-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: netpbm
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: OpenOffice.org
On Tue, 28 Sep 2004, Joel R. Helgeson wrote:
The attached file IS INFECTED with the new JPEG virus... Or rather, it
has the malicious image that will then infect your machine.
Odd; it didn't seem to work on any of my *BSD boxes. XV complains about
extraneous bytes and the quantizatiion (sic)
Serendipity 0.7-beta1 SQL Injection Proof of Concept
By aCiDBiTS[EMAIL PROTECTED] 13-September-2004
Serendipity (http://www.s9y.org/) is a weblog/blog system,
implemented with PHP. It is standards compliant, feature rich and open
source (BSD License).
There is no
On Tue, 28 Sep 2004, Dave Horsfall wrote:
On Tue, 28 Sep 2004, Joel R. Helgeson wrote:
The attached file IS INFECTED with the new JPEG virus... Or rather, it
has the malicious image that will then infect your machine.
Odd; it didn't seem to work on any of my *BSD boxes. XV complains
Dear Hidenobu Seki,
This problem is known since at least 1997 and still can be exploited
with IMG SRC=\\w.x.y.z\fakeshare\fakefile without any MS Word
document.
--Tuesday, September 28, 2004, 2:20:13 AM, you wrote to [EMAIL PROTECTED]:
HS Hello.
HS For your information:
HS
###
Luigi Auriemma
Application: Chatman
http://www.vp-soft.com/software/chatman.php
Versions: = 1.5.1 RC1
Platforms:Windows
Bug: crash
Risk: medium
Hello!
The next, non-commercial, technological Security Forum will take place
on Sunday, the 17th of October, 2004, at Tel Aviv University's Lev
Auditorium.
115 people came to our last meeting on the 12th of September. The air
conditioner worked perfectly. :)
Schedule
17:45 - Gathering -
The originally posted link had this information on it.
On Tue, 2004-09-28 at 14:17, 3APA3A wrote:
Dear Hidenobu Seki,
This problem is known since at least 1997 and still can be exploited
with IMG SRC=\\w.x.y.z\fakeshare\fakefile without any MS Word
document.
--Tuesday,
Well I am always careful with what comes with this list. Pretty much
anything
that has come so far hasn't been "spring loaded". But if one is a "duh,
uh I just
click on anything in front of me..." I mean teenaged friends kind of
think I am
being a snarly old dude because I want them to label
Hi.
I would like to know what techniques can Intruders use to obtain a lists
of hostname and attack them with exploits code?
For example, a huge list like:
www.foo.com
www.bar.com
And so on. Also, they can have a lists with certain criteria in common
(os, httpdver) and do a more selective
Hi,
When you post a reply to the list, please don't include all the digest!
It's a REAL waste of bandwidth!!!
Regards,
Dan.
On Mon, 27 Sep 2004 13:12:10 -0500, milw0rm Inc. [EMAIL PROTECTED] wrote:
JPEG GDI problem,
Isn't this problem only capable of running if the jpeg was opened via
Yes. That is the most common technique for worms and mass defacing. But
there are docs that talk abou t selective mass penetration. For example,
3 years ago, you could take the list of attrition defaced archive and
create a list of hostnames with potencial victims.
A tequinique could be to
None of this is really magic, and is publicly
available via a variety of sources...
I would like to know what techniques can Intruders
use to obtain a lists
of hostname and attack them with exploits code?
For example, a huge list like:
www.foo.com
www.bar.com
Scanning, mostly. Also, DNS
Yahoo! Tuesday made public a preview of its coming new and improved homepage.
A link from Yahoo!s homepage takes you to
http://www.yahoo.com/promos/learn.html, where users can learn more
about the new and improved functionality.
On the learn.html page is a link
milw0rm Inc. wrote:
JPEG GDI problem,
Isn't this problem only capable of running if the jpeg was opened via
the users actions?
Is it possible that webpages could be effected with jpegs with
internet explorer viewing them? I wouldn't think so since what I have
read from multiple peoples articles
A tequinique could be to read from a wordlist and
then google each works
and with help of lynx get hostnames. I want to know
other choices (smarter).
Google hacking. Netcraft. Nmap scanning, or using
a similar tool that collects banners from the specific
services you're targetting.
Berry,
I appreciate the information. I would think newgroup postings would be a
little evil aswell.
str0ke
Here's my understanding of it:
The bug can be exploited whenever an application that relies on a
vulnerable version of gdiplus.dll to render jpeg image files onscreen
fabio,
I would think your meaning multiple hostnames out of the blue or ip
addresses that have hostnames?
If you wanted multiple hostnames out of the blue you could use a
dictionary file with just random words while using the whois information.
Such as,
lappytop:~# whois goo
GOO.NET
GOO.COM
A
Umm...
~pingywon MCSE
http://www.pingywon.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of fabio
Sent: Tuesday, September 28, 2004 11:33
To: Full-Disclosure
Subject: [Full-Disclosure] How to obtain hostname lists
Hi.
I would like to know what
far-fetched. Would it be possible to create a jpeg that would copy
itself to other drives on a shared network in an auto-executable
position? I suppose so... however, it would be noisy and probably
wouldn't be amazingly successful.
Picture a company full of users and a worm that copys the jpg
[EMAIL PROTECTED] wrote:
Berry,
I appreciate the information. I would think newgroup postings would be a
little evil aswell.
Yep - in fact I was reading this morning on http://isc.sans.org/ that
one was just found on an adult newsgroup.
-Barry
joo,
i asked, but let me ask again.
http://www.techworld.com/opsys/news/index.cfm?NewsID=2275
Microsoft server crash nearly causes 800-plane pile-up
...
Microsoft told Techworld it was aware of the reports but was
not immediately able to comment.
...
as far as i read it, m$ was asked did you
Ich werde ab 27.09.2004 nicht im Bro sein. Ich kehre zurck am
04.10.2004.
Ich werde Ihre Nachricht nach meiner Rckkehr beantworten.
Bitte wenden Sie sich inzwischen vertrauensvoll an Horst Mller oder
Matthias Stssl.
Mit freundlichen Gren
Michael STIFT
Geo. wrote:
far-fetched. Would it be possible to create a jpeg that would copy
itself to other drives on a shared network in an auto-executable
position? I suppose so... however, it would be noisy and probably
wouldn't be amazingly successful.
Picture a company full of users and a worm
What if it copies itself to the wallpaper?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Geo.
Sent: Tuesday, September 28, 2004 1:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1933 -
20
far-fetched.
What exactly are the AV products detecting in the JPEG exploits? Barry
and I was talking about how impressed we were that the AV companies
jumped on this one and detection was pretty fast. But is the detection
so generic that a variant will bypass? Is the detection based on a
original exploit
Best I can tell, the Norton filter looks something like this:
\xFF\xD8.*\xFF[\xE1\xE2\xED\xFE]\x00[\x00\x01].*
AnthraX101
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Tue, 2004-09-28 at 19:56, Barry Fitzgerald wrote:
Yep - in fact I was reading this morning on http://isc.sans.org/ that
one was just found on an adult newsgroup.
-Barry
Indeed Barry, heres more information on that for you or others
interested http://easynews.com/virus.html
That would seem to be in the Char_Header function...
-Original Message-
From: Aaron Horst [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 28, 2004 3:08 PM
To: [EMAIL PROTECTED]
Cc: Todd Towles
Subject: RE: FW: [Full-Disclosure] JPEG AV Detection
Best I can tell, the Norton filter
This was sent out on FD this morning as a password protected ZIP file.
I downloaded a copy via wget, both my proxy AV and my desktop AV were
able to detect it as a MS04-028 expolit.
The story was also posted to Slashdot.org last night
-Original Message-
From: [EMAIL PROTECTED]
After looking in to what the AV companies base their signature on, it
appears that they use the \xff\xfe\x00\x00 or \xff\xfe\x00\x01 string in
the vulnerable JPEG. If you change the size to a valid size, the AV is
not triggered.
I know there is some talk about other sections being vulnerable
What
do you guys know about this? A friend told me he heard about it on the radio
yesterday. A co-worker recieved it in the mail...I forwarded it to the
proper officials..=) but wanted to see if anyone else has seen
it?
Original Message
Subject:
How one
Is there anything fishy about this service performing background FTP
request?
thank you
Randall M
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Joe Job anyone?
http://www.snopes.com/inboxer/hoaxes/joejobs/shadowcrew.asp
-KF
Todd Towles wrote:
What do you guys know about this? A friend told me he heard about it
on the radio yesterday. A co-worker recieved it in the mail...I
forwarded it to the proper officials..=) but wanted to see if
Hi there
Hotspotter 0.4 has been released. Joshua Wright did provide me a very
good patch. It fixes a bug and enhances the hotspotter with the ability
to execute a script before going to accesspoint mode. Stay tuned for the
new auditor release soon. There you will find hotspotter 0.4 on it in
Fab,
One kewl way is to open a website like Nakedladies.com and log all the
visiting IP's!
Kewl huh! Do you need someone to write some code also?
thank you
Randall M
|--__--__--
|
|Message: 4
|Date: Tue, 28 Sep 2004 09:32:37 -0600
|From: fabio [EMAIL PROTECTED]
|To: Full-Disclosure [EMAIL
So it
is a foe of shadowcrew.com or a attempt at humor? Sorry, I did some
googling.
From: Todd Towles Sent: Tuesday,
September 28, 2004 5:02 PMTo: Mailing List -
Full-DisclosureSubject: FW: [Fwd: How one can become a
terrorist?]
What
do you guys know about this? A friend told me he
Dear Todd,
You are either extremely stupid or extremely thick headed if you
believe this. I'm certain terrorists selling weapons of mass
destruction are going to run around advertising their website and
terrorist connections via spam email. [ Please note sarcasm. ]
Love,
#MSNetworks
Would some kind soul explain the total workings of the exploit in layman
terms? Things like how it
Is used, how the user is xploited, what's common about the jpeg code that
must be
Used, etc., etc.
thank you in advance
Randall M
___
Full-Disclosure
Randall, you may want to direct your question at the Security Basics
list instead. More information can be found here:
http://seclists.org/about/security-basics.txt
They are a little easier to work with when it comes to explaining
things step by step. ;)
--
Peace. ~G
On Tue, 28 Sep 2004
If anyone is interested in the files this GDI exploit downloaded from
the FTP file (mentioned in the Easynews txt; it's now down), I grabbed
a copy. Interesting indeed. I've also archived the Easynews write-ups
and the infected JPEG itself. It's not exactly a virus being that it
doesn't replicate
From: 3APA3A [EMAIL PROTECTED]
This problem is known since at least 1997 and still can be exploited
with IMG SRC=\\w.x.y.z\fakeshare\fakefile without any MS Word
document.
It is not true.
They are different problems that happen the same phenomenon.
Mr. Cesar Cerrudo taught me that img
On Tue, 28 Sep 2004 15:58:38 -0700, r00t3d [EMAIL PROTECTED] wrote:
You are either extremely stupid or extremely thick headed if you
believe this. I'm certain terrorists selling weapons of mass
destruction are going to run around advertising their website and
terrorist connections via spam
Dear Kyle,
I don't believe Todd said anything about believing the contents of the
message.
I'm sorry Kyle, it just seemed that way since he decided a piece of
spam was worthwhile to send to the list and the
authorities(*cough*narq*cough*).
We saw it too and while we forwarded on as appropriate,
It is ok. I am sure r00t3d wasn't taking to be mean (note the
understanding).
After review, I have noticed this is a normal e-mail put out by people
that focus their dislike toward Darkprofits.net and Shadowcrew.com
Didn't mean to trash the list, just wondering if anyone had run into
it...I was
Hi.
I would like to know resources (web pages, documents, mailing lists)
about exploit coding on Solaris sparc. I want to understand security
bugs in Solaris sprac. the idea is know how the exploits work on this
architecture and the impact of security flaws from a developer point of
view. I
47 matches
Mail list logo
