wrote code. He said that Jason
Wright and several other developers were responsible for those
backdoors
-Original Message-
From: Paul Schmehl [mailto:pschmehl_li...@tx.rr.com]
Sent: Friday, December 17, 2010 12:12 PM
To: Larry Seltzer; full-disclosure@lists.grok.org.uk
Subject: RE: [Full
already a
latent vulnerability in it already? Then there is no deniability concerns
and no audit trail of the source code.
My 2 cents
On 16/12/2010, at 1:04 PM, mark seiden m...@seiden.com wrote:
On Dec 15, 2010, at 5:23 PM, Graham Gower wrote:
On 16 December 2010 09:50, Larry Seltzer la
Instead of an overt back-door, is it possible that Theo's old friend (;))
is referring to exploitable vulnerabilities. These vulnerabilities may or
may not have been found in the interim and fixed, but not recognized as
backdoors.
As you said, it's impossible to prove a negative (prove to me that
is a fucking laugh riot
this thread!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Theo,
How would one go about getting the code that was worked on at the time? I
don't see it at openbsd.org.
Also, do you have a sense of what other projects used that code?
Presumably at least some of them did audits as well.
LJS
___
Full-Disclosure
Has anyone read this yet?
http://www.downspout.org/?q=node/3
Seems IPSEC might have a back door written into it by the FBI?
Surely the thing to do now is not to audit *your own* OpenBSD code, but to
audit the OpenBSD code from about 8 years ago. If there's nothing there,
then the claim is
2. some interpret it as a feature and some as a bug?
Does it have to be either?
It sounds to me as if this is a deliberate design decision, and people are
disagreeing over the severity of its implications.
LJS
___
Full-Disclosure - We believe in
I think the Intranet zone was Medium in IE6 but of course there was no
Protected Mode there. Maybe that's where the confusion is from.
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor
(Hammer of God)
I've made a lot of money writing papers inspired by Moxie's work, so I can
relate.
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Eyeballing
Weev
Sent: Tuesday, November 23, 2010 4:44 PM
To:
It says “My name is Roger Waters and I’m a completely selfish asshole and
I’m taking my ball and going home now.”
*From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Thor (Hammer of
God)
*Sent:* Thursday, October 14, 2010 6:33 PM
the extent of the problem, because each of those installations is likely
vulnerable.
-Original Message-
From: Dan Kaminsky [mailto:d...@doxpara.com]
Sent: Tuesday, September 14, 2010 6:54 PM
To: Stefan Kanthak
Cc: Larry Seltzer; full-disclosure@lists.grok.org.uk;
valdis.kletni...@vt.edu
Subject
It's true that conventional certs have been completely devalued by the
bottom-feeders. This is a good argument for EV. Goatse may dismiss EV as a
joke, but there are very few EV CAs and none of them are TELECOM MINISTRY
OF BUTTFUCKISTAN. The spec requires that they authenticate the operation
of
FYI everyone, ACROS has fixed the POC for 64-bit systems. The old one
failed on my Win7 64-bit and the new one works.
http://www.binaryplanting.com/test.htm
I did notice that if you just click on the link
(\\www.binaryplanting.com\demo\windows_address_book_64) Windows turns it
into a file:// url
I don’t think you read my e-mail. They fixed it. Have you retested today?
*From:* Christian Sciberras [mailto:uuf6...@gmail.com]
*Sent:* Thursday, September 02, 2010 9:44 AM
*To:* Larry Seltzer
*Cc:* full-disclosure@lists.grok.org.uk
*Subject:* Re: [Full-disclosure] DLL hijacking POC (failed
Clearly desktops need to be able to run arbitrary code. That’s what they’re
there for.
Why wouldn’t eliminating the CWD from the DLL search order fix the problem?
I asked Microsoft about this (
http://blogs.pcmag.com/securitywatch/2010/08/list_of_dll_vulnerability_wind.php)
and they said the
, August 27, 2010 10:08 AM
*To:* Larry Seltzer
*Cc:* valdis.kletni...@vt.edu; full-disclosure@lists.grok.org.uk
*Subject:* Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
h0h0h0. There be history, Larry.
Short version: Go see how many DLLs exist outside of c:\windows\system32.
Look
:* Friday, August 27, 2010 10:50 AM
*To:* Christian Sciberras
*Cc:* Larry Seltzer; full-disclosure@lists.grok.org.uk;
valdis.kletni...@vt.edu
*Subject:* Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
...up till the moment you realize that the interface doesn't really
differentiate
that signatures are consistent with the EXE.
*From:* Arthur Orr [mailto:a...@gci.com]
*Sent:* Friday, August 27, 2010 1:52 PM
*To:* Larry Seltzer; Dan Kaminsky; Christian Sciberras
*Cc:* full-disclosure@lists.grok.org.uk; valdis.kletni...@vt.edu
*Subject:* RE: [Full-disclosure] DLL hijacking
Instead of it executing wab.exe (Windows Address Book) and open the
file test.vcf, one can directly get any .exe file open.
Users have shown themselves very willing to open up test.vcf.exe.
LJS
___
Full-Disclosure - We believe in it.
Charter:
It's better than nothing, but it speaks ill of the agency. Yes, the
encryption is the same.
Certificates have expiration dates so that the verification that happens
at the time the cert is acquired can have some freshness. So if it's
just expired, well it's no biggie, especially if this is a
Oh cool, this is like those TV ads where the guy parades his social security
# around, right?
*From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Thor (Hammer of
God)
*Sent:* Friday, June 11, 2010 11:33 PM
*To:*
I might be able to buy you one beer with the money, but it won’t be
anything good.
*From:* Thor (Hammer of God) [mailto:t...@hammerofgod.com]
*Sent:* Wednesday, June 09, 2010 6:56 PM
*To:* Larry Seltzer; noloa...@gmail.com; Daniel Sichel
*Cc:* full-disclosure@lists.grok.org.uk
*Subject:* RE
Click here to retrieve your free beer.
http://bit.ly/4a8VOA
*From:* Benji [mailto:m...@b3nji.com]
*Sent:* Wednesday, June 09, 2010 7:08 PM
*To:* Larry Seltzer
*Cc:* Thor (Hammer of God); noloa...@gmail.com; Daniel Sichel;
full-disclosure@lists.grok.org.uk
*Subject:* Re: [Full-disclosure] RDP
See http://technet.microsoft.com/en-us/library/cc782610(WS.10).aspx
If you connect through a VPN it should be as secure as anything else you’re
going to consider.
*From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Jeffrey
Don't you get it? Your customers installed malware while logged in as
administrator on XP. MSRT isn't magic. From this you tell people Don't
run Windows?
And if your customers' apps require admin privileges and they have to
run on XP then they really can't be properly secured.
Larry Seltzer
and they didn't reply.
More than one antivirus vendor has said that their products are not
vulnerable to the technique. It's hard to say who is telling the truth,
but given all their overstatement matousec doesn't deserve the benefit
of the doubt.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt
You need admin privileges for it. It's not a vulnerability, it's a
feature.
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Justin
C. Klein Keane
Sent: Tuesday, April 27, 2010 3:07 PM
To:
jws seems to be one of those gifts that keeps on giving. I don't have
actual numbers, but it seems to me I see it mentioned regularly in their
vulnerability reports.
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On
Per Ryan Naraine (a friend and former colleague), the story has been
updated and corrected: http://blogs.zdnet.com/security/?p=5573
Larry Seltzer
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
Berend-Jan Wever
Sent: Wednesday
randomization slots? The point of
it is that if you're going to crash the system 255 out of 256 times it's
not worth attacking.
Larry Seltzer
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
Berend-Jan Wever
Sent: Monday, March 01, 2010 7:41
Google translates this as “Sun your mother!”
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of yuange
Sent
by then, as a distinct southern
culture had already emerged.
/thread drift
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
___
Full-Disclosure - We believe in it.
Charter: http
Full-Disclosure has been submitted to ISO as a discussion standard, requiring
English posting, but allowing for a subposting field with referrals to
internationalized versions
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch
Wow, that’s a searing indictment if I’ve ever heard one, I think.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk
It’s harmless, he’s just blowing his own company’s horn. Speaking of spam…
h, shall I click a tinyurl coming from a f-d poster?
n/n, pick one
this is email, not twitter. if you're sharing a legitimate link, there's no
reason not to directly link to it.
2010/1/11 Chen Levkovich
Recent evidence shows that the globe is again cooling
So the CO2 emissions are the only things saving us, right Paul?
Post-hoc, ergo propter hoc.
It's a staple of climate science.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch
and a system which handles it automatically is a better one.
And as the article says, the claim in the subject line of this thread is
nonsense. It's obvious to anyone who reads the patent, which is a very
short one.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http
rated it at least Medium. If I'm wrong about
that then the Low rating is misleading.
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
left doesn't mean they're going to get first-class treatment.
Larry Seltzer
Contributing
I’ve never before received anything like this for Windows Live. I got a second
invite just like this through Live Messenger.
(Soon this will be changing to Bing profile spam)
Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch
It looks like this was fixed in 9.1, the version from a week or two ago. Why
wasn't the vulnerability disclosed until now?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.selt
They keep saying that the BBC hacked 22,000 computers, when in
reality
the original articles said the BBC acquired or hijacked the botnet.
Strawman for the win?
If they paid for access to the botnet then there's no real moral
difference.
Larry Seltzer
eWEEK.com Security Center Editor
http
75ca3011ae2a15f851cc3334cf7918ae851c92f1
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.selt...@ziffdavisenterprise.com
___
Full-Disclosure - We
Jeez, the stolen part was a joke. Finally someone says something on
this thread related to computer security and you all jump on me.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.selt
Also stolen from the Palestinian people: their domain name.
The web site of the Permanent Observer Mission of Palestine to the
United Nations: http://www.palestine-un.org/
Click some of the links on the left and check the whois.
Larry Seltzer
eWEEK.com Security Center Editor
http
population.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.selt...@ziffdavisenterprise.com
___
Full-Disclosure - We believe in it.
Charter: http
Moving beyond the old partisan politics, a cause we can all get behind.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
http://blogs.pcmag.com/securitywatch/
http://blogs.pcmag.com/securitywatch
for amazon.com how long will it take me to
figure out all your others?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
http://blogs.pcmag.com/securitywatch/
http://blogs.pcmag.com/securitywatch/Contributing
Contributing
It's worth pointing out that some OpenID providers are better than
others. An OpenID provider could implement 2-factor authentication, and
some have
(http://www.infrastructure.ziffdavisenterprise.com/c/a/Blogs/OpenID-In-H
ardware/), or other features which could strengthen it.
Larry Seltzer
-policy-as-a-limited-user.aspx
What he says is that some group policies, not including system-wide
security settings, maybe circumvented, even by a limited user.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC
or the computer is asleep (though not if it
is hibernating or powered off).
So in other words, hibernate does make a difference, especially if you
follow their guidelines.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor
. And if
you're the sort of high-value target who needs to worrry about this sort
of attack, there are measures you can take: use drive encryption, use
2-factor authentication, use hibernate instead of sleep, use group
policy to enforce them.
Larry Seltzer
eWEEK.com Security Center Editor
http
has some residual charge I'm
sure it's far less reliable than with sleep.
Everything I've seen in descriptions of that attack tells me they are
unfairly conflating sleep and hibernate.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch
Who can be the one to find and publish the first exploit?
I hear you can completely compromise an IE8 system through the Firewire
port.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL
Let's say the computer is off. You can turn it on, but that gets you to
a login screen. What can the Firewire device do?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
they can disable
password authentication *even while the system is not logged on* - do I
have that right?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
this?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
up DMA for a device
only to a certain range?
If not, what options are available?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
___
Full
Next we'll be seeing Japanese tactical nukes Hidden in Toyota
trunks
And who knows what the French are putting in that cheese.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
http://blogs.pcmag.com
capability exist on Macs?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
I get this same warning on FF 3.0 beta 2 on Vista.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
MS is planning on stopping XP sales after June 30,2008.
Why don't you start hoarding copies now? Come July you'll run the
market! Ha ha ha!
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
[EMAIL
This vulnerability allows for arbitrary command execution and is really quite
severe.
So the following proof of concept causes the Windows Calculator to be executed?
C:\calc
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch
or DNS
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Gadi Evron
Sent: Saturday, November 03, 2007 9
Actually, I see 5.1005 in both browsers.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
___
Full-Disclosure - We believe
..perhaps one day, this will be exploitable.
Consider the possibilities for this code:
If ((4.2-0.1) != 4.1) { exploit_client(); }
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
Firefox 2.0.0.7 result: 5.1005 (WRONG!) Internet Explorer
7 result: 5.1 (OK)
Maybe they're using Excel 2007 for their math.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
Found this page, click on Accessories then try to print the page, it
seems to crash all the browsers I have soon as I try to print. Thought
someone here might like to play with the crash.
Printed from IE7 and FF 2.0.0.4 no problems.
Larry Seltzer
eWEEK.com Security Center Editor
http
The picture taken on my system:
http://alt.swiecki.net/idn.png
It looks different on my system: http://www.larryseltzer.com/safe2.png
Safari 3.0.2 on XPSP2
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC
y_need_another_windows_browser.html). They have already done this with
QuickTime. Safari could develop installed base quickly that way.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
In luxembourg for instance mails labeled as PRIVATE or CONFIDENTIAL
are not allowed to be viewed by the company, ALSO as email. Write it in
the subject line.
Hey, don't read this. This isn't for you.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com
Why would this be offensive? It's a company address. Someone might send
e-mail containing company business to the address.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
Would you feel the same way if it was a voicemail left on his machine?
What about a postal letter addressed to the person?
To the company phone or address? Yes. Of course. They're company
property, there for company purposes.
Larry Seltzer
eWEEK.com Security Center Editor
http
Really? I have gotten benefits and medical communications at my office
addy.
That stuff should be going to your home address, not least for this
reason.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
Check out a recent survey of 50 WordPress blogs conducted at
blogsecurity.net http://blogsecurity.net/ :
http://blogsecurity.net/wordpress/articles/article-230507/
http://blogsecurity.net/wordpress/articles/article-230507/
Can the Month of WordPress Bugs be far behind?
Larry Seltzer
eWEEK.com
I was wondering if anyone has a few Microsoft Windows Word proof of
concept exploits for a demo?
Go to http://www.milw0rm.com and search on Word
http://www.milw0rm.com/exploits/3260
blocked::http://www.milw0rm.com/exploits/3260 for example
Larry Seltzer
eWEEK.com Security Center Editor
http
http://www.milw0 .. http://www.milw0rm.com/exploits/3260 for
example
A word of advice to everyone: Don't send milw0rm links out to the list
unless you want to drown in blowback from Antigen gateways.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ blocked
Maybe if we issued one every minute we could keep the time frame
reasonable
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto
Looks like this has turned into the Month of Officeocx bugs, since the
first 3 are components sold in that package.
snore...
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ blocked::http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
http://blog.eweek.com
I know Larry, wtf is an office exploit good for? nothing thats what..
It's not an Office exploit, it's an exploit in a 3rd-party add-on
package. And not an especially popular one.
You do understand the difference, don't you?
Larry Seltzer
eWEEK.com Security Center Editor
http
Sorry for the smart-ass tail end to my message, but this *is* F-D after
all
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto
that?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
just a segfault
Remember back when there were crash bugs? Now all we have are DoS's.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.eweek.com/cheap_hack/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
LS The Firefox docs say that it doesn't support .ani files for cursors.
LS How are you exploiting it?
AS I'll wait until the patch is out before I publish the technique.
AS As far as I know there are no public ANI exploits for Firefox yet.
So now can you say how Firefox is vulnerable?
Larry
in GDI is fixed.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From: Daniel Veditz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 03, 2007 9:47 PM
style type=text/css
BODY{cursor: url(http://www.larryseltzer.com/DRUM.ANI);}
/style
This is a harmless animated cursor.br
This is a harmless animated cursor.br
This is a harmless animated cursor.br
This is a harmless animated cursor.br
/BODY/HTML
Larry Seltzer
eWEEK.com Security Center Editor
http
be in quites? This works for me:
body style=CURSOR: url('foo.ani')
It's actually supposed to work with or without quotes I think and I've
tried a dozen variants and yours here. No luck. The cursors are straight
out of c:\windows\cursors. I'll try it in the morning.
Larry Seltzer
eWEEK.com Security
techniques that would detect heap
spraying. I'm sure any HIPS would block it. But like DEP they're not on
in Windows by default.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
you too.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ blocked::http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
http://blog.eweek.com/blogs/larry_seltzer/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
[EMAIL PROTECTED
binaries are covered by DEP by default.
I'm almost positive that the limited system binaries do not include
Internet Explorer. At the time they made this configuration decision too
many controls were broken by turning on DEP by default.
And the policy is the same in Vista. For now.
Larry Seltzer
I just posted a video of exploiting IE7 and Firefox on Vista.
The Firefox docs say that it doesn't support .ani files for cursors. How
are you exploiting it?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing
Specifically
http://developer.mozilla.org/en/docs/Using_URL_values_for_the_cursor_pro
perty in the Limitations section
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
[EMAIL PROTECTED
The issue is that this only works with DEP turned off!
Interesting point. I haven't seen this mentioned anywhere, including the
Microsoft advisory
(http://www.microsoft.com/technet/security/advisory/935423.mspx).
Has anyone actually tested this with DEP on/off to be sure?
Larry Seltzer
can you really
do in IE protected mode? You need to get the user to run the ANI outside
of IE. Can anyone say what actually happens if you read an e-mail in the
Vista Mail program with an attack ANI embedded?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http
in protected mode I'm sure there are things you can
do, but it's a huge step down from what you can do in XP and it's gone
as soon as you exit IE7
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
[EMAIL
http://www.microsoft.com/technet/security/bulletin/advance.mspx
Microsoft Security Bulletin Advance Notification
Updated: April 1, 2007
As part of the monthly security bulletin release cycle, Microsoft
provides advance notification to our customers on the number of new
security updates being
Phishtank.com resolves to 127.0.0.1, has someone taken it offline?
No, I'm still getting to the site. I don't suppose mcafee.com,
symantec.com and a lot of other security domains also resolve to
127.0.0.1 for you, do they?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com
This response doesn't seem to address any Linksys (and therefore
Cisco) routers, does it?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
[EMAIL PROTECTED]
-Original Message-
From
According to public reports, this vulnerability is addressed in Adobe
Acrobat Reader 8.0.
I've actually tested it. On Reader 8 Acrobat you get a messagebox that
says This operation is not allowed
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com
I hope you're still not angry!
I just tried your demo on IE7. It took a while longer but does seem to
have locked up. Were you looking at IE6 or IE7, and is the behavior any
different?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry
1 - 100 of 127 matches
Mail list logo
