If you want anyone to help you with your specific problem, then you need to
provide specifics to your problem. Can you post some (or all) of what
you're trying to decode? If not, can you provide more information on what
you're seeing? What character set? What length? Is any of it human-readable?
Holy shit you guys, a ghost.
On Wed, Nov 20, 2013 at 9:12 AM, steve jobs wrote:
> Imperva use hardened centos 5.4 to run Web Application Firewall and
> Database Activity Monitoring product.
> It could be exploit to get root in the kernel 2.6.18-164.15.1.el5.imp4
> which was built by imperva in
If you're really curious, why not just run Apache for a day or so and see
exactly what it's looking for, what it's user-agent is, etc? That'd likely
tell you way more than any of us can. For example, if it turns out to be
looking for /someobscuredir - then there's a good chance Gary is right.
Meanw
bradon nailed it, it has nothing to do with entitlement, it has to do with
incentive. $12.50 is not only _not_ incentive, but it's outright insulting,
thus having the exact opposite effect.
On Wed, Oct 2, 2013 at 10:34 AM, Jordon Bedwell wrote:
> On Wed, Oct 2, 2013 at 10:32 AM, Ian Hayes
> wr
I'm on the same page as Pascal, what is the point of this? The part
that really stands out for me is how Microsoft is being singled out
here. If it's about their documentation, then it's not really about a
vulnerability. If it's NOT about their documentation, then you'd be
hard pressed to find a pl
What exactly is a re-riding attack? Is that just another name for replay?
And does this only work in the sorry/continue context for google.com? If
so, I don't think it's really that big of a deal either. Repeated requests,
typically, are the cause of the sorry/continue page, so I can't see how
_mor
Jann, you know what's even worse than someone being a dick for no
reason? Someone being a _stupid_ dick for no reason. In case you're
unaware, the word "massive" was completely absent from this thread
until YOU attempted to put it in someone elses' mouth. Beyond that,
since you want to rip apart an
I never saw the message from David Mah, but he's correct about the IP
thing. If X account has ever logged in from your IP, you can use things
like the phone number to recover the account. But for obvious reasons, the
phone number typically doesn't seem to work otherwise, so this supports the
IP-his
You don't need to know it. [vanityname]@facebook.com should work just fine.
For example, if my Facebook URL were:
http://facebook.com/adampapsynet
Then you'd be able to reference that account using adampapsy...@facebook.com
.
That was the biggest shocker to me, when they started auto-creating th
You know what's funny? Their privacy policy
http://www.trustlook.com/privacy/
Specifically, the part that says:
If you wish, you may contact us instead via non-cellular telephone at the
> numbers provided at various locations on our sites or, *in the case of
> our health plan members*, at the Mem
Corda Path Disclosure and XSS
FOREGROUND SECURITY, SECURITY ADVISORY 2013-002
- Original release date: July 12, 2013
- Discovered by: Adam Willard (Software Security Analyst at Foreground Security)
- Contact: (awillard (at
>>Haven't tried but lets say we can copy the SAM off the box somehow,
recovery console is running as system which can read the SAM and
Did Candlejack get you or somethi
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclo
e which is
> included in this nasty group of bugs.
> It's honestly hard to believe that companies would use this vendor at all
> considering that there are so many other great options out there
> *cough*google apps provides erp*cough*.
> I do appreciate you raising that conce
That's a very valid point, Dan. I don't use WP personally, but the feature
you're talking about, is that a core feature? Or is it offered by some
[potentially 3rd party] addon? If it's core, and this is really how they're
responding, that's mind boggling.
Why wouldn't they simply offer it as a fea
Just as a note, you can also use their normal domain instead of rp4me.com.
i.e. jetblue.eresourceplanner.com works in addition to jetblue.rp4me.com.
Do you know if the passwords are hashed/salted in the database? Or are they
all plaintext? This looks like it could become huge overnight. Especially
>IT's open source. You're allegedly a security expert. Start auditing the
code and let us know what you find. :)
>(And hey - it would be worth it. The guy who finds an O(1) hole in Tor is
going to pick up some serious street cred.)
No more source for street cred, them days is dead. Ray's got AKs
So fail 2 ban fails 2 ban the right person? Is that so? Tell us more, KKK.
On Tue, Jul 2, 2013 at 8:28 AM, wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> ___
>
> Mandriva Linux Security Advisory
tools page:
http://www.aperturelabs.com/tools.html
enjoy!
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 20 7993 2690
Suite 117 Fax: +44 (0) 20 7691 7776
61 Victoria Road
Surbiton
Surrey mailto:a...@algroup.co.uk
KT6 4JX
Name: Multiple SQL Injection vulnerabilities in
Disk Pool Manager (DPM)
Author: Adam Zabrocki ()
Date: November 27, 2009 (Yes, it's very old bug ;P)
Description:
LCG Disk Pool Manager (DPM) has been developed as
Screenshot for anyone who might have missed it (before cache is removed):
http://img842.imageshack.us/img842/7351/sansphpportscannerfdpng.png
On Thu, Mar 7, 2013 at 7:53 PM, adam wrote:
> The original page has been deleted?
>
>
> On Thu, Mar 7, 2013 at 7:50 PM, Christian Sci
The original page has been deleted?
On Thu, Mar 7, 2013 at 7:50 PM, Christian Sciberras wrote:
> Andrew,
>
>
> You realize this guy is trying to advise people through a tutorial?
> It's not like we're talking about average Joe shipping buggy software...
> people *teaching bad practices,* especial
That's so weird, I've lived where I've lived since 2009 and have never saw
any networks with that name until about 12 hours ago. Then by complete
chance, it's mentioned here today.
On Sat, Mar 2, 2013 at 8:29 PM, Reed Loden wrote:
> Check your nearby WiFi SSIDs for "FBI Surveillance Van". That's
HDCP has been broken for a long time, but I was curious as to how
difficult it was to recover specific device keys.
Turns out not very:
http://adamsblog.aperturelabs.com/2013/02/hdcp-is-dead-long-live-hdcp-peek-into.html
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 20
On 11/02/13 09:11, Adam Laurie wrote:
> The Atmel AT91SAM7XC series of microprocessors contain a crypto
> co-processor which is DES and AES capable. They include a write-only
> memory for key storage and multiple physical security measures to
> prevent decapping etc.
>
> Ho
line, but they
were just in the wrong place at the wrong time... (cyber)war is heck!
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 20 7993 2690
Suite 117 Fax: +44 (0) 20 7691 7776
61 Victoria Road
Surbiton
Surrey
For what it's worth, I've published a disassembler for the Atmel MARC4
(a 4 bit Harvard micro):
https://github.com/AdamLaurie/marc4dasm
Enjoy!
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 20 7993 2690
Suite 117 Fax: +44 (0) 20 76
His question seemed pretty clear to me. As indicated in the article he
linked to, Google apparently raised their bounty/reward. He's asking if
something happened to one of their products to cause that, or if they're
just paranoid (and maybe expecting something to happen to one of their
products).
Hi
Dear Sir,
I have drank 5 cans of Pepsi today.
I can discuss with authority responsible.
Best Regards
On Sat, Oct 27, 2012 at 11:55 AM, kaveh ghaemmaghami <
kavehghaemmagh...@googlemail.com> wrote:
> Hi
> Dear Sir,
> I have reached 12 crashes during Microsoft Windows Help program test.
> I can
lszen]
Full details here:
http://rfidiot.org/
enjoy!
Adam
--
Adam Laurie Tel: +44 (0) 20 7993 2690
Suite 117 Fax: +44 (0) 20 7691 7776
61 Victoria Road
Surbiton
Surrey mailto:a...@algroup.co.uk
KT6 4JX
Usually when we talk about bypassing antivirus software, and especially when
we talk about antivirus programs like NOD32, Kaspersky, BitDefender. We
automatically think about deep coding knowledge, using undocumented APIs or
using Zero days exploits, but this is not always true, since by applying
s
=== intro ===
TP-LINK TL-WR340G is a SOHO router with integrated IEEE 802.11b/g AP.
Now it's marked End-of-Life.
Transmitting crafted frames in proximity of working router cause device
to malfunction. Wireless communication stops, existing clients don't
receive frames from AP ( except beacons
://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/
Project: https://github.com/tlhunter/neoinvoice
--Adam Caudill
http://adamcaudill.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-char
+1 for wget - that's about the only "safe" option. That way there's no JS
execution / rendering, so little to worry about.
On Aug 1, 2012 7:00 AM, "Christian Sciberras" wrote:
> I use Internet Explorer 6 on Windows XP, obviously!
>
>
> On a more serious note, I doubt there's a safer alternative,
The open source Spark IM client from Ignite Realtime has a feature
that can save the user's password - this password is stored insecurely
due to the use of a static encryption key.
The password is stored in a file called "spark.properties" and is
encrypted with Triple DES in ECB mode. The problem
>From IObit: "Protected Folder is designed to password-protect your folders
and files from being seen, read or modified in Windows 7, Vista, XP and
Server 2008, 2003. It works like a safety box, just drag and drop the
folders or files you want to hide or protect into Protected Folder, then no
one c
NGR Bot (also known as Dorkbot) was examined to be a user-mode rootkit that
could be remotely controlled via Internet-Relay-Chat (IRC) protocol. It was
designed with the intention to steal digital identity, perform denial of
service, and manipulate the domain name resolution.
It spreads via Recycl
In today's Information age, data is very crucial for every organization.
Data loss for any organization can have a very negative impact financially
as well as reputation wise. Generally organizations are aware of the
information they are revealing through different online mediums, but what
about th
Data protection mechanism introduced in iOS 4 protects the sensitive data in
files on the file system and items in the keychain by adding another layer
of encryption. Data protection uses the users passcode key and the device
specific hardware encryption keys to generate a set of class keys which
A backdoor shell can be a PHP, ASP, JSP, etc. piece of code which can be
uploaded on a site to gain or retain access and some privileges on a
website. Once uploaded, it allows the attacker to execute commands through
the shell_exec () function, upload/delete/modify/download files from the web
serve
Dnia 2012-05-17, czw o godzinie 10:32 -0400, valdis.kletni...@vt.edu
pisze:
> On Wed, 16 May 2012 23:49:40 +0200, Adam Zabrocki said:
>
> > so the latest update has this fix but still official ISO has old kernel.
> > Fix was applied
> > in March/April. So again _sock ker
pped at the fixed location mentioned.
>
>
> --Dan
>
As I refered before VSYSCALL is at fixed address but it became as
known issue:
https://lkml.org/lkml/2011/8/9/274
Best regards,
Adam
signature.asc
Description: This is a digitally signed message part
__
Dnia 2012-05-16, śro o godzinie 23:09 +0200, Tavis Ormandy pisze:
> On Wed, May 16, 2012 at 11:49:40PM +0200, Adam Zabrocki wrote:
> > Hi Tavis,
> >
> > Yes this is stock kernels and yes you must believe it is so simple mistake
> > ;)
> > All systems was instal
ernel developers list I found a problem and gentle fix:
http://lists.opensuse.org/opensuse-kernel/2012-03/msg00056.html
so the latest update has this fix but still official ISO has old kernel. Fix
was applied
in March/April. So again _sock kernels_ have/had so simple mistake ;)
Best regards,
e private mail :)
Best regards,
Adam
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hi Tavis,
I've checked with the same result:
*) Fedora 16
*) latest Ubuntu
*) latest Suse
Best regards,
Adam Zabrocki
--
pi3 (pi3ki31ny) - pi3 (at) pi3 com£ pl
http://pi3.com.pl
___
Full-Disclosure - We believe in it.
Charter:
ess memory layout and analyse every bytes from
this address range you can find some useful instruction not only that
which I listed in this lame write-up.
Btw. I wonder why no-one point this out before...
Btw2. Go and write reliable exploit for kernel 3.x ;p
Best regards,
Adam Zabrocki
>And you get somebody else's hash value, how?
It's present in the OP's code, so I'd assume Google [eventually] or
visiting a vulnerable page. The question is: how secure is the backend?
Imagine someone getting your hash, creating a specially crafted cookie, and
injecting code on your "view my stol
Sharing source code with peers is one thing; sharing secrets over a public
medium is another. The all-seeing eye of Google has no mercy, and once the
secret has been seen, indexed, and copied to clone sites, it is no longer a
secret. Now combine the search power of Google with the computational pow
Guys, this is a fake release, someone spoofed my email and sent this out
as a joke to mock the wicd release from last week. Please note that if you
click on the links, there is nothing there concerning this.
>
> On 04/17/2012 02:48 AM, Adam Behnke wrote:
>> Immunity Debugger Remo
Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2:
http://seclists.org/fulldisclosure/2012/Apr/123
The posting was incorrect, the vulnerability was NOT in Backtrack but in
wicd, no Backtrack contributed code is vulnerable. When we tweeted and
emailed to mailing lists the notific
wicd Privilege Escalation 0Day
Tested against Backtrack 5, 5 R2, Arch distributions
Spawns a root shell. Has not been tested for potential remote exploitation
vectors.
Discovered by a student that wishes to remain anonymous in the course CTF.
This 0day exploit for Backtrack 5 R2 was discovered
During vulnerability assessment or penetration testing, identifying the
input vectors of the target application is a first step. Sometimes, when
dealing with Web application testing, verification routines related to SQL
injection flaws discovery are restricted to the GET and POST variables as
the u
We all know that hackers are constantly trying to steal private information
by getting into the victim's system, either by exploiting the software
installed in the system or by some other means. By performing routine
updates for their software, consumers can protect themselves, patching known
vulne
More information can be found here:
http://blog.pi3.com.pl/?p=310
Best regards,
Adam
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Mexican drug trafficking organizations are increasingly demonstrating a
desire to make money from cyber-crime, attracted by the high profits and
minimal risks, offered by such activities as fraud, theft, and piracy. These
gangs lack the needed technical know-how within their ranks, which means
they
ssage has generated about 300 votes in the first 15
> minutes, making it the second score behind "divx" for now on.
>
> Thank you, and sorry for inconveniences (if any) !
>
> On Fri, Mar 23, 2012 at 1:59 PM, adam wrote:
>
>> That's pretty clever. But i
On February 17th the CNN published an interesting article, where some
Syrian's regime opponents claimed that the government was using a Trojan to
monitor and disrupt the protestor's network. Apparently the regime has been
using a well-known social engineering technique: impersonate a trusted
person
All data sent by the browser to a Web application, if used in a SQL query, can
be manipulated in order to inject SQL code: GET and POST parameters, cookies
and other HTTP headers. Some of these values can be found in the environment
variables. The GET and POST parameters are typically entered
Two people can interview for a position who look to be nearly equal in terms
of experience, yet a hiring manager comes away with a strong recommendation
to hire one and not the other. Or sometimes there are even instances in
which someone may appear to be even stronger in terms of experience and
tr
would not count exploits *of* the host node, such as via a
bad PHP script installed there. I'm looking for any case where someone
has been able -- with only access to a container -- to break out.
--
Adam Ierymenko
Application Security Specialist
Government Contractor with STG, Inc.
NOAA: Nat
A new write up at InfoSec Institute on circumventing NAT. The process works
in the following way. We assume that both the systems A and B know the IP
address of C.
a) Both A and B send UDP packets to the host C. As the packets pass through
their NAT's, the NAT's rewrite the source IP address t
DISCLAIMER: InfoSec Institute received an anonymous submission concerning
the leaked pcAnywhere source code. The article is published here, we have
redacted any code snippets or other pieces of source code that were included
in the original article. Otherwise it has been left unedited/unaltered.
If by crazy, you mean a spammer: absolutely.
On Sat, Feb 18, 2012 at 4:45 PM, Jerome Athias wrote:
>
> Sorry, I am just crazy
> \x90
>
> Sujet: RE: Vulnerability conceptual map (UNCLASSIFIED) Date : Sat, 18
> Feb 2012 16:37:45 -0500 De : WOLFKIEL, JOSEPH L CIV DISA PEO-MA
>Répondre à :
>
According to Gmail:
Errors or weaknesses in software code are exploited
by bad guys.
Worse, other villains introduce features
malveuillantes privateurs in their programs. For example,
Windows, MacOS, iOS (in iThings), Flash Player, Kindle,
Playstation 3.
The features called "security" prote
Good point, well said. Should have called it a technique. Will do so in other
postings elsewhere.
-Original Message-
From: InterN0T Advisories [mailto:advisor...@intern0t.net]
Sent: Tuesday, February 14, 2012 1:05 PM
To: Adam Behnke
Cc: full-disclosure@lists.grok.org.uk
Subject: Re
To explain:
Whenever there is a query for a domain which is not in the resolver's cache,
the process happens by traversing through the entire DNS hierarchy from the
root servers to the top-level domain (e.g., .com). The top-level domain
(TLD) then gives us the information about the name server tha
InfoSec Institute researcher Quaker Doomer explores various phishing sites
to see what the phishers are doing behind the scenes:
http://resources.infosecinstitute.com/attacking-the-phishers/
___
Full-Disclosure - We believe in it.
Charter: http://
I have to admit that I've only read the posts here, haven't actually
followed the link, but in response to Gage:
It entirely depends on how it's being done, specifically: what
services/applications are being targeted and in what way. If he's proxying
through "big" servers such as those owned by Fa
In case the OP hasn't seen this:
http://boingboing.net/2012/02/10/iran-attacks-internet-access-o.html
https://lists.torproject.org/pipermail/tor-talk/2012-February/023070.html
On Sun, Feb 12, 2012 at 12:58 AM, Sebastian Rakowski wrote:
> thought they filtered specific URLs, but now they filter a
Hello, one of InfoSec Institute's security researchers reverse engineered a
new botnet that is active for the Android platform. RootSmart has some
unique features that make it newsworthy:
. Takes advantage of Gingerbreak exploit to take control of Android device
. The main malware payload is a roo
An InfoSec Institute Review on Creating backdoors using SQL Injection:
http://resources.infosecinstitute.com/backdoor-sql-injection/
A novel technique that highlights the risk of not chrooting your SQL
servers.
___
Full-Disclosure - We bel
It should be noted that you can use webmaster tools to speed up the process
of having pages removed (once the meta tag is present on them). Also, it
may be hit or miss but you could try using google.com/addurl to speed up
the reindexing of those pages once the meta tag has been removed.
On Thu, Fe
I'm impressed that Andrew continues to maintain the "dumbest person on FD"
position without actually being on FD.
On Wed, Jan 25, 2012 at 5:26 PM, xD 0x41 wrote:
> You are not anonymous, you are reachable anywhere in the world.
>
>
> hahah yes sir.
> suck my dick now, and stfu, actually no keep
If we cared, we'd visit that site of our own volition. Secondly, even if we
were interested: most of the people on these lists are intelligent enough
not to click on links from spammers. Third, even if the content were
interesting, even if this were the place for it and even if you hadn't
spammed:
Although irrelevant, that's the exact reason I never finished "The Social
Network" movie. The entire thing was beefed up with buzzwords and technical
terms in an attempt to make it appear more intelligent, which ultimately
had the exact opposite effect.
On Fri, Jan 20, 2012 at 5:10 PM, James Condr
For some reason, that 9/11 comment actually made me laugh.
Regarding the actual issue: are you behind a proxy? Open network? I've
gotten the same error from Google in the past, as I'm sure many have, and
it has almost *always* been related to IP address, rather than
account/browser/etc. Is it poss
Plus:
https://www.google.com/?#q=arbitrage&tbs=dfn:1&fp=1
On Mon, Jan 9, 2012 at 2:05 PM, Jeffrey Walton wrote:
> On Mon, Jan 9, 2012 at 1:49 PM, Memory Vandal wrote:
> >
> > On Tue, Jan 10, 2012 at 12:11 AM, Jeffrey Walton
> wrote:
> >>
> >>
> >> I believe the term is "arbitrage" (not roundi
In any case, the concept is pretty interesting. It's not a vector that most
people would think of when securing their applications/servers. At least,
most people I've come in contact with, anyway.
On Thu, Dec 29, 2011 at 12:59 PM, sd wrote:
> This is practically limited to java, 32bit python and
ty is executed like it should
be
(negative offsets). Second column is byte which is read out-of-bound.
How to run this very primitive Proof of Concept?
$ gcc p_cve-2011-4362.c -o p_cve-2011-4362
$ ./p_cve-2011-4362
...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3&
Hello, a recent article here on how to perform forensics investigations on
Firefox with SQLite Manager:
http://resources.infosecinstitute.com/firefox-and-sqlite-forensics/
This is relevant because it is easy to install, doesn't require you to buy a
$4,000 forensic software tool (Encase, FTK
Ever wanted to learn how to hack a VLAN? Here is a tutorial for all of you:
http://resources.infosecinstitute.com/vlan-hacking/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Worked for me a little while ago, but original thread (and most recent
replies) are saying it's been patched.
On Tue, Dec 6, 2011 at 9:36 AM, darway yohansen wrote:
> I just tested this and i don't get the same options as in step 5 " *Help
> us take action by selecting additional photos to includ
Pretty sure it's supposed to be:
http://de-motivational-posters.com/images/karma-sometimes-assholes-get-what-they-deserve.jpg
On Tue, Dec 6, 2011 at 10:34 AM, Thor (Hammer of God)
wrote:
> No workie.
>
> ** **
>
> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-b
gt;
> altho, i dont like you, atleast, you see a fool as i do.
> unfortunately, your not much better.
>
>
> On 2 December 2011 13:05, adam wrote:
> > Also, not to beat a dead horse, but..
> >
> >>>- cover cost of upstream bandwidth, the list is currently at 6
;
, passwords.txt <http://dazzlepod.com/site_media/txt/passwords.txt> and
uniqpass_preview.txt<http://dazzlepod.com/site_media/txt/uniqpass_preview.txt>
to
the world:
C:\Users\adam\Desktop>ls -la uniqpass_preview.txt | gawk "{print $5}"
19855177
C:\Users\adam\Desk
>>- reduce abuse
The concerning part is that you're serious. Tell me, how does someone
paying for a list of STOLEN passwords reduce abuse?
This email, your obsession with LulzSec and the disclaimer on your site
make it pretty clear where the information is coming from, so what kind of
abuse poten
Hello full disclosureites, a new tutorial is available at InfoSec Institute
review from Andrew King on writing self modifying code. This is part one of
a three part series:
http://resources.infosecinstitute.com/writing-self-modifying-code-part-1/
In subsequent parts, Andrew will demonstrate how t
>>You really need to take this test ->
http://psychologytoday.tests.psychtests.com/take_test.php?idRegTest=3040
How'd I do? http://pastebin.com/HKYc11AR
On Wed, Nov 23, 2011 at 9:44 AM, wrote:
> I suppose the real question is, what is more important, that its linux
> or that its secure by defau
Am I the only one thinking it will be like the Hotel Coral Essex from
Revenge of the Nerds II?
On 11/03/2011 03:28 PM, adam wrote:
"The rewards on offer will range from top-of-the range merchandise to
two major annual rewards such as free hotel accommodation and entry to
an IT sec
"The rewards on offer will range from top-of-the range merchandise to
two major annual rewards such as free hotel accommodation and entry to
an IT security conference chosen from a list of the most popular
global security conferences"
I'm especially curious to see exactly what the merchandise is.
Hello full disclosurites, what do you think about security in public APIs?
Dan Morrill here at InfoSec Institute writes about how to insecurely and
securely use APIs in the Facebook SDK:
http://resources.infosecinstitute.com/api-security/
Your thoughts?
http://seclists.org/fulldisclosure/2011/Oct/779
On Wed, Oct 26, 2011 at 2:59 PM, wrote:
> Has anyone read this yet?
>
> http://www.thc.org/thc-ssl-dos/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-ch
http://home.no/exploited/exploits/kmodaxx.c (almost[?] identical code,
claims to be a remote kernel root exploit)
http://www.securitylab.ru/forum/forum32/topic3728/?PAGEN_1=2 (very similar
code, claims to be an IIS exploit)
http://seclists.org/fulldisclosure/2003/Jun/456 (didn't read entire thread,
Yeah guys, XSS is nonsense. Exploiting anchor text is where it's at, right
secn3t?
http://seclists.org/fulldisclosure/2011/Jun/215
On Sun, Oct 9, 2011 at 7:10 PM, xD 0x41 wrote:
> No, i have been through these, and only an idiot would fall for any of
> these attacks... Persistent XSS maybe hard
;
> I dunno china offers usa that kind of support all the time . or so
> i heard
>
> On Tue, 4 Oct 2011 21:41:08 -0500, adam wrote:
>
> Wow, I'm extremely impressed with the support that the developer of this
> exploit offers. I had been trying to get the expl
would have otherwise never existed. Same with the EFF. It gives,
even if only a tiny amount, some hope in situations where you'd otherwise be
completely helpless.
On Tue, Oct 4, 2011 at 10:26 PM, wrote:
> On Tue, 04 Oct 2011 22:04:40 CDT, adam said:
>
> > >>"Good point J
h proof that he was
set up - no one's gonna believe a pervert. It's just something that I've
thought about a lot, and I wonder how many others have as well (and I
especially wonder if anyone has ever attempted it).
On Wed, Oct 5, 2011 at 12:06 AM, Laurelai wrote:
> On
eged] crimes when their term is up.
> >
> > Who are the real terrorist against our [US] democracy?
> >
> > Jeff
> >
> >> On 5 October 2011 15:10, Laurelai wrote:
> >>> On 10/4/2011 6:50 PM, adam wrote:
> >>>
> >>> "That
uld it really be that difficult to pin the
attacks on them and convince a judge that they were responsible?
On Tue, Oct 4, 2011 at 9:37 PM, Jeffrey Walton wrote:
> On Tue, Oct 4, 2011 at 10:32 PM, adam wrote:
> >>>
> http://www.justice.gov/usao/eousa/foia_reading_room/us
Wow, I'm extremely impressed with the support that the developer of this
exploit offers. I had been trying to get the exploit to work for about an
hour or so (couldn't get root on the target) and noticed that the developer
of this exploit logged into my machine (using an old account I must have set
1 - 100 of 278 matches
Mail list logo
