This is GNATS local exploits. :-}
--
___
Get your free email from http://www.hackermail.com
Powered by Outblaze
0x82-GNATS.tgz
Description: Binary data
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 330-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 23rd, 2003
* [EMAIL PROTECTED] (Shawn McMahon) [Mon 23 Jun 2003, 18:31 CEST]:
> Anyway, your ISP probably doesn't guarantee you 100% inbound bandwidth
> usage. Most prohibit running "servers" on non-business accounts, so
> being affected by these blocks implies violating terms of service.
They don't, and th
The ActiveX control can have two different names :
"Symantec RuFSI Utility Class" or "Symantec RuFSI
Registry Information Class" (both names refer to the
same ActiveX control)the name depends if you have
running first the virus scan or security scan.
Thanks to DANIEL HANNIGAN for let me know this
=
Kereval Security Advisory [KSA-001]
Multiple vulnerabilities in Tutos
=
PROGRAM: Tutos
HOMEPAGE: http://www.tutos.org
VULNERABLE VERSIONS: 1.1
RISK: Medium/High
IMPACT: Cross Site Scripting
RELEASE DAT
[SNIP]
> And they are losing customers for this. When I spoke to them, they
> refused to guarantee that they would not implement these blocks for a
> static IP user, only claimed that they do not implement them.
>
> If you are willing to spend $20 above RCN's already premium rates, you
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: ethereal
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Jun 23, 2003 at 04:55:35PM -0400, Christopher F. Herot wrote:
>
>
> This is essentially what RCN is doing. Like Shawn McMahon, I found
> myself paying another $20 a month for the privilege of not having port
> 80 blocked and my IP jerked aro
This is essentially what RCN is doing. Like Shawn McMahon, I found
myself paying another $20 a month for the privilege of not having port
80 blocked and my IP jerked around at random. This is annoying but at
least better than Comcast/AT&T/MediaOne/Cablevision which prohibits
"servers" as if som
Roy S. Rapoport wrote:
>You're a little behind the curve -- blocking outbound port 25 is
>becoming more and more standard, especially with some of the larger ISPs
>(e.g. earthlink) as a spam-blocking measure.
I think you meant so say: "as a futile attempt at a spam-blocking
measure".
__
Johannes Ullrich wrote:
>Well, blocking port 1026 is probably not such a great idea. But
>why would a non-windows user suffer if port 135-139 & 445 is blocked?
For example smoothwall firewalls (Linux) require https on 445 but that
is not the point. The point is I don't want my ISP to start block
It's pretty simple although not quite convenient. When I got the fraud email
I called BestBuy to find out what was going on as it was clearly a false
email. They had a recording explaining the situation...3 days later I got
the email about it. When in doubt, call directly lol
> -Original Messa
Roy S. Rapoport wrote:
It isn't -- I mean, I agree that it's reasonable to feel that it's sketchy,
but I'm on Best Buy's promo email list, and all my emails come from
postfuture. I suspect BB outsourced their mass mail operations and didn't
quite understand the implications of sending security ale
I recently received an email from Best Buy telling me that this was a spoof.
-Original Message-
From: Roy S. Rapoport [mailto:[EMAIL PROTECTED]
Sent: Monday, June 23, 2003 2:40 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Implications of outsourcing email
On Mon, Jun 23, 2003
On Mon, Jun 23, 2003 at 03:25:45PM -0400, Vine, Matthew T wrote:
> I recently received an email from Best Buy telling me that this was a spoof.
I think we're talking about that email from Best Buy here.
-roy
___
Full-Disclosure - We believe in it.
Chart
Knud Erik Højgaard wrote:
> Sorry, no pretty describing document this time.
Oops, haste makes waste.
The shellcode is by eSDee, not zillion.
--
kokanin
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.htm
Sorry, no pretty describing document this time.
--
kokanin
DSR-korean-elm.pl---txt.poo.av.is.gay
Description: Binary data
On Mon, Jun 23, 2003 at 01:02:54PM -0400, Gabe Arnold wrote:
> I got this too, and agree it looks sketchy, pehaps someone got hold of
> their list and wants to see what e-mails are still 'alive'? And what
> people are prone to click on everything they see.
It isn't -- I mean, I agree that it's rea
[EMAIL PROTECTED] writes on
Mon, 23 Jun 2003 11:16:38 +0200 (METDST):
>
> I agree. However, that is not a serious option anymore. Fact is:
> Every
> dummy and his grandma are using the Internet today. You won't be able
> to change the fact, so we will all have to find ways to minimize
> the d
Blue Boar (2003-06-23 16:21Z) wrote:
> joseph blater wrote:
> >What should I do? Tell them their whole HR system is vulnerable and face
> >the risks of being charged for something?
> >Although owning certs from most vendors, I never got to work for a top5.
> >Shall I take the risk and use this v
I got this too, and agree it looks sketchy, pehaps someone got hold of their list and
wants to see what e-mails are still 'alive'? And
what people are prone to click on everything they see.
--gabe
* rajesh ([EMAIL PROTECTED]) wrote:
> In spite of all the trust implications in outsourcing e-mail
On Sat, Jun 21, 2003 at 06:57:32PM +0100, Barry Dorrans said:
>
> Why is it up to an ISP to block traffic?
Because the bandwidth hogged by some of the attacks that go on via
specific ports slows down the entire customer base. This is especially
true for things like Code Red, which if it infects
On Mon, Jun 23, 2003 at 12:52:06PM +0200, [EMAIL PROTECTED] said:
>
> Most spam is NOT sent out via port 25. It arrives via port 25, but it
> almost always relayed inbetween. Some years back, open relays were the
> main problem. However, we've dug into things a bit and found to our
> surprise that
In spite of all the trust implications in outsourcing e-mail
communications, why would any company use a 3rd party mail service
provider, especially, to sent a "E-Mail hoax notification"?
How would one distinguish the original fraudulent email from this real
alert email? Return address does not
joseph blater wrote:
What should I do? Tell them their whole HR system is vulnerable and face
the risks of being charged for something?
Although owning certs from most vendors, I never got to work for a top5.
Shall I take the risk and use this vuln to help me getting a job?
Well, considering that
I would report it to them. It accomplishes several things; it
establishes your credibility vis a vis your qualifications, it
establishes your *honesty* (you were willing to warn them rather than
take advantage of it), it gives you an opportunity to see how *they*
will react when you warn them of a
I run off of RCN and they have recently blocked all outgoing port 25 traffic unless
someone buys a static IP for another
$20 a month. Although I agree that blocking 25 outgoing is nice, I pay for internet
access, not for access only through
certain ports. Due to the nature of my setup, I was
Flase?
Ummm.
i don't think that.
do you want to get more proof of concepts ?
reagards,
PD: i observed an automatic update in my Gator Software... xP
--
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional
On Saturday 21 June 2003 05:57 pm, Jeff Kell wrote:
> This is missing the point. Messenger is an RPC service. Previous
> spamming by popups query udp/135 to determine the port number of the
> messenger service, then send the spam packet via udp to the port
> returned by the RPC portmapper. Typic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jun 22, 2003 at 07:42:01PM -0700, Muhstik Botha wrote:
> I just accessed a page which ejects my CD-ROM tray. Is this consider privacy or
> security breaching? I'm no expert on pertinent subject. For me, i don't like ppl be
> able to fool
On Saturday 21 June 2003 05:02 pm, morning_wood wrote:
> the point being there should be no isp blocking of any ports period.
> Why? For what purpose? I would seek another provider if my ISP
> purposefly blocked ports.
wood,
Your ISP (AT&T) already blocks inbound TCP ports 137, 138, 139 and 1080
Muhstik Botha <[EMAIL PROTECTED]> wrote:
> I just accessed a page which ejects my CD-ROM tray. Is this
> consider privacy or security breaching? I'm no expert on pertinent
> subject. For me, i don't like ppl be able to fool around with my
> CDROM tray when i open their website. Any comments? Thank
> >This isn't about you. The ISP also has a responsibility to protect
> >the internet at large. If millions of spam are sent each day because
> >the average user is too stupid to close off his proxy, then the
> >ISP can either shut him down, or block the proxy port. Obviously,
> >shutting down isn'
On Fri, Jun 20, 2003 at 03:27:29PM -0400, gml wrote:
> What does that do?
> >void(*b)()=(void*)shellcode;b();
It declares a function pointer ('b'), which is initialized to point at
the 'shell code', then jumped into ('b()'). In other words, if you run
that program, the shell code will get exe
At 11:16 23.06.2003 +0200, [EMAIL PROTECTED] wrote:
> A professional ISP does not block any port. Blocking ports
> can only be done on the customer side. The ISP does not know
> which port i might need.
This isn't about you. The ISP also has a responsibility to protect
the internet at large. If mi
> > Due to widespread abuse, many ISPs have moved to block
> >inbound traffic on UDP port 135. It appears the spammers
> have adapted,
> >so ISPs are urged to block UDP port 1026 inbound as well.
>
> A professional ISP does not block any port. Blocking ports
> can only be done on the customer si
then dont attach a sharp knife to the tray and sit close to it. also a full can of soda would be messy if it was in front of the tray and not sitting in it...anyhow just get rid of media player its big ,bulky and shitty microsoft quality..that should solve yer problem
- Original Message -
Hello list,
While updating my resume at a regional HR site of a top5 consultancy, I
faced a programming bug (terribly written asp dissapeared with my session
id), which returned an OLE Error.
I decided to make a little test, so I started playing with sql injection.
Surprisingly, it worked. Ever
38 matches
Mail list logo