is available.
The following is the MD5 hash for the advisory file.
$ md5sum.exe research.txt
3db1d71fc3a0eae119617b3b1124206f *research.txt
Regards,
- --
pagvac
[http://gnucitizen.org, http://ikwt.com/]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)
iD8DBQFGgsGdjXB4hX6OC
is available.
The following is the MD5 hash for the advisory file.
$ md5sum.exe research.txt
3db1d71fc3a0eae119617b3b1124206f *research.txt
Regards,
- --
pagvac
[http://gnucitizen.org, http://ikwt.com/]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)
iD8DBQFGgsJGjXB4hX6OC
/servlet/Satellite?c=L_CASupport_C2childpagen
ame=US%2FLayoutcid=1166859889040pagename=Linksys%2FCommon%2FVisito
rWrapperlid=8904040638B02displaypage=download#versiondetail
== References ==
http://www.linksys.com/
== Credits ==
pagvac [ikwt.com] and Petko Petkov [gnucitizen.org]
___ END
/servlet/Satellite?c=L_CASupport_C2childpagen
ame=US%2FLayoutcid=1166859889040pagename=Linksys%2FCommon%2FVisito
rWrapperlid=8904040638B02displaypage=download#versiondetail
== References ==
http://www.linksys.com/
== Credits ==
pagvac [ikwt.com] and Petko Petkov [gnucitizen.org]
___ END
$
Cheers,
endrazine-
pagvac a Ã(c)crit :
On 2/17/07, Marcin Antkiewicz [EMAIL PROTECTED] wrote:
On Sat, 17 Feb 2007, pagvac wrote:
The following script might also help find Solaris telnet servers on
your network.
[...]
for IP in `cat $IPSFILE`
do
echo Trying $IP
Cisco Routers as we all know them?
--Fabian
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pagvac
[http://ikwt.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pagvac
[http://ikwt.com/]
___
Full-Disclosure - We believe
On 2/17/07, Marcin Antkiewicz [EMAIL PROTECTED] wrote:
On Sat, 17 Feb 2007, pagvac wrote:
The following script might also help find Solaris telnet servers on
your network.
[...]
for IP in `cat $IPSFILE`
do
echo Trying $IP ...;
if nmap -P0 -n -p23 -sS $IP | grep -i
://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pagvac
[http://ikwt.com/]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
a blog in a two-shots attack.
More info can be found on the following URL:
http://www.gnucitizen.org/blog/csrf-ing-blogger-classic
--
pagvac
[http://ikwt.com/]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
FYI, it appears this issue was reported way back in August 2006 by RSnake:
http://ha.ckers.org/blog/20061122/programmatic-password-theft-is-back/
On 11/24/06, pagvac [EMAIL PROTECTED] wrote:
RCSR (Reverse Cross-Site Request) attacks discovered by Robert Chapin,
make the theft of passwords
in Sage, Firefox will show NO SECURITY WARNING to the user whatsoever.
More on Firefox not showing security warnings when launching evil HTML
files locally:
http://www.gnucitizen.org/blog/web-pages-from-hell-2/
--
pagvac
[http://ikwt.com/]
___
Full
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pagvac
[http://ikwt.com/]
Title: BID 19347 specially-crafted html page - vuln found by Ginsu
Sorry, I meant to say the ATM machine *hack* reported on Wired
magazine. Damn it, I need to get used to proofreading what I type
before posting! :-)
On 9/23/06, pagvac [EMAIL PROTECTED] wrote:
On 9/22/06, Paul Schmehl [EMAIL PROTECTED] wrote:
--On Thursday, September 21, 2006 17:14:40 -0700
/-- pagvac[http://ikwt.com/]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
/projects/dnsmap/dnsmap-win32-latest.zip
P.S.: please, remember all this tool does is resolve subdomains. *No*
packets are sent to the bruteforced subdomains.
--
pagvac
[http://ikwt.com/]
$ dnsmap google.com
dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net
-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pagvac
[http://ikwt.com]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
Check this out:
http://seclists.org/lists/fulldisclosure/2006/Feb/0591.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On 2/14/06, Jason Coombs [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
https://download.foundstone.com/?o=^2155
Now that's just plain sloppy.
But at least it's SSL-secured.
SSL provides privacy *not* security (web server/application is still
vulnerable to attacks).
Also, this https
of identity theft
against a whole corporation. In this case Adobe.
DanBUK
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pagvac
http://firewallmovie.warnerbros.com/cmp/trailer.html?id=trailer
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
doesn't seem to resolve at this moment.
www.paypal.25u.com does of course look more legitimate than some
random IP address in which the word paypal is not included.
--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust
___
Full-Disclosure - We
I don't know how new this is to be honest.
I just made a comment to the list because it was the first phishing
email I received that uses dynamic DNS and thought it was interesting.
On 12/12/05, Barrie Dempster [EMAIL PROTECTED] wrote:
On Mon, 2005-12-12 at 10:22 +, pagvac wrote:
I got
On 12/12/05, Florian Weimer [EMAIL PROTECTED] wrote:
* pagvac:
The interesting thing about this attempt is that the phisher seems to
be using a dynamic DNS service to gain the trust from the victim.
to gain trust? Hm?
Yes.
What I mean is that the average user will trust more an URL when
On 11/29/05, Andrew Simmons [EMAIL PROTECTED] wrote:
pagvac wrote:
Again, my testing is based on today's reality which is that most
Windows users use administrative accounts for regular tasks such as
web browsing and using their email clients.
er, not really. Home users, perhaps
Beta Messenger cleartext credentials in process
memory still exist on the current version.
googles answer for this issue:
plain char - hex char
6ackpace
On 11/29/05, Jaroslaw Sajko [EMAIL PROTECTED] wrote:
pagvac wrote:
Title: Google Talk Beta Messenger cleartext credentials in process
Someone with more time than me please report the following scam:
http://210.202.161.99/us/Account_verification/webscr-cmd=_login/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored
On 11/29/05, Dave Korn [EMAIL PROTECTED] wrote:
pagvac wrote in
news:[EMAIL PROTECTED]
Google Talk stores all user credentials (username and password) in
clear-text in the process memory. Such vulnerability was found on
August 25, 2005 (two days after the release of Google Talk) and has
Title: Google Talk Beta Messenger cleartext credentials in process memory
Affected versions: 1.0.0.64 (this version is believed to be the first
one released to the public)
Vendor contacted: 25/08/05
Patched version released: 29/08/05
Advisory released: 28/11/05
Author: pagvac (Adrian Pastor
Naming the folder notepad.exe (without quotation marks) also does the trick.
Any Windows gurus out there willing to explain why this happens?
--
pagvac (Adrian Pastor)
www.ikwt.com
On 11/24/05, Native.Code [EMAIL PROTECTED] wrote:
Weird! haha :-) )
On 11/24/05, Stelian Ene [EMAIL
notify the sender immediately and delete all copies .
--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
/23/05, pagvac [EMAIL PROTECTED] wrote:
In my opinion penetration testing is nothing more than legal cracking.
Breaking into computers doesn't make you a hacker.
I can teach my girlfriend how to run nessus over the Internet and use
the Metasploit web interface in a few hours. In just one day I
On 11/22/05, Michael Holstein [EMAIL PROTECTED] wrote:
If it is the case that these rootkits have been going to radio
stations, the press, etc since 2002 ... there could be some trouble (I
help out at a small independent radio station) cause im sure a lot of
the big American radio stations
33 matches
Mail list logo