Hermansen [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http