On Tue, 16 Oct 2007, [EMAIL PROTECTED] wrote:
Zero day PDF exploit for Adobe Acrobat
Workaround:
Currently unavailable.
Does Adobe's published workaround not work?
http://www.adobe.com/support/security/advisories/apsa07-04.html
___
On Thu, 11 Oct 2007, pdp (architect) wrote:
Thor, with no disrespect but you are wrong. Security in depth does not
work and I am not planning to support my argument in any way. This is
just my personal humble opinion. I've seen only failure of the
principles you mentioned. Security in depth
Well, what is your definition of Security in Depth?
On Thu, 11 Oct 2007, pdp (architect) wrote:
gboyce, cheers... nice example! although I had something else in mind.
maybe I shouldn't have used the term security in depth since your
version differs a bit from mine. I guess different semantics
On Fri, 7 Sep 2007, hack the gov wrote:
i forgot to add it was a blackberry vulnerability that got the
pentagon hacked, i discussed this with you on freenode last night.
there is no actual evidence to back any of this up due to the
classified nature of the pentagon and its public relations
On Thu, 6 Sep 2007, hack the gov wrote:
beginning of conspiracy--
the us hacked the chinese and the chinese found the attack method on
their honeypots. the chinese reversed engineered the hack. the chinese
were curious about the hack, so probed the pentagon with the hack, the
hack worked.
On Thu, 13 Jul 2006, David Taylor wrote:
Curious why Secunia is rating this as 'less critical'. The way I see it,
this exploit could be integrated into the other exploits for mambo, joomla,
phpbb, etc. Also, all of us that have websites hosted on linux machines
that have a vulnerable kernel
On Thu, 1 Jun 2006, Josh L. Perrymon wrote:
Has anyone successfully performed SQL injections usinf RFID tags? I looked
at a few papers but know it's not widespread.
I'm thinking about getting an IPAQ and an RFID reader/writer to play around
w/ this stuff.
On Thu, 25 May 2006, [EMAIL PROTECTED] wrote:
On Thu, 25 May 2006 12:27:07 EDT, Scott Forrest said:
I would think it would be a matter of negligence if the previous IT
Consultant setup wireless access for Hotel Customers to use that also
had direct access to the Hotel's network in some way
On Thu, 20 Apr 2006, n3td3v wrote:
On 4/20/06, Morning Wood [EMAIL PROTECTED] wrote:
Since you are hellbent on leather here... your oh so loved Securityfocus /
Bugtraq
does the same thing. Many of my own advisories are put on Bugtraq without me
submitting directly. I guess http://www.osvdb.org
On Fri, 31 Mar 2006, [EMAIL PROTECTED] wrote:
On Fri, 31 Mar 2006 09:21:13 EST, Michael Holstein said:
Trivial to defeat. Just boot in to single user mode with these kernel
options:
single init=/bin/bash
Again .. only due to initial misconfiguration.
Nobody should allow alternate
On Fri, 31 Mar 2006, [EMAIL PROTECTED] wrote:
On Fri, 31 Mar 2006 12:33:28 EST, gboyce said:
In which case the person needs to remove the hard drive, and put it into a
different system for the modifications (or mirroring).
Time constraints. The amount of time needed to pop in a disk
[Advisory] # [Thu Mar 16 13:54:39 EST 2006] # Integer Overflow in Apple iTunes
8===D~~
1. BACKGROUND
This problem has no background.
8===D~~
CONTACT
Gregory Boyce [EMAIL PROTECTED]
CISSP GSAE GREM SSP-CNSA GWAS CAP SSCP
On Tue, 14 Mar 2006, Chris Umphress wrote:
On 3/14/06, gboyce [EMAIL PROTECTED] wrote:
I tried this trick against my personal Apache 2 webserver, and got a 400
bad request as well. The apache log is showing Client sent malformed
Host header.
It looks like Apache is getting the decimal host
Ok, so what's your alternative?
You're already assuming that the user of the firewall is already misusing
SSL. They need to blindly accept unsigned SSL certificates, and changes
to the certificates. Just about any security restrictions you can apply
can be done away with if the user is
wrote:
hi there:
When I use IE 6 web browser, Apache 1.3 accept this kind of request
but Apache 2.0 doesn't.
When I use IE 7 web browser, Apache 2.0 also accept this kind of request.
2006/3/15, gboyce [EMAIL PROTECTED]:
On Tue, 14 Mar 2006, Chris Umphress wrote:
On 3/14/06, gboyce [EMAIL
On Wed, 8 Mar 2006, Security Lists wrote:
Sorry, I don't see this as amplification in your example, because YOUR dns
servers are 100% of the traffic. 1:1 ratio.
Once the first request to the nameservers is made, the object should be
cached by the nameservers. Instead of one packet to each
On Sat, 11 Feb 2006, J.A. Terranson wrote:
Yes boys and girls, it is not safe to hand your mission critical data to
ANY third party.
If your data is sensitive, keep it home.
If you don't like Google's email features, you have a choice you know.
(Hint: GO SOMEWHERE ELSE!)
Yes, it
On Sun, 12 Feb 2006, Nick FitzGerald wrote:
Go to HR, explain that the new security policy about not running Google
Desktop is make-or-break and explain why. To achieve this you may need
higher-level management buy-in, so hopefully you can threaten exposure
under HIPAA, Sarbanes-Oxley or some
Shannon,
A compromised system and a social engineering attack to get important
credential information are two very distinct problems, and will be solved
in very different ways.
For the social engineering attack, some of the methods I've seen so far in
this thread (One Time Pads, two factor
19 matches
Mail list logo