On Thu, 16 Jan 2014 14:52:37 +, Dan Ballance said:
> Well users do care about getting hacked when it happens - so maybe they do
> need to be forced to pay a little more to be secure. This also has benefits
> for e-commerce and on-line banking, credit card fraud etc
Actually, the entire credit
On Thu, 16 Jan 2014 11:30:18 +, Dan Ballance said:
> So your point is that there should be legislation to require companies to
> adhere to certain security standards? I'd support that - particularly in an
> ISP market which is clearly defined by national boundaries and law.
OK.. What standard
On Sun, 22 Dec 2013 23:45:24 +0200, "MustLive" said:
> not designed to have detailed description of vulnerabilities, just
> information about non-serious developers who hiddenly fixed multiple
> vulnerabilities in different versions of their software.
The fact they didn't tell you every single l
On Wed, 02 Oct 2013 09:52:41 +0100, catsandd0gz.dinosaursandwh0...@hushmail.com
said:
> Is anyone else super mad?
You're obviously new here. Some of us were super mad 10-12 years ago
when this shit started big time.
pgpQJlLKXcjyX.pgp
Description: PGP signature
On Thu, 12 Sep 2013 18:23:53 -0400, Jeffrey Walton said:
> They ignored my comments on fixed size arrays based on MAX_PATH and
> the subsequent overflows and silent truncations due to use of sprintf
> and snprintf
Which "they" was it?
If you're referring to this:
http://comments.gmane.org/g
On Thu, 12 Sep 2013 08:57:55 +0800, Steve Wray said:
> In some cases it could be quite difficult to disengage from NSA-influenced
> projects, eg selinux. So far as I can tell this is pretty much everywhere
> now. Redhat embraced it ages ago, its been integrated in the kernel since
> 2.6, so how do
On Sun, 18 Aug 2013 10:04:58 +0200, Jann Horn said:
> On Sat, Aug 17, 2013 at 07:50:34PM -0400, valdis.kletni...@vt.edu wrote:
> > Not all DDoS are pure bandwidth based. Consider SYN flooding, where the
> > packets sent are relatively small and often not even all that frequent, but
> > can
> > ti
On Sat, 17 Aug 2013 13:39:16 +0200, Jann Horn said:
> And yes, you're right, a DoS attack can be unsuccessful. My point was that
> this small amount of traffic shouldn't be called a DDoS because there's no
> way that the intention behind this amount of traffic was to take down that
> service with
On Sat, 10 Aug 2013 22:16:15 -0400, Pedro Luis Karrasquillo said:
> NSA picks this up remotely via a very secret SNMP command.
So has anybody ever spotted this SNMP command in a tcpdump?
Found the code that handles it in net-snmp? Cisco IOS? JunOS?
Nobody's ever caught their supervisor CPU get p
On Tue, 06 Aug 2013 16:51:39 +0200, Alex said:
> Nice finding, but how do you know the victims email address?
If you can't figure out how to social-engineer that information,
you probably need to be in some other business. ;)
pgpTYCzPk9Kmu.pgp
Description: PGP signature
___
tl;dr: Everything shipped with the same PIN of ''. Hilarity and lulz ensue.
http://www.androidpolice.com/2013/08/03/android-bluetooth-exploit-for-japanese-toilet-brings-new-meaning-to-the-word-vulnerability/
pgpedoCDpUIxu.pgp
Description: PGP signature
___
On Thu, 01 Aug 2013 22:46:55 +0200, XF said:
> So you think this is real ? All Tiers 1 would be partner with NSA ? Even in
> Europ ? This sound crazy=
Well, for a long time, the NSA was legally prohibited from spying on US
citizens,
and the British CGHQ was similarly not allowed to spy on Her Ma
On Fri, 26 Jul 2013 07:31:09 +0100, Hurgel Bumpf said:
> Just found this online.. might be of interest
> Direct PDF: http://eprint.iacr.org/2013/448.pdf
>From the fine PDF:
"The Flush+Reload attack is a variant of the Prime+Probe attack that relies on
sharing pages between the spy and the victim
On Mon, 22 Jul 2013 21:23:08 -0500, Bob iPhone Kim said:
> BUT... turns out that about half of the people we mentioned are NOT looking
> for new clients.
ironic_trombone.wav
So are you making a list of actual top consultants, or a list of
those people who have free time to read F-D precisely bec
On Sat, 13 Jul 2013 22:13:38 +0300, Moshe Israel said:
> All secured/regulated systems as required by most
> certifications/standards/best practices.
You're new in the industry, aren't you? :)
The point you're missing is that the vast majority of computers aren't covered
by said certifications a
On Sat, 13 Jul 2013 13:23:18 +0200, Alex said:
> This one is a classic, but it will fail integrity checks of
> tripwire/ossec/whatever you use.
What percent of systems actually do this?
On Sat, 13 Jul 2013 14:19:19 +0200, Alex said:
> And trigger automated incident/alarm
Trigger the automated al
On Thu, 11 Jul 2013 09:49:50 -0500, Grandma Eubanks said:
> There are already exploits for this vulnerability. This is just taking an
> entirely different approach for internally accessible systems then what's
> available, for a reason I can't yet discern.
Get some caffeine, and figure out what h
On Wed, 03 Jul 2013 10:54:09 -0500, Michael T said:
> What about keysigning among tor operators? I trust top_op1, and he trusts
> top_op2, 3, and 4, so I can trust them as well.
Chunk it through - if you make keysigning mandatory, you're probably going
to see a drop from the current 4,000 or so
On Wed, 03 Jul 2013 17:34:52 +0300, Georgi Guninski said:
> Or maybe some obscure feature deanonymize in O(1) :)
IT's open source. You're allegedly a security expert. Start auditing
the code and let us know what you find. :)
(And hey - it would be worth it. The guy who finds an O(1) hole
in Tor
On Fri, 28 Jun 2013 23:37:45 -0400, Neel Rowhoiser said:
> I just stumbled across this and despite its sort of half-assed write up, I
> think its possibly an advisory? If I am understanding it correctly, they're
> saying that you can use a directory authority that hands out invalid/wrong RSA
> keys
On Fri, 21 Jun 2013 16:33:35 +0200, Thomas Dreibholz said:
> - The host system is a 64-bit Linux (tested with Ubuntu 12.04 LTS and Kubuntu
What does 'uname -r' on the host return?
This is almost certainly a bug in either the host network stack or the
VirtualBox modules (probably one of the vboxn
On Thu, 20 Jun 2013 06:56:16 -0500, "Mark Felder" said:
> But does your exploit compile with clang?
I'm gonna have to call Poe's Law on this one. I can't tell if you're
trolling or merely confused. :)
pgpaBf1CNScQF.pgp
Description: PGP signature
___
On Mon, 17 Jun 2013 15:51:56 +0200, "ACROS Security Lists" said:
>
> Good points, Valdis, but I think we know how to do this right: an
> invalid/untrusted/unmatching certificate is not a cause for user-waivable
> warning but
> for a fatal you-shall-not-pass error. By allowing users to even go past
On Sun, 16 Jun 2013 00:51:10 +0930, Defence in Depth said:
> Microsoft Outlook (all versions) suffers from an S/MIME loss of integrity
> issue.
> Outlook does not warn against a digitally signed MIME message whose X509
> EmailAddress attribute does not match the mail's "From" address.
Congrats on
On Tue, 11 Jun 2013 19:10:53 -0400, Justin Ferguson said:
> A Canadian and what appears to be a British subject discussing the not
> so finer points of American legislation. I'm sure at some point the
> irony will become apparent.
To be fair - they appear to know more about the US Constitution tha
On Fri, 10 May 2013 17:31:57 +0300, Georgi Guninski said:
> I need a preimage for a specific MD5 hash (will be revealed in private
> message).
Although there are easy attacks to collide two texts to the same MD5 hash, the
actual hash generated is not controllable. As far as I know, there's no kn
On Tue, 23 Apr 2013 12:54:42 -0400, Gary Baribault said:
> I hope we are all here for our users and customers.
The problem is that what my users and customers want is different
from what other researcher's users and customers want
pgphJC5TPnWKk.pgp
Description: PGP signature
On Tue, 23 Apr 2013 09:22:36 -0700, Tavis Ormandy said:
> Easy and nonsense, I really hope you don't think this is about credit.
I mention the credit issue only because some people *have* gotten peeved
when they contact a vendor and the vendor issues an advisory that doesn't
give them a shout-out
On Tue, 23 Apr 2013 17:51:55 +0300, Georgi Guninski said:
> Completely disagree.
>
> IMHO nobody should bother negotiating with terrorist vendors.
>
> Q: What responsibility vendors have?
> A: Zero. Check their disclaimers.
And disclaimer or no disclaimer, there's a lot of vendors who want to
Do T
On Sat, 20 Apr 2013 20:02:12 -0400, Bryan said:
> The only point that I was trying to make is that there needs to be
> more of an investement in the security facet of software development,
> and that if a company is not willing to invest the resources to
> create a secure product, not to whine when
On Fri, 19 Apr 2013 12:30:12 -0400, l3thal said:
> looks like you are still at it heh...
procmail is your friend.
pgpwyxsjl5aNI.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-ch
On Tue, 19 Mar 2013 17:25:18 -0400, Jeffrey Walton said:
> > Many of them are based on Linux and allow
> > login to standard BusyBox with empty or
> > default credentials.
> Forgive my ignorance, but what does the authentication problem (or
> lack thereof) have to do with linux/uclibc/busybox? It s
On Mon, 04 Mar 2013 10:04:09 -0500, Jason Storm said:
> Stay frosty everyone, looks like they got an FBI sniper out there somewh
I see what you did t
pgpT1HDdo9V7D.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://
On Sat, 02 Mar 2013 18:17:46 +0200, Georgi Guninski said:
> indeed the list headers changed.
> "lightly moderated" sounds like "likely pregnant" to me.
> i suggest we move somewhere else. seriously.
You do realize that what you're *actually* seeing here is the
list headers being changed to match
On Tue, 26 Feb 2013 13:28:26 +0100, "taxakis" said:
> I have a simple question to this list:
> Do we have somewhere specified in detail who (Facebook, Apple, etc.)
> collects what exact (data) on users ?
> I do NOT mean 'in general terms' or whatever blurb these companies put on/in
> their web page
On Thu, 07 Feb 2013 20:28:31 +0100, Daniel Preussker said:
> I was looking into the net/core/dev.c from the current Kernel (previous
> also have this) and found out that ifIndex gets incremented by an
> endless loop.
>
> After creating 4 billion pseudo-eth devices I finally got it to overflow
> and
On Mon, 11 Feb 2013 04:30:29 -0800, warn...@type-error.net said:
> job / recruiter website dice.com use ancient crypt() hash function.
> passwords limited to seven characters. cracking user passwords quite
> simple. be very afraid of future hash / cracked password dump. maybe
> dice.com should impr
On Fri, 25 Jan 2013 09:57:51 +, Dan Ballance said:
> I don't personally think a degree should or shouldn't be awarded because a
> student has or has not met some kind of arbitrary moral standard. It should
> assess their abilities in computer science, not that their ethics meet with
> what the
On Thu, 24 Jan 2013 19:59:53 +0100, Stefan Weimar said:
> > 1) The kid, as part of his major, signed an ethics document.
> A better solution would have been to not do the steps 1 and 2 but make
> an NDA ("Ok, we know and you know but that's enough by now.") instead.
> I mean, some kind of respons
On Thu, 24 Jan 2013 10:16:29 -0500, Benjamin Kreuter said:
> There is also the matter of the school itself. They were presented
> with a student who had found a vulnerability, reported it, and then
> checked to see if there were still problems. Does expulsion really
> sound like a reasonable pun
On Wed, 16 Jan 2013 10:18:36 +0400, grem...@gremlin.ru said:
> On 15-Jan-2013 16:45:30 -0500, valdis.kletni...@vt.edu wrote:
> > > Also, what stops a person to file it under a company name if
> > > that's easier? I admit I'm not into this area, so I might be
> > > missing something fundamental...
On Wed, 16 Jan 2013 12:39:18 -0500, Almaz said:
> How to detect system intrusions? What are the techniques? Can one character
> difference in the output be an indicator of compromise?
Paging Cliff Stoll.. Cliff Stoll to the courtesy phone...
pgpbzm07bhB35.pgp
Description: PGP signature
On Mon, 14 Jan 2013 23:24:30 +0100, Christian Sciberras said:
> Couldn't one talk "through" a lawyer? Guess in such a case it would be a
> matter of how much you trust your lawyer.
As I said, it's doable, but *not* a slam dunk, and requires help from
both your lawyer and the judge.
> Also, what
On Mon, 14 Jan 2013 22:17:12 +0100, Christian Sciberras said:
> Valdis, we've had spam companies suing blacklist/antispam companies
> before...
> Surely an anonymous person legitimately and legally enforcing copyright
> can't be harder?
Yes, but the spam companies at least filed under their own na
On Thu, 10 Jan 2013 12:03:03 -0500, "Mikhail A. Utin" said:
> After all,a vulnerability and an exploit are intellectual products. Not
> sure copyright could be claimed, but why not?
Actually, claimed or not, if the exploit was coded in a Berne signatory
country, it's almost always automatically
On Mon, 14 Jan 2013 11:02:26 -0500, Jeffrey Walton said:
> On Mon, Jan 14, 2013 at 10:34 AM, wrote:
> > https://petitions.whitehouse.gov/petition/remove-united-states-district-attorney-carmen-ortiz-office-overreach-case-aaron-swartz/RQNrG1Ck
> >
> > Above link to remove this prosecutor needs to h
On Mon, 22 Oct 2012 15:10:54 +0800, nothacking said:
> environment is A is hacker client£¬ B is target and C is Manager center and C
> have all A and B private key.
How (and more importantly, *why*) would C ever get A's private key in the first
place?
pgpBgTl9o1ujh.pgp
Description: PGP signat
On Fri, 19 Oct 2012 03:22:04 +0330, kaveh ghaemmaghami said:
> I appreciate his analyze coz if somebody gets pwn in my network i
> don't have to spend time for reversing and analyzing this malware .
No, if you find one of these in your network, it means you have *bigger*
problems that you *do* ne
On Sat, 13 Oct 2012 14:47:20 -0400, "Hertz, Jesse" said:
> The cool thing about it is that if you are a net/sys admin, and you notice
> one of your computers has been compromised, you can pwn the C+C server.
>
> these are exploits in the C+C server, not in the installed trojan.
>
> that's why its
On Wed, 10 Oct 2012 23:25:50 +0200, Pascal Ernster said:
> I suppose it turns into a 0 day when you post it on this mailing list
> and happen to be in the mood to put the vendor's marketing division on
> BCC.
>
> -1 day could be when you ask a friend to check your mail to this ML for
> major gramm
On Mon, 27 Aug 2012 12:45:23 -0400, Igor Igor said:
> Robots.txt not supported in any printer.. too bad, all listed in all major
> search engine
/me pops off a whois query, looks at the owner of the address space,
and is amazed that Igor was only able to find 36 printers there.
> Benji, are
On Thu, 16 Aug 2012 21:29:02 +0900, Tonu Samuel said:
> He is PhD in Software Engineering and does not notice during two years
> someone posting into his Facebook account?
If it's an abandoned account that he never actually *uses* for anything, it's
conceivable. Somebody mentioned to me yesterday
On Wed, 15 Aug 2012 13:09:38 -0700, full-disclos...@grid32.com said:
> Read an interesting article on "intercepting TOR users via proxies
> Any ideas on how this could be mitigated?
Well... using TOR the way it was intended would help mitigate a lot of it.
TORButton, NoScript, SSL-Everywhere.. a
On Tue, 14 Aug 2012 14:55:41 +0900, Tonu Samuel said:
> I found that person who is spamming
> OpenCV list with "Plz visit my e-gaming site at http://."; is PhD
So... did you establish that the person doing the spamming actually *is*
that professor, or merely somebody who managed to phish the pro
On Sat, 11 Aug 2012 12:07:34 -0700, Hambone Turkey said:
> sell them anymore. FWIW I am a US citizen...so no, I'm not a spy :P
So said Aldrich Ames, Andrew Daulton Lee, Christopher Boyce, Robert Hanssen,
and John Anthony Walker.
pgpJ8grgJYjA3.pgp
Description: PGP signature
On Thu, 26 Jul 2012 09:07:33 -0400, ÐÑигоÑий ÐÑаÑиÑлава said:
> Really? Shut down is entire racks? Because you will have
> backup/standby entire 42Us?
If you can't shut down the entire rack, you've screwed up your DR and
business continuity planning.
This isn't just a problem f
On Fri, 20 Jul 2012 04:01:39 +0200, Bzzz said:
> In this matter, everybody's here knows that threatening these
> corpos of a full disclosure is the only way to go, because
> they're like kids that won't grow up and seek the least effort
> possible & max benefit way - in a word, they're irrespons
On Thu, 19 Jul 2012 21:08:47 -0400, Glenn and Mary Everhart said:
> If every copy of a program is laid out differently, and data gets moved
> around also from copy
> to copy, the job of the attacker would seem to get much harder.
As is the job of the software development team. It's really easy t
On Wed, 18 Jul 2012 09:16:29 -0400, Abdikarim Roble said:
> As some of us already explained, we are not a terrorist organization.
> It's just that we are fed-up with the fact that our society is loosing
> time. So we just decided to speed-up actions against terrorists and
> their friends. We will
On Sat, 14 Jul 2012 12:46:50 -, "Ali Varshovi " said:
> Most of the materials I've seen are more aligned to malware and rootkit
> detection which is not the only concern apparently.
It's hard to say what else to check without knowing what other concerns
you're checking for, and what data sourc
On Fri, 13 Jul 2012 07:35:13 -0500, Fatherlaptop said:
> No...more like Yoda.
https://plus.google.com/photos/104234302931579992973/albums/5756965881020743937/5756965879525909730
pgpibzlz8hQW4.pgp
Description: PGP signature
___
Full-Disclosure - We bel
On Thu, 12 Jul 2012 18:47:53 +0200, phocean said:
> - Volatility: anything has to sit somehow in the memory, so there is no
> way for it to escape from the analysis.
There's a number of attacks using the MTRR and IOMMU to cause the CPU to have a
different view of memory. It is indeed possible fo
On Thu, 12 Jul 2012 11:00:36 -0400, ÐÑигоÑий ÐÑаÑиÑлава said:
> I just checked your machine for you. You are is safe. Stay thirsty my friend
+1
pgp2fPfB2HtKf.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Char
On Wed, 11 Jul 2012 22:42:42 +0200, phocean said:
> I have a lab virtual machine that behaves as if it was owned by a
> rootkit: weird behavior with system certificates and keyboard driver.
Out of curiosity, why are you guessing it's a rootkit, rather than just another
case of Windows being messed
On Tue, 10 Jul 2012 23:38:49 -0700, NETT Dave said:
> Please has us let peace: has you shut up.
procmail is your friend.
pgpIv9dNkNElt.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclo
On Tue, 10 Jul 2012 15:16:39 -0400, ÐÑигоÑий ÐÑаÑиÑлава said:
> I reply to you is back "on-list." Information is for meant to be free.
> And so you know, is no, your English is improper:
The longer this thread goes on, the more I become convinced that
one of these guys actually l
On Sun, 08 Jul 2012 14:07:52 +0200, "Stefan Kanthak" said:
> The "industry" will (typically) not fix any error if the cost for fixing
> exceeds the loss (or revenue) that this fix creates, including the vendors
> gain/loss of reputation, gain/loss of stock value, loss of money in court
> cases or d
On Thu, 21 Jun 2012 08:02:26 -0700, Gage Bystrom said:
> to me it seems like hes trying to say that someone with administrative
> access has the ability tohave administrative access. Its like
> saying "Hey guys! I found a local exploit and all it requires is to be
> a root user!!!"
>
> I'm not
On Mon, 11 Jun 2012 02:17:15 +0200, Christian Sciberras said:
> All this talk about a lot of arguments to syscalls reminded me of
> `ls`and that's just the beginning..
"The real reason GNU ls is 8-bit-clean is so that they can start using
ISO-8859-1 option characters."
- Christopher
On Sun, 10 Jun 2012 17:06:37 -0400, Laurelai said:
> I am a bit surprised by the direction of this conversation and I have
> been waiting for someone to say the obvious in regards to protecting
> yourself from .gov malware, it really is quite simple if you think about
> it. Stuxnet, duqu, flame, e
On Sun, 10 Jun 2012 17:00:19 -0400, Laurelai said:
> >>> I dont listen to either. And sorry to burst your bubble but I
> >>> did serve 10 years in the army.
> Except i don't like the government.
The cognitive dissonance is strong in this one. :)
pgpaZxMuz7e2q.pgp
Description: PGP signa
On Sun, 10 Jun 2012 08:58:31 +0300, Georgi Guninski said:
> What about legal windows backdoors (NSA key)?
It was never confirmed whether the infamous NSAKEY was an actual backdoor, or
just a hilariously poorly named variable. In any case, even if it was a
backdoor, it's certainly not the same "le
On Sat, 09 Jun 2012 16:11:55 +0200, phocean said:
> Oh n !!! Sounds scary.
> Le 9 juin 2012 =E0 14:20, andrew.wallace ecrit :
> > You've just libeled yourself.
What's scary is Andrew's lack of understanding of the law. It's
pretty hard to libel yourself. In fact, I think Andrew is one o
On Sat, 09 Jun 2012 14:25:00 +0200, Christian Sciberras said:
> Yes, let's just forget Iran would strike any country against its religious
> views, especially Israel.
I'm personally more worried that US Islamophobia will lead to a first strike
than I am that Iran will make a first strike.
pgphR7
On Fri, 08 Jun 2012 21:56:23 -0400, Jason Hellenthal said:
> Shit, Ill give the NSA a shell on any system... if it means achieving a
> greater goal. Whether its wrong or not... let the bots decide who is the
> better player as long as it brings the US into a primary position of
> power.
The proble
On Fri, 08 Jun 2012 12:04:11 -0400, Laurelai said:
> I think the real question we should all think on is what are we going to
> do about this kind of thing?
>
> Because the way I see it, the infosec industry is part of this problem
> until it finds a way to be a part of the solution, if you all eve
On Thu, 07 Jun 2012 13:48:33 -0400, Ian Hayes said:
> On Thu, Jun 7, 2012 at 1:40 PM, andrew.wallace
> wrote:
> > On Tue, Jun 5, 2012 at 8:43 PM, wrote:
> >> One could equally well read that as "We're fed up and about to
> >> pound North Korea even further back into the Stone Age".
> >
> > With
On Tue, 05 Jun 2012 15:06:25 -0400, Jack Slade said:
> There's an election year in the US. A president has not been re-elected in
> the last 40 years when the unemployment rate is above 8%
Nixon got re-elected at 3.6%., Reagan got re-elected at 7.5%,,
Clinton at 5.4%, and Bush the II got re-electe
On Wed, 06 Jun 2012 23:22:32 -0400, Laurelai said:
> Guys can we focus on the fact that the US Government is en mass
> accessing computer systems without due process, and trying to prosecute
> the people who made this known to the public.
After a decade of unindicted torture of prisoners, renditi
On Wed, 06 Jun 2012 18:19:21 -0400, Andrew D Kirch said:
> I think you just identified it. buy rifles (I have, there's a Colt M4
> Law Enforcement Carbine sitting next to me), but mortars (a bit
> difficult but not impossible to get) buy tanks (quite easy to get if you
> know where to look), and b
On Wed, 06 Jun 2012 10:41:24 -0400, Laurelai said:
> People seem to think that since the US Gov did it that makes it ok, well
> I do not think it does. Especially when they throw kids with small
> botnets in jail for being mad at the system cause its crooked.
You're a little bit confused here. I
On Tue, 05 Jun 2012 16:20:04 -0300, "Marcio B. Jr." said:
> really matters, that is, an imminent *real* war against China:
> http://www.bbc.co.uk/news/world-us-canada-18305750
One could equally well read that as "We're fed up and about to
pound North Korea even further back into the Stone Age".
On Tue, 05 Jun 2012 14:03:58 -0400, Peter Dawson said:
Please don't feed the troll.
> On Tue, Jun 5, 2012 at 1:57 PM, andrew.wallace <
> andrew.wall...@rocketmail.com> wrote:
> > Interpol should be investigating it and issuing arrest warrants, then
> > individuals taken to The Hague for war crim
On Tue, 05 Jun 2012 17:01:49 +0300, Georgi Guninski said:
> http://www.theregister.co.uk/2012/06/01/stuxnet_joint_us_israeli_op/
> US officials confirm Stuxnet was a joint US-Israeli op
> Well, sure ... so why are you telling us, Mr President?
Posturing and positioning, mostly. Before the announc
On Wed, 23 May 2012 19:26:15 -, "Thor (Hammer of God)" said:
> Iâm looking forward to it! Thank you.
/me makes popcorn. ;)
pgpRWe8RebXul.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/ful
On Thu, 17 May 2012 20:56:54 +0200, Adam Zabrocki said:
> Sorry I can not agree with you. Suse 12.1 is very new/fresh distribution
> so I don't see any point of delivering "old" binaries with new system.
> Still there is an open question about 3rd party vendors applications.
Exactly - it's all ab
On Wed, 16 May 2012 23:49:40 +0200, Adam Zabrocki said:
> so the latest update has this fix but still official ISO has old kernel. Fix
> was applied
> in March/April. So again _sock kernels_ have/had so simple mistake ;)
You're assuming it's a *mistake* rather than something intentional.
Rememb
On Mon, 07 May 2012 02:27:33 +0530, karniv0re said:
> And this is anonymous.. How??
Haven't checked, but if you set up the userid/password via Tor, should
be pretty anonymous.
> http://www.getmycookie.com/view.m3?hash=
And you get somebody else's hash value, how?
pgpp6UeiOQBSi.pgp
Descriptio
On Sat, 05 May 2012 19:33:52 -, washington_u_getm...@hushmail.com said:
> dearest FD the university of washington server has been feeding
*the* server, or *a* server? precision in writing is often useful - I have
literally several thousand servers across the hall here.
> if they can not keep
On Thu, 03 May 2012 19:24:29 -, Wei Honker said:
> If Anonymous truly wants to make a difference they need to evolve
> beyond the simple DDoS attacks, web defacements and the media hack
> that currently defines hacktivsm and become the movement they want to
> be.
Cool story, bro.
First falla
On Mon, 30 Apr 2012 15:37:08 +0300, "MustLive" said:
> * Mozilla Firefox 3.0.19 consumes resources (50% CPU and a lot of RAM) and
> crashes.
> * Mozilla Firefox 3.5.11 consumes resources (50% CPU and a lot of RAM) and
> crashes.
> * Mozilla Firefox 3.6.8 consumes resources (50% CPU and a lot of
On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said:
> if you read his "advisories" and "0-days" you know: It's not a joke...
I always thought it was misunderstood performance art...
pgpBMDMGRP44M.pgp
Description: PGP signature
___
Full-Disclosure -
On Sun, 22 Apr 2012 19:59:46 -, "Thor (Hammer of God)" said:
> You dropped a FD on the BIBLE?? Dude, you're going straight to Hacker Hell!
> :)
Wait, wouldn't that require that the unerring Word of God was buggy? ;)
pgprGAaEplMQ7.pgp
Description: PGP signature
On Tue, 17 Apr 2012 17:48:47 -0400, "Elazar Broad" said:
> At least configure your SPF record policy to hard fail, and consider Domain
> Keys and/or DMARC.
Given where his MX's point, and the fact that the SPF includes a :include that
points at another domain, simply setting it to "hard fail" wi
On Mon, 09 Apr 2012 19:49:59 +0100, Dave said:
> Or noobs like me who are not professional pentesters and only hit our own
> machines/VM's/network devices in the course of self training.
They made special notice of that. Amendment 7 got reworded a bit (the phrase
"authorized testing" was replac
On Mon, 09 Apr 2012 12:06:24 -0400, Travis Biehn said:
> 'Clear purpose for committing any of the offenses' is usually easy to prove.
Say I'm heading to Munich for a pen-testing gig, complete with a signed contract
and rules of engagement and a get-out-of-jail-free from their CISO.
How do you "u
On Mon, 09 Apr 2012 16:43:16 +0200, psy said:
> this is the official text.
>
> http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+COMPARL+PE-476.089+01+DOC+PDF+V0//EN&language=EN
Thanks for posting that. Looks like the final text is in fact not that bad. In
particular, Amendent 7
On Wed, 04 Apr 2012 10:09:12 -0700, Gage Bystrom said:
> You forget that the culprits have already been caught, no one is there in
> order to issue an update to circumvent the check site.
In *this* case. Just keep in mind the *general* case where the miscreants are
still on the loose and can sti
On Fri, 30 Mar 2012 19:23:38 +0530, smith joseph said:
> LEORAT.COM is SCAM | LEOIMPACT.COM is SCAM | LEORAT.COM is SCAM
>
> Yes. . I bought this RAT software from him.
(And of course, said ratware was *only* going to be used for the highest moral
purposes)
I don't know why you're so upset at
On Wed, 28 Mar 2012 11:34:56 -0400, Jeffrey Walton said:
> Under Linux, about the best you can do to avoid hard coded passwords
> in source files is store the password in a file, and then clamp the
> ACL on the file so only tomcat, apache, or whomever can read.
> Generally, it means you remove worl
1 - 100 of 1582 matches
Mail list logo
