Debbie,
Maybe my viewpoint is different to what your
looking for, but hey here's my 2 cents.
I am not an advocate of IDS/IPS, Personally and
maybe I am stirring things up here, but I am not a fan of them, I view the
products in the range as addons never something I would class as an
Hi,
I'm currently running some experiments classifying network traffic.
In particular, I am interested in classifying worms using a new
classification method. Unfortunately, however, I don't have a honeynet
or other large scale network available to collect them. I'm also
interested in more
Guys,
I am not trying to defend the worm author.
Thierry ([EMAIL PROTECTED]) made a point earlier on that the guy
admitted to writing the source, not spreading (maybe it is an outdated
info, I do not know)
My point is, that the guy innocent until proven otherwise in the court
of law. I am just
NULL pointer assignment in mshtml, not exploitable.
636D54AF8B48 2C MOV ECX, [EAX+2C]
EAX = 0, Bad read of address 0x002C.
Cheers,
SkyLined
- Original Message -
From: Mike Mauler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 14, 2004 15:55
Subject:
Dear all,
I am currently working on my master thesis (computer science) and I need
your help. My topic relates to IT security for academic institutions which
deals with severals special points concerning IT security you get
confrontated with in an academic enviroment.
For this work I need some
On Fri, May 14, 2004 at 07:12:08PM +0200, Tobias Weisserth wrote:
My personal opinion is that more blame should be put on M$.
The company is called Microsoft or MS in short. Why don't you use its
proper name?
are you sure it is MS and not M$
i was always taught it was M$.
--
When
More information (in Russian, of course) and some little stolen code can be
found here:
http://www.securitylab.ru/45221.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Sim Brown [EMAIL PROTECTED] wrote:
You're a nazi...
A patriot would respect other countries and their laws...
I hereby invoke Godwin's Law and declare this thread dead.
Harhar, this is not going to work i bet...anyway a wise idea.
Best wishes,
Christian
--
Christian Fromme
chris at
El jue, 13-05-2004 a las 23:31, Nico Golde escribió:
Hi,
Orkut (http://www.orkut.com) is a social network in the net, where you
can meet new friends and connect your activities into communities.
it is like friendstar.
Now there is an orkut fake in the
wild named Orcut (http://www.orcut.com).
Shaun Colley wrote:
[]
Below is the vulnerable call:
---
if (NULL == (tmp = kmalloc(optlen + 1, GFP_KERNEL))) {
retval = -ENOMEM;
goto out_unlock;
}
---
Because kmalloc() takes the 'count' variable as an
unsigned number, negative
quite agree.
if i remember correctly, the americans say:
one billg, indivisible, with liberty, and justice for all.
--
When I answered where I wanted to go today, they just hung up -- Unknown
On Fri, May 14, 2004 at 05:27:48PM +0200, Radule Soskic wrote:
I can't post this to all the threads
While that is undoubtedly an impressive collection of nastiness all of the
issues you have amassed none of these pages, affected my fully patches IE6
nor should they since they have been patched quite some time ago as you are
probably well aware.
Yet somehow after composing a list of all these
You are right!
Regards,
Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web
At 02:50 PM 5/15/2004, Georgi Guninski wrote:
quite agree.
if i remember correctly, the americans say:
one
On Fri, 14 May 2004 [EMAIL PROTECTED] wrote:
It's really sad that Sasser has nailed *so many* machines that Dabber
is able to propagate.
Well, what about the Witty worm? It only infected machines running
a brand of firewall with a particular plug-in, as I read this document
(I'm no Windows
On Sat, 15 May 2004, Michael Tokarev wrote:
But kmalloc(0) will return NULL, and the whole setsockopt
will finish with errno set to ENOMEM.
From 2.4 mm/slab.c:
void * kmalloc (size_t size, int flags)
{
cache_sizes_t *csizep = cache_sizes;
for (; csizep-cs_size;
How did you come from the above snippet of the code to the idea that
kmalloc(0) returns NULL?
Doesn't matter: the first thing linux's sys_setsockopt() does is
checking if optlen is 0. It will fail in this case. So the
needed optlen is never handled down to the protocol setsockopt function.
it seems that lha is quite poorly written. after your last advisory, i
decided to take a look at the code and found 2 BO in function extract_one
(file lhext.c):
if (extract_directory)
sprintf(name, %s/%s, extract_directory, q);
else
Hello,
On Sat, 15 May 2004 23:07:00 +0200 (CEST)
Jirka Kosina [EMAIL PROTECTED] wrote:
On Sat, 15 May 2004, Michael Tokarev wrote:
But kmalloc(0) will return NULL, and the whole
setsockopt
will finish with errno set to ENOMEM.
From 2.4 mm/slab.c:
void * kmalloc (size_t size, int flags)
{
snip
1. MS is wrongdoing by releasing (and charging for use of) software that
has bugs in it. Users of such software have losses in time/money by
trying to keep up with applying pathches, or just by trying to keep the
uptime high.
2. Admins are wrongdoing by not applying patches to the
Why should Microsoft have more blame?
In my opinion, I believe that software companies, especially Microsoft, have
taken all of the appropriate steps to provide security within their
products.
Imagine you own a home and installed a security system on all the doors and
windows. You set the alarm
On Fri, 2004-05-14 at 17:27, Radule Soskic wrote:
I can't post this to all the threads that I would like to, so I'm
opening a new one.
Follow this:
1. MS is wrongdoing by releasing (and charging for use of) software that
has bugs in it. Users of such software have losses in time/money
At least in the States if you don't like a law you can try and do
something about it, in a lot of other countries you could get thrown in jail
for speaking out against the government.
Ha! HA! HAHAHAHAHAHAHA
phew
That was funny. Thanks for the laugh... clearly you are only pretending
to be an
I usually complain a lot about the Windows-security settings, and consider *NIX systems to be of an entirely different level. But this time I found my own arguments off short.
I'm an OS X user, and I would like to submit to you the latest exploit for this system. As I hope a fix will be running
My point is, then, that as we diversify, users are going to go into more
unfamiliar territory, cause more problems and have less people available for
a low fee to fix them. What then, for the computer industry? Are we ALL
going to have to know every brand of OS that runs on a PC and products that
I tend to give MS alot of credit, their patch availability tools are
best-of-class, IMO, and they have done so at considerable cost.
That said, a few glaring examples makes me question their general business
sense. What are we up to , 3rd or 4th RPC patch now? Even with large
enterprises,
Hi Byron,
Yes, I am educated, intelligent, and informed
I also know enough not to rely on what the media trys to shove down
everyone's throat. Something that you appear to rely on. You keep on
thinking the way you're thinking...
Oh, and I'll guarantee that you'd never EVER challenge
Imagine you own a home and installed a security system on all the doors
and windows. You set the alarm and leave for a weekend.
OK
A thief comes up to your house, breaks a window, and slides through the
opening. The alarm does not go off because the thief found a
vulnerability in the
27 matches
Mail list logo