werden muss!
-Ursprüngliche Nachricht-
Von: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] Im Auftrag von Jeffrey Walton
Gesendet: Donnerstag, 28. Februar 2013 05:16
An: coderman
Cc: Full Disclosure; imipak
Betreff: Re: [Full-disclosure] test
On Wed, Feb 27, 2013 at 11:05 PM, coderman wrote:
> On Wed, Feb 27, 2013 at 3:13 AM, imipak wrote:
>> SMTP_ECHO_REQUEST
>
> ICMP_SOURCE_QUENCH
+1
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hos
On Wed, Feb 27, 2013 at 3:13 AM, imipak wrote:
> SMTP_ECHO_REQUEST
ICMP_SOURCE_QUENCH
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Sorry, more of my rantings...
PFJTQUtleVZhbHVlPjxNb2R1bHVzPnRCdTVRR0w1K2J1VENGeFJvWE5WcUgxSlZKY2FJUnd6RVJZRTE5OWxveWZ5WmZ2UkxQclg1Z3JkTE1pRU9FLysxcDRLenZBM0VpQzlmTXJEWlVzbG1Jdk5hV2x4eDBPT0xRckFKYlFET0RUTkFJWG9sQnM0cFZXVGJ0VlpURkUyMkxXVjBWQmU2Ynk4cVZIVTU4R0RRNUdWVklsak9MZUVpdW9UMmdiSi9hVT08L0
test
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
?
On Tue, Aug 26, 2008 at 6:59 PM, Jason Josno <[EMAIL PROTECTED]>wrote:
> test
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
test
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I think N3TD3V is posting to new mailing lists and groups between FD and NETDEV
google group and those extra postings are bouncing. Not totally sure but this
is a test.
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/ful
test
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
checking if this address works on the list
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
not your fault todd, they are too gay at cert
http://www.us-cert.gov/cas/techalerts/TA05-362A.html
huhu...
Todd Towles wrote:
>
> Peter wrote:
>> Perhaps you should read about it on Microsoft's site.
>> It's not a buffer overflow. WMF files since
Yet in my defense, CERT calls it a "buffer overflow" ;)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Peter Ferrie
> Sent: Thursday, December 29, 2005 11:51 AM
> To: full-disclosure@lists.grok.org.uk
> Subje
Peter wrote:
> Perhaps you should read about it on Microsoft's site.
> It's not a buffer overflow. WMF files since at least Windows
> 3.0 days have been allowed to carry executable code in the
> form of their own SetAbortProc handler. This is perfectly
> legitimate, though the design is a po
Mix in a generous helping of 'type sniffing' by MS so that you can name
WMF files .gif or .jpg or some other random suffix and you have one hell
of a problem that can only really be completely fixed by MS releasing a
patch to kill execution of embedded executable code in WMF files.
Has anyone
On Thu, 29 Dec 2005, Peter Ferrie wrote:
Perhaps you should read about it on Microsoft's site. It's not a buffer
overflow. WMF files since at least Windows 3.0 days have been allowed
to carry executable code in the form of their own SetAbortProc handler.
This is perfectly legitimate, though t
>TrendMicro has released pattern file = 3.135.00
>It appears to pick up all the trojans using the WMF exploit as of right
>now. Variants could affect this however.
If they're blindly detecting anything that contains the SetAbortProc, then
they're detecting the legitimate use of a documented func
Valdis worte:
> Anti-virus researcher Andreas Marx of Av-Test.org has
> concluded an annual round of testing to see how well the
> various anti-virus programs responded to recent outbreaks of
> viruses and worms.
> The results appear to show that while the major anti-virus
> products are still
]
Between 16 and 18 hours>[none]
Between 18 and 20 hours>eTrust-VET
More than 20 hours--->[none]
http://blogs.washingtonpost.com/securityfix/2005/12/antivirus_resea.html
- Original Message -
From: "Todd Towles" <[EMAIL PROTECTED]>
To: &quo
Ad wrote:
> norton detects it under the corporate version BloodHound.Exploit.56
>
> http://securityresponse.symantec.com/avcenter/venc/data/bloodh
> ound.exploit.56.html
>
> I guess you tried the norton customer version which isn't
> virus definition updated everyday, companies are more at ris
Or does it have some trick point that could be used to fool
> known sigs?
>
> -Todd
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf
>> Of Thierry Zoller
>> Sent: Wednesday, December 28, 2005 5:24 PM
>> T
As anyone tested the well known Irfanview product? It defaults takes
over WMF files from the Microsoft Product.
-Todd
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
L PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Thierry Zoller
> Sent: Wednesday, December 28, 2005 5:24 PM
> To: full-disclosure@lists.grok.org.uk
> Subject: Re[2]: [Full-disclosure] test this
>
> Dear List,
>
> VirusTotal on 12/29/2005 at 00:16:19 (CET) :
> A
Dear List,
VirusTotal on 12/29/2005 at 00:16:19 (CET) :
AntiVir 6.33.0.70 12.28.2005 TR/Dldr.WMF.Agent.D
Sophos 4.01.0 12.28.2005 Troj/DownLdr-NO
ClamAV devel-20051108 12.29.2005 Exploit.WMF.A
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36
is Shkesters
> Sent: Wednesday, December 28, 2005 1:46 PM
> To: Peter Bruderer; full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] test this
>
> This is a report processed by VirusTotal on 12/28/2005 at
> 20:38:41 (CET) after scanning the file "xpladv548.wmf.gz&q
Dear List ,
Nice Idea, lets sample the reaction time of vendors on this one :
VirusTotal on 12/28/2005 at 21:48:23 (CET) :
New:
DrWeb 4.3312.28.2005 Exploit.MS05-053
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
__
uot;D B" <[EMAIL PROTECTED]>
Cc:
Sent: Wednesday, December 28, 2005 7:17 PM
Subject: Re: [Full-disclosure] test this
Hi there
Using a previous unknown hole in windows, an exploit was discovered
which infects a PC with spyware and trojans. The PC is infected using a
manipulated picture
McAfee's 4661 (released today) DAT recognizes it as Exploit-WMF. On 12/28/05, Peter Bruderer <[EMAIL PROTECTED]
> wrote:Hi thereUsing a previous unknown hole in windows, an exploit was discovered
which infects a PC with spyware and trojans. The PC is infected using amanipulated picture in the WMF f
Hi there
Using a previous unknown hole in windows, an exploit was discovered
which infects a PC with spyware and trojans. The PC is infected using a
manipulated picture in the WMF format.
Only Symantec found a trojan downloader. Another AV scanners found the
downloaded code, but did not recognize
12:49 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] test this
Trojan-Downloader.Win32.Agent.acd (Kasperky Anti-Virus)
> could the uber geeks who do spyware check the
> attachment for me ??
> do not click this URL if in windows ... possible
> malware
>
Trojan-Downloader.Win32.Agent.acd (Kasperky Anti-Virus)
> could the uber geeks who do spyware check the
> attachment for me ??
> do not click this URL if in windows ... possible
> malware
> it is obtained from
> http://www.cabbage-soup-diet.com/negative-calorie.html
> GF has countless popups
On 12/28/2005 5:39 PM +0200, D B wrote:
could the uber geeks who do spyware check the
attachment for me ??
do not click this URL if in windows ... possible
malware
it is obtained from
http://www.cabbage-soup-diet.com/negative-calorie.html
GF has countless popups after visiting this site and
s
test
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
32 matches
Mail list logo
