[Full-disclosure] Yahoo! Research Multiple vulnerabilites

Title: Yahoo! Research Multiple vulnerabilites Authors: Simo64 and Simo Ben youssef Contacts : simo64_at_morx_org / simo_at_morx_org Discovered: 02 Aout 2006 Published: 17 Aout 2006 MorX Security Research Team Original Advisory: http://www.morx.org/YahooResearchMultiple.txt http://www.morx.org

[Full-disclosure] [SECURITY] [DSA 1152-1] New trac packages fix information disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1152-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 18th, 2006

[Full-disclosure] Secunia Research: AOL Insecure Default Directory Permissions

== Secunia Research 18/08/2006 - AOL Insecure Default Directory Permissions - == Table of Contents Affected

[Full-disclosure] Risks from using default WebSphere keys

Hi, I found out that some machines in a clients network use the default keys that came with WebSphere because it is too hard to get the new keys registred with the company. Does anybody know what risks this opens them up to? Schanulleke ___

Re: [Full-disclosure] LOL HY

On 8/15/06, Edward Pearson [EMAIL PROTECTED] wrote: I'm glad somebody said it. I'm fed up of the whole if you don't like them, don't read them crap. Fuck you all. I'm going to Bugtraq. Right--you don't like the list, so you don't read it. You are acting in accordance with the mantra with

[Full-disclosure] Re: Dates Correction - World Summit on Intrusion Prevention, May 8-9, 2007

Dear Colleague, I invite you to submit a proposal for presentation at WSIP/WSSC. The proposal form is downloadable at: http://www.unatekconference.com/papersIntrusion2007.php The two co-located conferences: the World Summit on Intrusion Prevention and the 2nd Annual Web Services Security

Re: [Full-disclosure] LOL HY

Apologies for adding to the noise yet again. Eliah Kagan wrote: Jason appears to be calling for a dual-tracking system, whereby people who post lots of content that others don't like (or that just Jason doesn't like) use two email addresses--one for the content that people will wait to block,

[Full-disclosure] Tempest today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi list, I've seen some fuss about the technique called tempest lately. Some people claim it would be the thing in modern security. This bugs me somehow because first of all I think it is way to much of an effort compared to the more casual

Re: [Full-disclosure] Tempest today

On Fri, 2006-08-18 at 18:45 +0200, Paul Sebastian Ziegler wrote: Can anybody tell me how far evolved this technique is today and who uses it? Maybe some reference to a whitepaper or something similar. Would be great. Other than the NSA, you mean? By the way, Tempest did/does not just refer

Re: [Full-disclosure] Tempest today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Joe Barr wrote: On Fri, 2006-08-18 at 18:45 +0200, Paul Sebastian Ziegler wrote: Can anybody tell me how far evolved this technique is today and who uses it? Maybe some reference to a whitepaper or something similar. Would be great. Other

[Full-disclosure] [SECURITY] [DSA 1153-1] New ClamAV packages fix arbitrary code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1153-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 18th, 2006

Re: [Full-disclosure] Tempest today

Paul Sebastian Ziegler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi list, Can anybody tell me how far evolved this technique is today and who uses it? Maybe some reference to a whitepaper or something similar. Would be great. Did you mean Van Eck Phreaking... EM eavesdropping,

Re: [Full-disclosure] LOL HY

- darren kirby [EMAIL PROTECTED] wrote: +1 The signal/noise ratio here has really gotten unbearable in the last few months. We can deal with most undesired mail from repeat posters with a filter, but the crapfloods need to be dealt with in a more drastic fashion. -d -- darren

Re: [Full-disclosure] Tempest today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thanks to everyone, I got enough info to suffice. It's good to see that just asking a question still provides an answer without paying thousands of dollars or sliding into several networks. Thanks! -BEGIN PGP SIGNATURE- Version: GnuPG

Re: [Full-disclosure] Reverse LOL HELLO FURRY PORN

forth: getting angry if someone spots you fifth: insulting for free (i did not, you uneducated subject). if you do not stand jokes, you're definitely better off any mailing list. go back to school and learn some politeness. - Original Message - From: Dude VanWinkle [EMAIL

Re: [Full-disclosure] Tempest today

I had not seen a realistic, working public example until I picked up on this just the other day. Granted, it's sketchy on details, but assuming it is a honest example it is impressive. http://www.lightbluetouchpaper.org/2006/03/09/video-eavesdropping-demo-at-cebit-2006/Everything else seemed to

Re: [Full-disclosure] LOL HY

quoth the Ajay Pal Singh Atwal: - darren kirby [EMAIL PROTECTED] wrote: +1 The signal/noise ratio here has really gotten unbearable in the last few months. We can deal with most undesired mail from repeat posters with a filter, but the crapfloods need to be dealt with in a more

[Full-disclosure] Just another *nix server botnet

Hello, My server was recently hacked through a vulnerable web application. What I found was a perl IRC bot. It was downloaded from http://72.20.41.7/~krang/join.txt It connects to 66.152.173.198 port 6698, joins #join You should use nickname krang, sky or chip for the bots to accept commands.

Re: [Full-disclosure] Reverse LOL HELLO FURRY PORN

On 8/18/06, ... [EMAIL PROTECTED] wrote: forth: getting angry if someone spots you fifth: insulting for free (i did not, you uneducated subject). Your email forensics skills are only matched by your command of the english language, and only surpassed by your deductive reasoning. -JP