Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

2011-11-23 Thread dave bl
On 23 November 2011 21:37, wrote: > >> If you can't, maybe you can name other, more secure Linux distro in >> which your 10 ways do not work. > > OpenBSD? :P What a great choice for a secure linux distribution ;) ___ Full-Disclosure - We believe in it

Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

2011-11-13 Thread dave bl
On 13 November 2011 04:27, Darren Martyn wrote: > Off topic (kinda) but with all this talk on SCAPY, has anyone a good > reference on using it IN a python script for crafting/reading packets? Me > and a friend wanted to write a python version of Ettercap/dsniff using the > SCAPY libraries as a cha

Re: [Full-disclosure] Symlink vulnerabilities

2011-10-25 Thread dave bl
On 26 October 2011 10:40, Michal Zalewski wrote: >> I think someone fed bugtraq archives into scigen. > > I thought we're doing Twilight fanfic instead? > > /mz I hate that thing :< (/me unsubscribes). ___ Full-Disclosure - We believe in it. Charter: h

Re: [Full-disclosure] Symlink vulnerabilities

2011-10-21 Thread dave bl
On 22 October 2011 15:39, Michal Zalewski wrote: >> In any case, the *right* answer isn't to play whack-a-mole fixing /tmp races, >> what you should be doing is using pam_namespace or similar so each user gets >> their own /tmp namespace. > > That would result in counterintuitive behavior, I suppo

Re: [Full-disclosure] [Full-flame-war] There used to be a security mailing list at this address.

2011-10-14 Thread dave bl
On 15 October 2011 14:11, Thor (Hammer of God) wrote: > Haven't we made it to the point where top posting is OK?  I mean, it works > from a Ped Xing standpoint, why not here?  It is REALLY that bad? I thought this was a security mailing list not an exercise in "how not to do it" TM. Also, "top-p

Re: [Full-disclosure] Apache 2.2.17 exploit?

2011-10-03 Thread dave bl
On 4 October 2011 02:36, Dan Dart wrote: > "You need to be root to use raw sockets" - yeah... I do... Of course you do! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored

Re: [Full-disclosure] Twitter URL spoofing still exploitable

2011-09-27 Thread dave bl
On 28 September 2011 01:00, Mario Vilas wrote: > On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky wrote: >>> >>> Ok, now nobody can spoof a URL, but how come a user will tell good >>> URLs and bad ones apart? Oh boy! >>> >> >> Wherever did you get the idea that users can do this? > > Jokes apart, I