Hi,
n3td3v wrote:
n3td3v: Sure my comments on FD on 666 were just hear-say, but theres
loads of defacers out there. Morning wood is promoting the new
'zone-h.org http://zone-h.org' website via his Y messenger status
the last two days, I feel sorry for the zone-h crew right now.
Just
or you just put
[EMAIL PROTECTED]ERROR:550 piss off
in /etc/mail/access if you use sendmail
- Original Message -
From: Byron Sonne [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk
Sent: Sunday, June 11, 2006 6:16 PM
Subject: Re: [Full-disclosure] terrorists have
--- [EMAIL PROTECTED] wrote:
What's this mean? It means that if you
scan some lame-ass system and it
crashes as a result, you might be in deep
shit. And it shouldn't have
crashed from a portscan does *not* hold
up in court.
Having done pen-testing in the past I have disabled (dos-ed)
systems
Hello, all.I just received an email with an html attachment, on a yahoo account.When I opened the mail, yahoo automatically displayed the html, and executed the code within.What the hell. =)It forwarded the message to my contacts list, (or some other set of addresses, dunno,) and redirected my
On 12/06/06, David Loyall [EMAIL PROTECTED] wrote:
Oh, I've CC'd [EMAIL PROTECTED], but if someone else would give them a proper
write-up, and encourage them to close the hole, that'd be wonderful.
I know this guy who has over 7 years of direct security influence with
Yahoo and Google security
When you say that by running a portscan you dossed a whole network
then i would say either you are crazy or your portscanner is seriously broken
lol
I have been doing pen-tests since 1998 and never ever dossed a whole Network
by accident, especially not with a simple portscan.
-sk
-
On 6/12/06, c0ntex [EMAIL PROTECTED] wrote:
On 12/06/06, David Loyall [EMAIL PROTECTED] wrote:
Oh, I've CC'd [EMAIL PROTECTED], but if someone else would give them a proper
write-up, and encourage them to close the hole, that'd be wonderful.
I know this guy who has over 7 years of direct
Check out: http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]...Eric
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Believe it or not, it was a Nokia running CheckPoint NG, but not well
configured.
Because the network was taking a lot of traffic during normal ops so no
problems (yet). However it was taken down by a broadcast storm earlier.
I was running multiple SYN-scan sessions of nmap with agressive
You are correct, Terrorist have invaded the US...
http://archives.cnn.com/2001/US/09/11/chronology.attack/index.html
and now you see they must be mitigated, with extreme prejudice.
---BeginMessage---
___
Full-Disclosure - We believe in it.
They've got it quite quickly. 10x
Since the source code is open to everyone now, it is just a matter of
time for someone to redesign it and make it work Yahoo Beta as well.
On 6/12/06, Eric Chien [EMAIL PROTECTED] wrote:
Check out:
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL
Hi all bad guys :P
I can't resist, FBI rocks!
http://no.spam.ee/~tonu/exif/?srcid=1847src=http://www.fbi.gov/wanted/seekinfo/erienote1.jpg
Tõnu
___
Full-Disclosure - We believe in it.
Charter:
TheGesus escribió:
And you have an instant Elspy.worm flood and your Enterprise AntiVirus
Administrator is shitting his pance. Run in circles, scream and shout
and all THAT.
Oh! That's really stupid! The logs will show 1 infection on the same
PC within a few seconds. Easy to spot as a
Regarding to recent debate about the use of Tor. Just wondering if it
is practical to trace back the user if he is using Tor to hide his
origin. As far as I know, there were several approaches using timing
correlation to trace back TCP connections. It seems that the technique
is there but the
==
Secunia Research 12/06/2006
- MyBB domecode() PHP Code Execution Vulnerability -
==
Table of Contents
Affected
Hey there
There is a paper out trying to describe the different
methods of tracking TOR user
http://www.fortconsult.net/images/pdf/tpr_100506.pdf
Best regards
Dennis
CIRT.DK
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jianqiang
XinSent: Monday, June 12, 2006 4:49
that paper is useless
which isnt surprising when you see who wrote it
On 6/12/06, CIRT.DK Mailinglists [EMAIL PROTECTED] wrote:
Hey there
There is a paper out trying to describe the different methods of tracking TOR user
http://www.fortconsult.net/images/pdf/tpr_100506.pdf
Best regards
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Danny wrote:
Hi ,
I read your article , but since I am not at all at home when scripting
comes up,I still am wondering what this issue is exactly.
My web-foo is not that strong either.
Bart van Arnhem made a much better example in IE than I
rPath Security Advisory: 2006-0100-1
Published: 2006-06-12
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
User Non-deterministic Weakness
Updated Versions:
freetype=/[EMAIL PROTECTED]:devel//1/2.1.10-2.2-1
References:
Yahoo is under the control of hackers.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:099
http://www.mandriva.com/security/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200606-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo All!
I thought I'd actually risk a real security question here.
Any one seen the PassMark (www.passmarksecurity.com) security system
in action?
RGDS
GARY
- ---
Gary E.
I'm getting port 21 connection attempts every 5 minutes from about half a
dozen of my network users. These attempts are repeating regularly with one
computer sending out 1500+ attempts a day. I have not seen this before and
I'm wondering if anyone else here has seen a client behave this way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Jun 12, 2006 at 04:30:40PM -0500, Jacob Wu wrote:
I'm getting port 21 connection attempts every 5 minutes from about half a
dozen of my network users. These attempts are repeating regularly with one
computer sending out 1500+ attempts a
Try websnarf: http://www.unixwiz.net/tools/websnarf-1.04
Set the port to 21 log some of the data they're sending. You can
have it log the session to a file, too, I think. Note that the one
line it grabs may not amount to much of anything, but it might give
you some idea what the machines are
Symantec Remote Management Stack Buffer Overflow
Release Date:
June 12, 2006
Date Reported:
May 24, 2006
Severity:
High (Remote Code Execution)
Systems Affected:
Symantec AntiVirus 10.0.x for Windows (all versions)
Symantec AntiVirus 10.1.x for Windows (all versions)
Symantec Client Security
-Original Message- On Behalf Of n3td3v
Sent: Tuesday, June 13, 2006 4:05 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Vunerability in yahoo webmail.
Yahoo is under the control of hackers.
Good, Yahoo are a pathetic service anyway so it's no big deal, hey.
Hello List,
Thank you all for the feedback I've received so far. Some of the
feedback I'm receiving is that it might also serve as a malware analysis
tool if we improve logging messages.
In thanks to the list, and in the hope more security experts will stress
test the software, here's an
I have no time to check it so there are details about the crash:
Open in a browser the following location:
http://ofertas.muchoviaje.com/viajes/ofertas/ofertapaquete.aspx?codigo=8491
Next, Select all (Ctrl+E) and try pasting it in Microsoft Word. It will
always crash with a failure in
Problem:
DNS service ZoneEdit.com now owned by MyDomains.com has started forcing
JavaScript pop-Unders onto users' browsers when the domain owner uses
the ZoneEdit WebForward feature.
References:
www.zoneedit.com
www.mydomains.com/support.php
www.casalemedia.com/contact.html
Details:
Title: Message
Oh, I've CC'd [EMAIL PROTECTED], but if someone else would
give them a proper write-up, and encourage
them to close the hole, that'd be wonderful.
Since
yahoo isn't known for fixing bugs fast unless it's serious (and even then),
here's something i wrote up today.
The
Title: Message
For
the record: 30 minutes after I posted this, onLoad got changed to onfiltered -
problem fixed by yahoo. :)
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
php0tSent: Tuesday, June 13, 2006 2:28 AMTo:
Congratulations to the hackers running Yahoo!!
On Tue, 13 Jun 2006 03:07:56 +0200
php0t [EMAIL PROTECTED] wrote:
p Message
p For the record: 30 minutes after I posted this, onLoad got changed to
onfiltered - problem fixed by yahoo. :)
p
p
p
p -Original Message-
p
Hello putosoft,
Tuesday, June 13, 2006, 12:56:56 AM, you wrote:
I have no time to check it so there are details about the crash:
Open in a browser the following location:
http://ofertas.muchoviaje.com/viajes/ofertas/ofertapaquete.aspx?codigo=8491
Next, Select all (Ctrl+E) and try pasting
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Gary E. Miller wrote:
Yo All!
I thought I'd actually risk a real security question here.
Any one seen the PassMark (www.passmarksecurity.com) security system
in action?
Yes.
Bank of Bangalore^H^H^H^H^H^H^H^H^HAmerica uses it, as well
I would agree as well, having recently reviewed them with others in the same field. Apart from relying on users to only enter their password if they saw an image, the solution heavily relied on cookie usage. This works fine for most people but a lot of corporate environments have persistant cookie
I am not impressed with the PassMark solution. It would be trivial to setup a script of rotating images that are used by the passmark widget.. then feed them back to the user and have a script post stating the image that was on the screen when the user clicked submit..
Also feeding in any 2nd
SSL VPNs have their legitimate place as does IPSec. Personally, I'd rather that travelling exec's who need to log on from a public Internet terminal, dont have full IP connectivity into the network, but maybe that's just me.
Q-BallOn 6/10/06, Tim [EMAIL PROTECTED] wrote:
That depends on whether
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1096-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 13th, 2006
40 matches
Mail list logo