Not to mention the obvious fact that if you have to trick someone into
running a batch file then you could probably just tell the genius to
execute a special EXE you crafted for them.
-sb
On Nov 28, 2007 4:43 PM, dev code [EMAIL PROTECTED] wrote:
lolerowned, kinda like the 20 other non
What version of the .NET framework is running on the server? 1.1.x,
2.0.x, or 3.0.x?
-sb
On 5/22/07, kingcope [EMAIL PROTECTED] wrote:
Hello List,
Recently I saw a small bug in IIS 6.0 when requesting a special path.
When I request /AUX/.aspx the server takes a bit longer to respond as
On FF 2.0.0.3 on WinXP SP2+hotfixes clicking the link loads up the
server not found page then CPU shoots up to 100% for ~1 minute and
then everything goes back to normal... not too exciting...
-sb
On 5/1/07, carl hardwick [EMAIL PROTECTED] wrote:
Product: Firefox 2.0.0.3
Description:
On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote:
Michal Zalewski wrote:
A quick test case that crashes while trying to follow partly
user-dependent corrupted pointers near valid memory regions (can be forced
to write, too):
http://lcamtuf.coredump.cx/ietrap/testme.html
Firefox
The test on that page still puts my 2.0.0.2 in a completely unusable
state, try it yourself and let me know what happens.
-sb
On 2/25/07, Ismail Dönmez [EMAIL PROTECTED] wrote:
On Sunday 25 February 2007 18:57:47 Stan Bubrouski wrote:
On 2/25/07, Daniel Veditz [EMAIL PROTECTED] wrote
I can't say the same it shoots my CPU up to 100% and is completely
unresponsive on win2k sp4.
On 2/25/07, Ismail Dönmez [EMAIL PROTECTED] wrote:
On Sunday 25 February 2007 20:27:19 Stan Bubrouski wrote:
The test on that page still puts my 2.0.0.2 in a completely unusable
state, try
On 2/15/07, Michal Zalewski [EMAIL PROTECTED] wrote:
Actually, there are several odd problems related to location updates and
location.hostname specifically, including one scenario that apparently
makes the script run with document.location in about: namespace.
I did not research them any
On 2/2/07, Tyop? [EMAIL PROTECTED] wrote:
key-based login without passphrase is like eating cheese without
bred. useless (IMHO).
Totally, if someone compromises the machine and gets root they get all
your keys and without a passphrase... yeah no good.
- - With a little bit of
Stick to beer, hard liquor seems to make you an angry drunk.
-sb
On 1/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Of course you will, the companhy you sell to never found more
than 4 vulns in their existence.
You're the cheap sales man selling insurance, where's your
USD750.ooo vuln
You're forgetting that gmail has a feature to report phishing
messages, that alone could give google quite a list of phishing sites
given its userbase.
-sb
On 1/2/07, moniker monikerd [EMAIL PROTECTED] wrote:
i see only two possible ways for google to get this kind of data.
google toolbar
On 9/14/06, Hugo Francisco González Robledo [EMAIL PROTECTED] wrote:
I think it depends on the context.
Example 1 (backdoored1.pdf) :
On Ubuntu Linux with Adobe Reader 7.0.1 opens the web page on
mozilla-firefox whitout warning.
On FC5 with Acrobat Reader 7.0.8 it opens the page in firefox
I'm reading your message in gmail and there is nothing in my temp
folder... not that i'd expect there to be. Gmail can't just create
files on your computer without your permission, it it can your
settings are wrong or your browser is broken. In other words if your
gmail mails are ending up in
On 7/31/06, n3td3v [EMAIL PROTECTED] wrote:
Hi,
You cannot impersonate someone, even n3td3v, its against the law.
I've already sent abuse reports to Hushmail at the time of writing this e-mail.
If you continue to make fun of n3td3v, i'll report the new addresses as well.
n3td3v
Last time I
On 7/31/06, n3td3v v3dt3n [EMAIL PROTECTED] wrote:
That goes for you too mister. Stop impersonating me or i will tell your mom,
I am the real n3td3v as i own n3td3v.com So there you little twerp.
I've never bothered to impersonate you, but again ownership of
n3td3v.com doesn't give you
On 4/13/06, Brandon S. Allbery KF8NH [EMAIL PROTECTED] wrote:
On Apr 13, 2006, at 1:29 , Dave Korn wrote:
Hey, guess what I just found out: Microsoft have deliberately
sabotaged
their DNS client's hosts table lookup functionality.
I thought this was part of avoiding malware attempts
Name one powerful hacker kicked out of here? Just one. And you don't
count (niether do I but I've never claimed to be an expert or
important).
-sb
On 3/30/06, n3td3v [EMAIL PROTECTED] wrote:
The most powerful hackers in the world being told to get off fd, well that
says a lot for fd then
So let me see if I get this right, yahoo employees are trying to tap
you for information and you stopped contacting them. Plenty of people
on this list want nothing of you and would love for you to stop
contacting them. How can we pull a yahoo here and be rid of you?
-sb
On 3/29/06, n3td3v
On 3/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Posting a private email to a mailing list is pretty slimeball Ryan.
Funny you would do such a thing when you lost your bullshit job at
Security Focus over getting owned.
Sadly more and more people are posting off-list messages back to the
On 3/25/06, Blue Boar [EMAIL PROTECTED] wrote:
Stan Bubrouski wrote:
On 3/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Posting a private email to a mailing list is pretty slimeball Ryan.
Funny you would do such a thing when you lost your bullshit job at
Security Focus over getting
On 3/25/06, n3td3v [EMAIL PROTECTED] wrote:
I work with rogue employee vendors around the world to bring good Hack
active solution about within the community, if you can't under stand that,
You work with rats and understand is one word.
then you need to sit down and realise that the n3td3v
' services and or Yahoo employees.
On 3/22/06, Stan Bubrouski [EMAIL PROTECTED] wrote:
How old are you? Seriously. I don't know whether you realize just
how completely stupid you come off as to even people new in the
security field. You are a joke. Quit filling this list with crap.
BTW did
[Advisory] | [Thu Mar 16 13:38:05 EST 2006] | Off-by-one in ISC DHCP
1. DESCRIPTION
It is possible to make ISC DHCP crash by the use of malformed input.
2. WORKAROUND
This advisory has no workarounds regarding the vulnerability.
3. VENDOR RESPONSE
ISC DHCP had extended no explanation
Not to mention all the messages come through www.c0replay.net assuming
that part of the headersare accurate. If you'll recall the same
domain was used to spoof a message from Steven Rakick on March 4th.
Seems some little kiddie in the UK (assumption warning!) is going to
be paying some fines. I
On 3/12/06, Gary Leons [EMAIL PROTECTED] wrote:
Personally, I find the Gay Slut advisories a refreshing change from
the crap Evron normally posts. But then, I kill filed him after his
OMG I FOUND A LUNIX VIRUS thread, so maybe he's reduced the
frequency of pathetic commentaries since then, I
with an sql injection
, possible private bug I dunno but I know the maintainer of this
website and they aren't responsible of this.
Stan Bubrouski wrote:
Not to mention all the messages come through www.c0replay.net
assuming that part of the headersare accurate. If you'll recall
the same
Do you ever give up? Only n3td3v would post that his google group,
which is merely an aggregation of lists like this one is a
vulnerability database... it's not.
-sb
On 3/8/06, System Outage [EMAIL PROTECTED] wrote:
Hello security community,
Why would someone buy a security vulnerability
On 2/15/06, Jerome Athias [EMAIL PROTECTED] wrote:
$50,000 for reporting BSA that your neighbor uses an illegal version of
Window$ !
That is entirely inaccurate. The $5 reward with numerous strings
attached is for reporting a company using multiple pirated copies of
software, reporting
reporting my sister ..
;D
Stan Bubrouski wrote:
On 2/15/06, Jerome Athias [EMAIL PROTECTED] wrote:
$50,000 for reporting BSA that your neighbor uses an illegal version of
Window$ !
That is entirely inaccurate. The $5 reward with numerous strings
attached is for reporting
I was added to this group without permission as well.
-sb
On 2/11/06, Adam Laurie [EMAIL PROTECTED] wrote:
I find it hard to believe that with all the resources at Google's
disposal, they are unable to find technicians or project managers,
designers, or whatever, that have any idea how the
your permission, along with your code etc...
terms of service don't trump copyright laws either...
-sb
On 2/11/06, Stan Bubrouski [EMAIL PROTECTED] wrote:
I was added to this group without permission as well.
-sb
On 2/11/06, Adam Laurie [EMAIL PROTECTED] wrote:
I find it hard to believe
On 2/11/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Sat, 11 Feb 2006 12:32:43 EST, Stan Bubrouski said:
you up for groups you don't want to be in, your messages get posted to
Google groups without your permission, along with your code etc...
Messages and code being reposted is hardly
On 2/9/06, Dave Korn [EMAIL PROTECTED] wrote:
Stan Bubrouski wrote:
Ever since Greg disagreed with me in that ZoneAlarm thread Dave and I
were arguing in, Greg has been forwarding all messages I send to the
list back to me.
Stan, it is possible you could be being manipulated by someone
Ever since Greg disagreed with me in that ZoneAlarm thread Dave and I
were arguing in, Greg has been forwarding all messages I send to the
list back to me.
Childish and Annoying are great ways to describe it since he could
easily automatically trash my messages if he doesn't want to read
them.
On 2/6/06, Research Infratech [EMAIL PROTECTED] wrote:
SNIP
[Vendor] notified now
SNIP
You have to admire that honesty ;-)
-sb
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
are erasing our privacy.
What I am looking for is specifics, like such and such company was
spamming my phone with people's credit card orders etc... and provide
a couple examples for verification (off list please, and don't send me
SS# or CC# I have no interest in them).
Best Regards,
Stan Bubrouski
Is it just me who thinks linking to a log of thousands of e-mail
addresses is in very poor taste on a mirrored list? If they weren't
harvested before they will be now.
-sb
On 1/20/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I don't
Well I'm not going to talk about how XSS is useless because we all
know it can be quite a serious problem. I think, and I don't know the
guy so I can't be sure, the original dissenter to this post was
pointing out that:
What would you phish from a site that doesn't have any forms anyways?
What
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Nancy Kramer
Sent: Friday, 20 January 2006 2:30 PM
To: Stan Bubrouski; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices
I admit I know nothing about firewalls
of message per
day)
Know what I mean?
-sb
On 1/20/06, Stan Bubrouski [EMAIL PROTECTED] wrote:
Well I'm not going to talk about how XSS is useless because we all
know it can be quite a serious problem. I think, and I don't know the
guy so I can't be sure, the original dissenter to this post
,
Stan
On 1/20/06, Stan Bubrouski [EMAIL PROTECTED] wrote:
On 1/19/06, MuNNa [EMAIL PROTECTED] wrote:
Hahaha ... native code doesnt seem to understand the meaning of Xss and
why
it can be of security concern. Here not only url re-direction is
possible
Why would he be concerned
On 1/20/06, Morning Wood [EMAIL PROTECTED] wrote:
in all honesty, XSS is a serious vector of attack.
however, non-persistant XSS is a much less serious problem
than is persistant XSS. Generally XSS is of no harm to the server
side anyway. It can however be leveraged as the OP said, but
would
On 1/19/06, Dave Korn [EMAIL PROTECTED] wrote:
I'd like to second what Greg says.
I've used ZA for years, through many changes of version.
It's never forgotten its settings for me.
It's never blocked anything it shouldn't or not blocked anything it
should.
Really? Do you just run
be a pain at times.
Best Regards,
sb
On 1/19/06, Stan Bubrouski [EMAIL PROTECTED] wrote:
On 1/19/06, Dave Korn [EMAIL PROTECTED] wrote:
I'd like to second what Greg says.
I've used ZA for years, through many changes of version.
It's never forgotten its settings for me.
It's never
On 1/19/06, redsand [EMAIL PROTECTED] wrote:
i think the author of this advisory is desperate for advisories or
attention.
Well maybe the guy was just misled because Microsoft led him to
believe it was something exciting? Either way it seems like anyone
could open a project file in notepad
My personal favorite was the older versions of Tiny Personal Firewall,
though they did have the major flaw of popping up stuff when the
computer was locked thus I stopped using it. They fixed it, but the
revamped interface they put out a couple years ago wasn't to my
liking. What do you think of
On 1/19/06, Greg [EMAIL PROTECTED] wrote:
I don't think anymore needs be said. Your mistakes, above, are enough to
condemn you by your own word so for the sake of not making this any worse,
we'll leave it here.
What a convenient cop-out.
-sb
___
On 1/17/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think ms wont fixe any bug in vstudio, I have told them if they will
fix the vs2005 issue published recently and they said me exactly what
is on your support page:
Only open project files
Yes he did. :)
-sb
On 1/13/06, Todd Towles [EMAIL PROTECTED] wrote:
Stan wrote:
Yeah cause threads like this really open peoples eyes...
I do agree with that...and I think the people know what they are seeing.
Bkfsec stated the situation very well IMHO.
cum hoc ergo propter hoc
-Todd
Ordinarily I'd argue, but its hard to when we find out Microsoft knew
about the bug for a long time and made a concious decision not to
patch it even though they knew it could lead to a system compromise.
People commented on how Microsoft put out a patch quicker than they
usually would but this
On 1/13/06, Todd Towles [EMAIL PROTECTED] wrote:
Stan wrote:
Ordinarily I'd argue, but its hard to when we find out
Microsoft knew about the bug for a long time and made a
concious decision not to patch it even though they knew it
could lead to a system compromise.
Concious decision?
On 1/13/06, Todd Towles [EMAIL PROTECTED] wrote:
Stan wrote:
Ordinarily I'd argue, but its hard to when we find out
Microsoft knew about the bug for a long time and made a
concious decision not to patch it even though they knew it
could lead to a system compromise.
Also, Microsoft must
I wasn't agreeing its a conspiracy I was just saying they knew about
this being serious for a while and did nothing about until it went
public for whatever reason.
-sb
On 1/13/06, bkfsec [EMAIL PROTECTED] wrote:
Stan Bubrouski wrote:
Ordinarily I'd argue, but its hard to when we find out
From your extremely detailed query I'd have to say the NSA. That of
course is based on nothing.
-sb
On 1/13/06, Byrne, David [EMAIL PROTECTED] wrote:
Our IPS vendor is reporting a number of customers affected by large volumes
of traffic generated by a worm. Anyone have details?
Thanks,
Back to the original subject:
[Full-disclosure] Steve Gibson smokes crack?
Does anyone know if Steve Gibson does indeed smoke crack? If Marion
Barry does, why can't he? These questions need answers! Or not,
happy friday, drink up.
-sb
On 1/13/06, eric williams [EMAIL PROTECTED] wrote:
On 13
This is not the right list for this kind of question. How you managed
to find this list but not the answers you are looking from google is
astounding (no offense intended, this is a list to discuss the full
disclosure of vulnerabilities).
-sb
On 1/10/06, [EMAIL PROTECTED] [EMAIL PROTECTED]
I read that and couldn't stop laughing. More from the I don't need
to get it to explain it doctrine. It gets a gold star for effort, I
wonder if he pulled out a thesaurus.
-sb
On 1/9/06, Danny [EMAIL PROTECTED] wrote:
removed inane banter
Is this what you are referring to:
Oh where to begin...
On 1/5/06, Joe Average [EMAIL PROTECTED] wrote:
I guess he got bored of turning netdev into public enemy number one, to
You are n3td3v, and talking in the third person under an assumed
identity just adds to your own turmoil.
divert attention away from the real guy who is
On 1/5/06, Joe Average [EMAIL PROTECTED] wrote:
Why are you mentioning n3td3v? This thread is about infosecbofh, please keep
First of all:
Joe Average to Frank, full-disclosure 11:28 am (4 hours ago)
I guess he got bored of turning netdev into public enemy number one,
to divert attention away
I can confirm the patch appears on Windows Update for my win2k SP4 machine.
-sb
On 1/5/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Looks as if MS is issuing a fix out of band for the WMF issue. Should be
available at 5:00 PM EST today.
Seeing as most IMAP servers allow you to use ../../ with SELECT, etc..
(think uw-imapd for example) I think I would categorize this as more
of a permissions problem.
-sb
On 1/4/06, Josh Zlatin [EMAIL PROTECTED] wrote:
Synopsis: Rockliffe's Mailsite Imap Directory Transversal Vulnerability.
Well if you look at the fact there is no title on titlebar and the
fact the active tab is Untitled, I'd hazard to guess its something he
manually entered into the address bar, and so we don't even know if
this is exploitable by clicking a link or whatnot.
Not exactly sure why this was posted if
Personally I'm not opposed to the killing of J.A. if it will end this
quietly ;-)
-sb
On 12/31/05, J.A. Terranson [EMAIL PROTECTED] wrote:
On Fri, 30 Dec 2005, InfoSecBOFH wrote:
You know what. Who gives a fuck about any of this.
I am an American. We have the bombs, we have the
It's amazing nobody has brought up the fact that Bush was illegally
monitoring domestic and international calls during a presidential
election. He could have been listening to the Kerry camp's calls.
Worse we'll never know because without a judge's approval there is no
official paper trail.
So let me get this straight. SecurityFocus doesn't think you're worth
their time and so they must not be hackers... I'd say I was confused
but sadly I think I get it.
-sb
On 12/27/05, Joe Average [EMAIL PROTECTED] wrote:
This mail was sent on behalf of the n3td3v group.
It goes without
What does Robert Lemos saying Moreover have anything to do with security?
And what is your obsession with slandering and discrediting people who
actually have jobs and accomplished more than copied and pasted
e-mails like you anyways.
Moreover, you are n3td3v.
-sb
On 12/27/05, Joe Average
So what? I don't care if the guy eats babies for breakfast, personal
attacks have nothing to with security or any topic covered on this
list.
-sb
On 12/28/05, InfoSecBOFH [EMAIL PROTECTED] wrote:
In his defence. Lemos is kind of a fuckbag
On 12/27/05, Stan Bubrouski [EMAIL PROTECTED] wrote
Hehe I noticed that and didnt bother telling you ;-P-sbOn 12/25/05, Bob Hacker [EMAIL PROTECTED]
wrote:sorry i misplaced your post with your reality, I replied simply with...
Bob Hacker
to Stan
More options
Dec 24 (1 day ago)
Its outstanding, I was being sarcastic just out of
tinyurl has already closed that account due to abuse FYI :)
-sb
On 12/17/05, Pieter de Boer [EMAIL PROTECTED] wrote:
Morning Wood wrote:
oh wow, fun toys for the holidays...
http://tinyurl.com/9tz5g
postcard.gif.exe
A link to almost this same .exe has been spammed to me several
I wonder if he's sending himself gmail invites...lol
-sb
On 12/15/05, sk / GroundZero [EMAIL PROTECTED] wrote:
so pathetic, n3td0rk already has to invent imaginary people which are on his
side.
so its not always he against the FD list. oh well boy, you just proove once
more how lame you
Author: Stan Bubrouski
Date: December 16, 2005
Package: WebCal (by Michael Arndt; http://bulldog.tzo.org/webcal/webcal.html)
Versions Affected: 1.11-3.04 (unknown 1.11)
Severity: XSS allowing cookie theft, etc..
Description:
This particular WebCal (there are in fact over a dozen separate webcal
On 12/11/05, n3td3v [EMAIL PROTECTED] wrote:
This list is for people to disclose security information, not for
random people to disrespect others who do disclose vulnerabilities. It
THAT IS ALL YOU DO!!! You post some XSS vuln somewhere then criticize
everyone else on the list while touting
On 12/3/05, Michael J. Pomraning [EMAIL PROTECTED] wrote:
SNIP
For Perl projects, I'd also nominate syslog(), from the standard Sys::Syslog
module, for special attention. It's common in *NIX environments regardless
of programmers' backgrounds and is extremely likely to be called with
While you make some valid points, lets not escalate this to another
political discussion ;-)
-sb
On 11/30/05, Dude VanWinkle [EMAIL PROTECTED] wrote:
On 11/30/05, Andy Lindeman [EMAIL PROTECTED] wrote:
I think we're talking about legal wiretaps, e.g. a law enforcement
agency with a court
Man these threads are just a waste of space... cant you guys just
settle this with a pissing contest or in an octogon of death? or
better yet just kill eachother? I liked it much better when you all
responded to separate threads and ignored eachothers existence.
-sb
On 11/19/05, Bernhard
On 10/6/05, Georgi Guninski [EMAIL PROTECTED] wrote:
On Thu, Oct 06, 2005 at 09:09:32AM +0400, offtopic wrote:
snip Which fird-party can't be user as coordinator, like CERT/CC?
i recommend you don't use coordinators - they are f*ck*d parasites.
think about what they will coordinate -
LOL, and he didn't pt a subject on either message...
On 8/9/05, KF (lists) [EMAIL PROTECTED] wrote:
Maybe next I can enjoy a subject line?
-KF
SNIP
___
Full-Disclosure - We believe in it.
Charter:
Hey,
I don't ordinarily send messages like this, but I find it kinda
disturbing. I opened up firefox today (v1.0.2 I know its old but I
haven't used this PC in a while), and typed:
www.espn.com
into the address bar only to find myself at:
http://www.megago.com/l/?
I checked the address bar
Paul Schmehl wrote:
--On Tuesday, April 26, 2005 03:05:29 PM -0400 Stan Bubrouski
[EMAIL PROTECTED] wrote:
Could we can the nazi rhetoric in messages on this list? Or can we just
complain until the list
loses its hosting?
That makes a great deal of sense. One poster sends stuff you find
78 matches
Mail list logo