-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Updated pine packages fix vulnerabilities
Advisory ID: RHSA-2003:273-01
Issue date:2003-09-11
Updated
This question also popped up on NTBugtraq and Marc answered it there.
Here's the archived message:
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0309&L=ntbugtraq&P=4
387
To summarize, the new (824146) hotfix changes some behavior that causes
older versions of the check to fail (with fal
Dear Derek,
Thursday, September 11, 2003, 9:06:12 AM, you wrote:
DS> version. Please make sure to get the latest copy -- the About dialog should
DS> say 1.1.0 or higher.
DS> You can download the current version of the scanner here:
DS> http://www.eeye.com/html/Research/Tools/RPCDCOM.html
Thanks. I
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:pine
Announcement-ID:SuSE-SA:2003:037
Date: Thursday, Sep
An interesting summary about recent attacks against GSM.
--
Lukasz Luzar
http://Developers.of.PL/
Crede quod habes, et habes
[[ http://galeria.luzar.pl/ ]]
/* paran01a 1s a v1rtu3 */
-- Forwarded message --
Date: Thu, 11 Sep 2003 09:13:02 +1000
From: Greg Rose <[EMAIL PROTECTED
this exploit was released at the same time as MS03-026, BUT that patch was not made for this exploit, it was against the bof.
Only the MS03-039 protect you against this sploit
http://www.k-otik.com/exploits/07.21.win2kdos.c.php
About MS03-039, the exploit (eeye) is public in nessus plugin :
--This is a forwarded message
From: Alexander Antipov <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Thursday, September 11, 2003, 3:10:22 PM
Subject: MS03-039 scanner
===8<==Original message text===
Hi!
PTms03039.zip is an utility for checking Win
Hey guys. Just wondering if anybody has tested the
nessus exploit (or any other ones?) Does it have any problems like the first one
did, i.e. need to know the version of windows, rebooting the system when the
thread exits etc? Are the "improvements" of the old one used in anyway in the
new E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 379-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 11th, 2003
[EMAIL PROTECTED] (*Hobbit*) wrote:
> Once again, I wouldn't mind a way to turn off *ALL* the RPC stuff,
> including the RPC service itself, without paying the price of having
> almost everything I do afterward just sit there and stupidly wait for it
> to respond. A box with it disabled *will* ru
"Dave Howe" <[EMAIL PROTECTED]> wrote:
On 10 Sep 2003 at 15:09, Dave Howe wrote:
> Nick FitzGerald wrote:
> > means network administrators have a small window of time to start
> > patching up systems before a virus is released. Does anyone know of
> > a work around when updating Office 2000 with
"Meeusen, Charles D" <[EMAIL PROTECTED]> asked:
> Wondering what other's thoughts are on the maintenance of Internet Explorer
> on a Windows (NT4 or W2K) server. Specifically, what about the default IE4
> installed on an NT4 machine? Patch it? Update it to the latest version?
> Admins claim they w
> Add the inevitable batch of new 9/11 viruses to the heap of
> avoidable-but-commonplace user-dependent vulnerabilities.
It ain't a user-dependent vulnerability. It exploits shortcomings in the
interface. It exploits the fact that what the machine does is not what the
user wants or expects it to
Dear ALL,
How to break Administrator password's Windows 2000/XP/NT ?
And break / crack password share folder Windows 2000/XP/NT ?
Mightbe, any want hav information about this, please share it.
Thank you very much,
Andry
___
Full-Disclosure - We belie
* *Hobbit* <[EMAIL PROTECTED]> [10/09/03 - 13:31]:
> Once again, I wouldn't mind a way to turn off *ALL* the RPC stuff,
> including the RPC service itself, without paying the price of having
> almost everything I do afterward just sit there and stupidly wait for it
> to respond. A box with it dis
1. Start Internet Explorer
2. Select the "Tools | Internet Options..." command
3. Click on the "Advanced" tab
4. Uncheck the option "Play sounds in Web pages"
5. Click "Okay"
-Original Message-
From: Aditya [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 14, 2003 9:10 AM
To: Richard M.
> Marc Maiffret:
>
Just to cut off any stupid debate, that I promise anyone stepping to will
lose... ;-) Giving details of where a flaw is does not make exploits/worms
happen any more often. The "bad guys" do not need details in order to write
exploits and worms. That is apparent when you look at t
>Turning off background sounds in Web pages might be a prudent move.
how does one do that ?
Aditya Lalit Deshmukh
Enterprise Security Solutions
[EMAIL PROTECTED]
BEGIN:VCARD
VERSION:2.1
N:Deshmukh;Aditya;Lalit;Mr.
FN:Mr. Aditya Lalit Deshmukh
NICKNAME:Aditya
ORG:Enterprise Security Solutions;El
Of course it is possible to disable it. It really depends on what you're
doing with the OS. I have an XP workstation that only has remote desktop
running and everything is working fine.
Stephen Perciballi phone: 1-41
actually, as an advise to microsoft, it may be a good idea to not follow
the doubleclick paradigm if
a) it is any kind of executable
AND
b) it has two dots in it
The later could also specifically look at .jpg.exe and such. We filter
many of these constructs at the gateway level. It's easy and
Andry_Christian/JKT/[EMAIL PROTECTED] wrote:
> Dear ALL,
>
> How to break Administrator password's Windows 2000/XP/NT ?
> And break / crack password share folder Windows 2000/XP/NT ?
> Mightbe, any want hav information about this, please share it.
You seem to have mistakenly posted a message meant
Hi,
Here's an interesting quote from John Schwarz, the COO of Symantec, in a
Wired.com article from today:
Just Say No to Viruses and Worms
http://www.wired.com/news/infostructure/0,1377,60391,00.html
"But perhaps the most controversial suggestion came
from John Schwarz, president a
>Tom Vogt:
>
It ain't a user-dependent vulnerability. It exploits shortcomings in the
interface. It exploits the fact that what the machine does is not what the
user wants or expects it to do.
User:
"I want to see this picture."
Machine:
Ok...
...oh, it isn't a picture, it's an executable...
...
This is why SecurityFocus should not be considered a reliable
source.
-Original Message-
From: Richard M. Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 9:47 AM
To: [EMAIL PROTECTED]
Hi,
Here's an interesting quote from John Schwarz, the COO of Symantec, i
-BEGIN PGP SIGNED MESSAGE-
On Thursday 11 September 2003 09:47, Richard M. Smith wrote:
> For example, if Symantec were to get this law passed, are they prepared
> to see their employees who work on the Bugtraq email list go to jail?
Of course not. They'll just shut it down. They don't w
On Thu, Sep 11, 2003 at 09:47:07AM -0400, Richard M. Smith wrote:
| Hi,
|
| Here's an interesting quote from John Schwarz, the COO of Symantec, in a
| Wired.com article from today:
|
|Just Say No to Viruses and Worms
|http://www.wired.com/news/infostructure/0,1377,60391,00.html
|
|"B
On Fri, Sep 12, 2003 at 12:05:46AM +1200, Nick FitzGerald wrote:
> (And, if you cannot trust your admins to not surf the web from your
> servers (or don't know), why not limit their access to iexplore.exe and
> audit all changes to this file, its ACLs, etc? After all, it is little
> more than a
So are you trying to tell me that Peanut Butter is good or bad for my car's
engine? What if I have a diesel engine? Can I use Peanut Butter in that
case? I would think that refined peanut oil will work, but what about
straight peanut butter?
^--^
Exibar
- Original Message -
Fro
Sir:
A quick search did not obtain a citation for this comment. Do you have
one? If so, I'm sure that sseveral people will be happy to assist Mr.
Schwarz in clarifying his mistake ;-) However it would not be fair of us
to castigate a senior corporate executive with 25 years of experience with
IBM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 11 September 2003 08:54, petard wrote:
> On Fri, Sep 12, 2003 at 12:05:46AM +1200, Nick FitzGerald wrote:
> > (And, if you cannot trust your admins to not surf the web from your
> > servers (or don't know), why not limit their access to iex
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| Guardian Digital Security Advisory September 11, 2003 |
| http://www.guardiandigital.comESA-20030911-022
On Thu, 11 Sep 2003, Dave Howe wrote:
> Andry_Christian/JKT/[EMAIL PROTECTED] wrote:
> > Dear ALL,
> >
> > How to break Administrator password's Windows 2000/XP/NT ?
> > And break / crack password share folder Windows 2000/XP/NT ?
> > Mightbe, any want hav information about this, please share it.
On Thu, 11 Sep 2003, Jonathan Rickman wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> On Thursday 11 September 2003 09:47, Richard M. Smith wrote:
>
> > For example, if Symantec were to get this law passed, are they prepared
> > to see their employees who work on the Bugtraq email list go to jai
RPCheck is a simple tool to check if the last RPC patch (MS03-039)
has been correctly applied.
It just checks the local machine.
RPCheck can also be used to disable DCOM.
Direct URL: http://www.symbolic.it/Press/rpcheck.zip
Usage: http://www.symbolic.it/Press/readme.txt
Regards,
--
Luigi Mori
Net
Sounds like someone did not read the XBox Live! EULA. What happens is the X-Box
displays a message that you cannot play on Live! until you go to the download center.
If you agree to go to the download center, I would think that you would expect a
download. All you have to do is not agree and
I'm sure computer sabotage is not legal in any european country.
But then again, I wouldn't call what Microsoft did an act of computer
sabotage. The fine print of the XBOX live connection will tell you exactly
what Microsoft is allowed to do when you connect.
-Original Message-
From: Stef
> > > Dear ALL,
> > >
> > > How to break Administrator password's Windows 2000/XP/NT ?
> > > And break / crack password share folder Windows 2000/XP/NT ?
> > > Mightbe, any want hav information about this, please share it.
> > You seem to have mistakenly posted a message meant for the "as yet
> > u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remote Vulnerability in 4D WebSTAR Server Suite.
Date: 11.09.2003
Author: B-r00t. 2003.
Email: B-r00t <[EMAIL PROTECTED]>
Vendor: 4D.
Reference: http://www.4d.
I've written a unix (Linux and Solaris) network scanner for the second
MS DCOM DCE RPC vulnerability, MS03-039. It can differentiate between
unpatched for either dcom hole, patched for first, and patched for second.
It has a normal mode for checking one ip, a subnet mode, and a quiet mode
fo
> Fact is fact: They updated my dashboard without my written
> permission.
I can understand you frustration of no linux & cracked games anymore,
but "written permission"... Well, well...
As you said "it *finally* happened" ;) If you purchase that blackbox
design, you get what you pay for. Micros
Foundstone has released version 2 of their free scanning tool. IMHO,
this is the best, free tool I've found to scan a class b.
http://www.foundstone.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 11 September 2003 12:20, Doke wrote:
> I've written a unix (Linux and Solaris) network scanner for the second
> MS DCOM DCE RPC vulnerability, MS03-039. It can differentiate between
> unpatched for either dcom hole, patched for first,
Hello,
> I can understand you frustration of no linux & cracked games anymore,
> but "written permission"... Well, well...
You misunderstand me completely beside the fact that you accuse me of
creating copies of games. I am the person who cracked the xbox open via
the font hack and I am not frust
> > I can understand you frustration of no linux & cracked
> games anymore,
> > but "written permission"... Well, well...
>
> You misunderstand me completely beside the fact that you
> accuse me of creating copies of games. I am the person who
> cracked the xbox open via the font hack and I am
Well that's clearly not a commercial for Foundstone!
They must be jealous jealous that the competitor's
Microsoft vulnerability was actually interesting and
exploitable. Who cares about 'up to 16 bytes of random
memory leakage', I want to remotely 0wn any 'd0ze box.
CS
--- "Jones, David H" <[EM
Honestly, I still can't follow you on this route. I wouldn't purchase
the XBOX first place because MS intention with it is well-known. If you
repair these "defects" and make it even more succcessful (because of
this) in the marketplace - is that really good? Wouldn't it be better to
make it an econ
Does anyone know if Comcast.net has been compromised?
While retrieving email today, I received this error message:
"The DELE command did not succeed. Mail server mail.comcast.net
responded: ailserver.victim.com ESMTP
Sendmail 8.12.9/8.12.9; Wed, 10 Sep 2003"
And yes, that is "ailserver.victim.c
Except it mistakenly identifies lots of patched systems as still
vulnerable.
I've tested five different free tools today. Here's a summary of my
results:
KB824146Scan.exe
Microsoft's scanner. Many errors and accuracy problems. Basically
unusable.
Command line scanner with flexible input and out
then do not use Live! use your own network
http://techreport.com/forums/viewtopic.php?t=10246
Peter van den Heuvel wrote:
Honestly, I still can't follow you on this route. I wouldn't purchase
the XBOX first place because MS intention with it is well-known. If you
repair these "defects" and make
On Thu, 11 Sep 2003 20:30:39 +0200
Stefan Esser <[EMAIL PROTECTED]> wrote:
> Is any lawyer on the list who can point me to the right paragraphs?
> I do not believe this computer sabotage is legal in any european
> country.
Hi Stefan,
maybe you can ask on the ML from the german 'Virtuellen Datens
Mr. Coombs,
I find your ideas intriguing and wish to subscribe to your newsletter.
Seriously though, you make some fairly serious accusations -- do you
have anything with which to back them up? I'm not trying to be
adversarial, I just think it would make for some very interesting
reading.
Histor
At about the time I sent the message below, ISS released an update to
xfrpcss.exe which apparently resolves some or most of the accuracy
problems. Of course, there's no notice of this on their web site, nor
does the executable contain any kind of version identification.
Don't get me wrong, I appr
You will not get anywhere with this argument. Font Hack as a
feature? Is the RPC DCOM vulnerability and the hundreds of other MS
vulnerabilities features of MS products? Just because MS hires newbie
programms right outta school so the can teach then "Their" way to program
doesn't mean th
then do not use Live! use your own network
The question was simply: "Is this illegal?"
Sigh...
Peter
PS:
- I am subscibed.
- I get ALL the bloody posts.
- There is NO reason to CC me.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys
Aloha, Cory.
> Historically, have worms/malware visibly affected the US stock market?
First let me say that the answer is an empirical "yes" to your question.
I've personally watched worms and malware affect U.S. stock prices.
Look at a recent stock chart of SYMC -- there are lots of reasons to
Wow, this one is pretty scary. Nice work putting it together. Does anyone
know if Outlook is exploitable with this? I'd think that Outlook would not
try to play the media file, but I'm not quite sure. Wow, what a rush of
pretty critical bugs lately!!!
Kris Hermansen
- Original Message --
On Thu, 11 Sep 2003, Jeremiah Cornelius wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 11 September 2003 08:54, petard wrote:
> > On Fri, Sep 12, 2003 at 12:05:46AM +1200, Nick FitzGerald wrote:
> > > (And, if you cannot trust your admins to not surf the web from your
>
The full version of this advisory can be found at.
http://www.secnetops.com/research/advisories/SRT2003-09-11-1200.txt
Quick Summary:
Advisory Number : SRT2003-09-11-1200
Product : Andries Brouwer man
V
I sincerely hope this is a gross misquote.
You can't have any kind of research, whether it's security research
online or academic research offline of any kind, without the very likely
potential of bad guys having access to the same information and papers
you release. Following through on this woul
"So I want my money back. I payed for a black box with specific features
the font hack was one of the features. If they kill this feature, they kill
my property and have to pay for it."
U Yeah. That's gonna happen. I suggest not holding your breath
while you wait, however.
-rtk
-O
I have come to similar conclusions as well, it's either not accurate,
not easily used in scripts or doesn't scan enough IPs at once. I have
multiple /16s to scan, so I modified the plugin from nessus.
When I say modified I really only changed it to look at port 135, the
rest is the same. I'm run
" and BMW reserves the right to remove the wheels of your car when they want
to"
Interesting. Must be different in Germany, as I didn't see this in my
purchase agreement (yes, I did read it - all of it). So, in this instance,
BMW would be committing theft, and a host of other interesting crimes,
Stefan Esser:
Hello,
And towards the end of the EULA it states "Microsoft reserves the right
to upgrade\modify software on your XBOX system"
and BMW reserves the right to remove the wheels of your car when they
want to.
Even if that would be within any agreement. Once you bought your car,
anyone t
On Thu, 11 Sep 2003, James Patterson Wicks wrote:
> Sounds like someone did not read the XBox Live! EULA. What happens is
> the X-Box displays a message that you cannot play on Live! until you go
> to the download center. If you agree to go to the download center, I
> would think that you woul
>WORKAROUND :
>Disable active scripting or do "the sensible thing" and pick another
>>browser such as the>excellent mozilla firebird.
Mozilla ...
t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1);
hmmm
or
http://drorshalev.brinkster.net/dev/memeboi/werd.html
Both serious issues
Jason ---
I can't see that your argument holds water in the least.
Yup, you know, almost everyone who works in my IS department believes
that AV companie release viruses just so they can trap them. That's
just silly. They don't have to, so why would they do something so
stupid?
They have also
On Thu, 11 Sep 2003, Bobby, Paul wrote:
> I'm sure computer sabotage is not legal in any european country.
>
> But then again, I wouldn't call what Microsoft did an act of computer
> sabotage. The fine print of the XBOX live connection will tell you exactly
> what Microsoft is allowed to do when
Stefan Esser wrote:
And towards the end of the EULA it states "Microsoft reserves the right
to upgrade\modify software on your XBOX system"
There is no logical
reason why law should handle the copy of software on the XBOX harddisk
in a different way than a car. If it does, the law itself is flawe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 11 September 2003 17:33, meme-boi wrote:
> hmmm
>
> or
>
> http://drorshalev.brinkster.net/dev/memeboi/werd.html
>
> Both serious issues mozilla has yet to fix.
>
> Time to revert to command line !
>
> I speak about this on the mighty bu
Title: RE: [Full-Disclosure] Re: Computer Sabotage by Microsoft
> Second, Microsoft does have a right to implement security features to
> protect their network from attack (even if the threat was
> created by their own incompetence).
Next you'll tell us it's OK for them to patch our servers
Richard M. Smith wrote:
"But perhaps the most controversial suggestion came
from John Schwarz, president and COO of antivirus
firm Symantec, who called for legislation to criminalize
the sharing of information and tools online that can be
used by malicious hackers and virus write
On Thu, 11 Sep 2003, Rick Kingslan wrote:
> "So I want my money back. I payed for a black box with specific features
> the font hack was one of the features. If they kill this feature, they kill
> my property and have to pay for it."
>
> U Yeah. That's gonna happen. I suggest not hold
Jay,
All good points. You possibly misunderstand - I'm not in any way arguing
the absurdity. That, it is - and I fully concur and concede that point.
However, unless one is independently wealthy with plenty of reserves, I
seriously question taking on MS and the EULAs over a ~$200.00US video
cons
On Thu, Sep 11, 2003 at 09:31:16PM -0400, Jay Sulzberger wrote:
>
>
> On Thu, 11 Sep 2003, James Patterson Wicks wrote:
>
> > Sounds like someone did not read the XBox Live! EULA. What happens is
> > the X-Box displays a message that you cannot play on Live! until you go
> > to the download cen
[EMAIL PROTECTED] wrote:
As to your suggestion that the implicit behaviour of a doubleclick is a
problem, I think you're a bit off the mark. Users know that a
doubleclick will 'Open' whatever they click on, there's no ambiguity
there. The confusion only occurs when the user doesn't exactly know
w
On Thu, 11 Sep 2003, Rick Kingslan wrote:
> Jay,
>
> All good points. You possibly misunderstand - I'm not in any way arguing
> the absurdity. That, it is - and I fully concur and concede that point.
> However, unless one is independently wealthy with plenty of reserves, I
> seriously question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Personally I'd look at more than just port 135. Hint?
ISS has in the past produced command line scanners that could be used in scripts, but
haven't seen anything new from those folks as of late.
A GUI based scanner would prove to be challenging
Ralf <[EMAIL PROTECTED]> wrote:
> Hmmm, a UI poping up stating that the user is going to execute something
> and this may have a security impact (such as Eudora 5 does) ...
Bad example: Eudora is buggy, including execute-any-code (without warning
of course :-). For details please see
http://w
I guess you were referring to this:
http://www.internalmemos.com:8080/memos/memodetails.php?memo_id=1739
:-P
JJ
--- Chris Sharp <[EMAIL PROTECTED]> wrote:
> Well that's clearly not a commercial for Foundstone!
>
>
> --- "Jones, David H" <[EMAIL PROTECTED]>
> wrote:
> > Foundstone has release
Hi guys!
Does anyone know of a good concise and exhaustive FAQ regarding the
common security issues to look for when developping a web UI?
I already tried to look for the ever-classics filtering ../ out of query
arguments, and the basics of the XSS as explained in The Cross-Scripting
FAQ.
As a
Automatic system updates are nothing new, we see it all the time with
antivirus software. Given that the enduser has agreed for his AV to be
updated automatically, none of us see any moral, ethical or legal
implications with that scenario.
The legality of this in regards to your XBox all boils dow
Not every day that TESO gets owned by M$.
---
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
---
On Thu, 11 Sep
The new addition here is abusing how you are able to load a ressource file,
residing in a local security zone, into a window object. Service Pack 1 for IE6
did a lot to deter this on most regular window objects, but should have extended
that effort to searchpanes as well. Seeing as the content of
On Thu, 11 Sep 2003, Nicholas Weaver wrote:
> On Thu, Sep 11, 2003 at 08:30:39PM +0200, Stefan Esser composed:
> > Hi,
> >
> > well it finally happened. I came back home after work, connected my
> > XBOX to the internet and went into the XBOX-Live menu configuration.
> > Well what happened. The X
When you log onto XBOX live it will automatically updates EVERY MS software that’s on it.
And it wont let you cancel. It will also download and run a check for
modifications to your XBOX. And if it finds any will ban your MAC address
and kick you off the live service. And towards the end
> well it finally happened. I came back home after work, connected my
> XBOX to the internet and went into the XBOX-Live menu configuration.
> Well what happened. The XBOX started automaticly downloading the new
> crappy XBOX-Live dashboard, which is of course fixed.
>
> This is IMHO an act of comp
Stefan,
Sorry to say this, but a lot of noise was made about this utility when xbox
was launched. You should have chosen a less invasive product.
I always wonder why people choose to support MS and then complain about all
these issues that are known in advance.
Qv6
=
On
On 2003-09-11 Nicholas Weaver wrote:
> On Thu, Sep 11, 2003 at 08:30:39PM +0200, Stefan Esser composed:
>> well it finally happened. I came back home after work, connected my
>> XBOX to the internet and went into the XBOX-Live menu configuration.
>> Well what happened. The XBOX started automaticly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 11 September 2003 11:30, Stefan Esser wrote:
> Hi,
>
> well it finally happened. I came back home after work, connected my
> XBOX to the internet and went into the XBOX-Live menu configuration.
> Well what happened. The XBOX started automat
unfortunately just by opening the xbox somewhere in there is probably a
EULA that says MS can do what it wants when it wants and by powering up
the console you agree to it..standard fare.
Stefan Esser wrote:
Hi,
well it finally happened. I came back home after work, connected my
XBOX to the in
> unfortunately just by opening the xbox somewhere in there is probably a
> EULA that says MS can do what it wants when it wants and by powering up
> the console you agree to it..standard fare.
As far as I know in the EU the EULA of MS is not worth the paper it is
written on.
Fact is fact: They
For those interested, NGSS has just published a paper describing how to
defeat the mechanism built into Windows 2003 Server to prevent exploitation
of stack based buffer overflow vulnerabilities. Previous work done in this
area presented methods that only worked in highly specific scenarios - the
n
Hi,
well it finally happened. I came back home after work, connected my
XBOX to the internet and went into the XBOX-Live menu configuration.
Well what happened. The XBOX started automaticly downloading the new
crappy XBOX-Live dashboard, which is of course fixed.
This is IMHO an act of computer
On Thu, 11 Sep 2003, Stefan Esser wrote:
> > unfortunately just by opening the xbox somewhere in there is probably a
> > EULA that says MS can do what it wants when it wants and by powering up
> > the console you agree to it..standard fare.
>
> As far as I know in the EU the EULA of MS is not w
Look, it's time to be blunt -- Wired reporter Kim Zetter might have been
confused, but whether or not the quote was accurate there is something
important here that deserves full disclosure. If somebody else would step
forward and offer this truth then it wouldn't have to be me, but here goes...
On
Internet explorer 6 on windows XP allows exection of arbitrary code
DESCRIPTION :
Yesterday Liu Die Yu released a number series of advisories concerning
internet explorer
by combining on of these issues with an earlier issue I myself reported a
while back
You can construct a specially crafted web
This would be part of the service agreement you agreed to when
you bought Xbox-Live. Since Xbox-dash and Xbox-Live are so intergral to
one another and any online gaming service you sign up for
(battlenet/gamespy/etc..) require that you have the most up-to-date
versions to play on their net
Hello,
> And towards the end of the EULA it states "Microsoft reserves the right
> to upgrade\modify software on your XBOX system"
and BMW reserves the right to remove the wheels of your car when they
want to.
Even if that would be within any agreement. Once you bought your car,
anyone touching
On Fri, 12 Sep 2003, Stefan Esser wrote:
> Hello,
>
> > And towards the end of the EULA it states "Microsoft reserves the right
> > to upgrade\modify software on your XBOX system"
>
> and BMW reserves the right to remove the wheels of your car when they
> want to.
>
> Even if that would be wit
99 matches
Mail list logo