[Full-Disclosure] (MS04-022) Microsoft Windows XP Task Scheduler (.job) Universal Exploit

Hi all! Microsoft Windows XP Task Scheduler (.job) Universal Exploit * Tested on: *- Internet Explorer 6.0 (SP1) (iexplore.exe) *- Explorer (explorer.exe) *- Windows XP SP0, SP1 * * --- * Compile: *Win32/VC++

Re: [Full-Disclosure] Cool Web Search

Dean Porter wrote: Has any one dealt with a similar thing called "searchweb2.com"? Nope, but as a general fallback on windows systems that have and ebd that gives a dos console: 1) identify the elements you need to remove on the live system. 2) boot the ebd and use the ebd tools to remove the un

Re: [Full-Disclosure] Crack Microsoft Office encryption

Hi, At 05:25 31/07/2004, Raj Mathur wrote: Anyone have pointers to a free (open source) tool or methodology to crack MS Office encrypted files? Both brute-force and smarter methods are fine, smarter preferred, of course :) I know no one FREE, but the serie from Elcomsoft (http://www.elcomsoft.co

[Full-Disclosure] [Paper] Designing secure desktop operating system

[possibly somewhat off-topic here, [EMAIL PROTECTED] can be used for discussion about it] I've written down some ideas how I think it would be possible to implement easy to use and quite secure graphical user interface and operating system around it to make it possible. It's available at http://ik

[Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing

Has this been posted to bugilla E.Kellinis wrote: # Application:Mozilla Firefox Vendors:http://www.mozilla.com Version: 0.9.1 / 0.9.2 Platforms: Windows Bug: Certificate Spoofing (Phishing) Risk: High E

Re: [Full-Disclosure] Shaft DDOS

If you're gonna distribute source code, please ensure that it will compile with a modern complier!! I understand that this may have been posted as a historical document (it is dated from 2000), but really. My amateurish C isn't advanced enough to fix everything in shaftnode, but I did try to f

[Full-Disclosure] Re: Appliance-based security gateway?

in-reply-to: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit references: <[EMAIL PROTECTED]> Return-Path: : [EMAIL PROTECTED] .

Re: [Full-Disclosure] Security Web Site Hosting

- Original Message - From: [EMAIL PROTECTED] (Simon Richter) Date: Fri, 30 Jul 2004 23:23:08 +0200 To: n30 <[EMAIL PROTECTED]> Subject: Re: [Full-Disclosure] Security Web Site Hosting > Hi, > > > Any recommendations on site hosting services / Portal framewroks / site > > builders... > >

RE: [Full-Disclosure] [Paper] Designing secure desktop operating system

Fedora Core 2 from Red Hat is free and includes SELinux. Anyone been using the test release of FC3? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timo Sirainen Sent: Saturday, July 31, 2004 4:16 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Fu

[Full-Disclosure] FullDisclosure: CWS removal tools

I haven't seen all the threads on this but there is a tool called CWShredder. It was created to combat CWS. Unfortunetly, the author was a student and it seems no longer can support it. I just attempted to find it somewhere else because his links seem down. At work I use it all the time to clean th

Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing

Has anyone tried the proof of concept with a real ssl cert and get it working? I just tried it using two different ssl urls and the page only redirected me to the proper site. I did not see the output generated by document.writeln even after viewing the source. Can anyone confirm this? I haven't

[Full-Disclosure] Cool Web Search Michael: take up the slack!

Michael, Very interesting that you would say you'd like to do battle. The below link is a cashed page of the author of CWShredder/Hijack this who states on his web page (I could only get the cash version http://64.233.167.104/search?sourceid=navclient-menuext

Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing

> Has anyone tried the proof of concept with a real ssl cert and get it working? Yep. Try here: http://avivra.europe.webmatrixhosting.net/moz/certspoof1.html > I just tried it using two different ssl urls and the page only redirected me to the > proper site. I did not see the output generated

RE: [Full-Disclosure] FullDisclosure: CWS removal tools

Randall, we have discussed CWShredder. The author stopped supporting his program and did have a list of ever variant on this website and the methods it used. Very tricky. He also points out it will not stop the newest version because of the advanced survival techniques being employed. They are sta

Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing

I got this working on both windows and linux versions of firefox and mozilla, it's been submitted and patched. http://bugzilla.mozilla.org/show_bug.cgi?id=253121 Will Beers Juan Carlos Navea wrote: Has anyone tried the proof of concept with a real ssl cert and get it working? I just tried it us

Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing

Stephen Samuel wrote: > Has this been posted to bugilla > > > E.Kellinis wrote: > >> # >> Application:Mozilla Firefox >> Vendors:http://www.mozilla.com >> Version: 0.9.1 / 0.9.2 >> Platforms: Windows >> Bug: Certifi

Re: [Full-Disclosure] Automated SSH login attempts?

Hey Valdis, > It's more likely that there's one version, making noise and very rarely finding > a box with stupid passwords. It's possible there's another rare version that > tries several stupid passwords and a few old SSH vulnerabilities. Is there > *any* reliable evidence (even a single box)

Re: [Full-Disclosure] Automated SSH login attempts?

Hi there, > Agreed. The thing *is* publicly available, just do 'wget > frauder.us/linux/ssh.tgz'. What kept me from disassembling the thing so > far is not availability, but lacking knowledge about the ssh protocol on > my side ;-) Hm, actually, there's fairly little of that required to see what