Re: [Full-disclosure] A question for the list - WordPress plugin inspections

On Wed, Feb 19, 2014 at 06:40:51PM +, Harry Metcalfe wrote: > We write and publish light-touch inspections of WordPress plugins > that we do for our clients. They are just a guide - we conduct some > basic checks, not a thorough review. > > Would plugins which fail this inspection be of genera

Re: [Full-disclosure] Ubuntu, duckduckgo, and additional info

On Wed, Jan 15, 2014 at 05:47:24AM -0700, silence_is_b...@hushmail.com wrote: > I see thank you. My distribution.id nuke did nothingany way to > disable this? It's all about choice after all right ;) Depends upon the browser. For Firefox, see: /usr/lib/firefox/distribution/searchplugins/loc

Re: [Full-disclosure] Ubuntu, duckduckgo, and additional info

On Tue, Jan 14, 2014 at 05:41:42AM -0700, silence_is_b...@hushmail.com wrote: > Any particular reason when setting duckduckgo as the default search > and searching from the url bar we get an additional nugget of info > sent? Case in point: > > GET /?q=add+duckduckgo&t=canonical HTTP/1.1 [...] > I

Re: [Full-disclosure] EasyPHP 12.1 - Remote code execution of any php/js on local PC

On Mon, Dec 03, 2012 at 06:44:24PM -0500, Jeffrey Walton wrote: > > "Yes, we have responsibility, but no enough time to make a new release. ... > > This failure will never used by real hackers because it's better to found > > something in Acrobat or other wildspread soft. ... So stop crying, kiddy.

Re: [Full-disclosure] bash path normalization bug

On Thu, Nov 15, 2012 at 10:09:56PM +0200, Andris Berzins wrote: > $ bash --versionGNU bash, version 4.2.8(1)-release > (x86_64-pc-linux-gnu)$ bash --versionGNU bash, > version 4.0.28(1)-release (i386-pc-solaris2.8)Bash fails > to normalize path starting starting with "//" and will consider "/" > an

Re: [Full-disclosure] Security risks of doing business with China?

On Thu, Nov 01, 2012 at 08:43:10AM +, Dan Ballance wrote: > I greatly respect the collective knowledge about security matters on this > list. What do you make of this BBC report? Here in the UK we are seeming > happy to do business with China, but other countries are blocking over > alleged sec

Re: [Apparmor-dev] Re: [Full-disclosure] Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed V

On Thu, Apr 06, 2006 at 12:01:06PM -0400, Brian Eaton wrote: > Does cap_setuid give a program enough authority to break out of the > AppArmor profile? Not directly, no; however, because a process with this capability can forge credentials over unix domain sockets it is possible that it could entic