Well if this election thing doesn't work out it's good to know
Georgie'll still have a shot at a job at SCO..
patryn
Andrew Poodle wrote:
If it is for security, it's a rather poor security measure, as it was
still browseable by IP address afaik..
a
-Original Message-
From: [EMAIL
A security hole in GMail has been found (an XSS vulnerability) which
allows access to user accounts without authentication. What makes the
exploit worse is the fact that changing passwords doesn't help. The full
details of the exploit haven't been disclosed
On Sat, 30 Oct 2004 13:47:30 +0200, Shoshannah Forbes [EMAIL PROTECTED] wrote:
A security hole in GMail has been found (an XSS vulnerability) which
allows access to user accounts without authentication. What makes the
exploit worse is the fact that changing passwords doesn't help. The full
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT = gd-2.0.28-20041001= gd-2.0.29-20041030
OpenPKG 2.2 = gd-2.0.28-2.2.0 = gd-2.0.28-2.2.1
OpenPKG 2.1 = gd-2.0.27-2.1.1 = gd-2.0.27-2.1.2
Affected Releases: Dependent Packages:
OpenPKG
I tried to access the site for testing purposes with the google proxy
via language tools and you get blocked on that. Interesting, I thought
the google proxy would have registered as american origin.
Final thought: Why would anyone want to visit his site in the first
place, do we really want to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
bogofilter-SA-2004-01 rfc2047crash
Topic: vulnerability in bogofilter/bogolexer
Announcement: bogofilter-SA-2004-01
Writer: Matthias Andree
Version:1.00
CVE id: (none yet)
Announced: 2004-10-30
Category:
On Sat, 30 Oct 2004 09:39:28 -0700 (PDT), jo s [EMAIL PROTECTED] wrote:
I don't normally put in my two cents on this site, preferring instead to
lurk and learn...however, i feel you need clarification on your opinion of
americans...
Perhaps he's only letting americans see the site,
I think this is grossly
off topic, and hiding behind a "n3td3v" mask doesn't give you any
right to insult the intelligence of our fellow americans (not being one
gives me the right to defend them, I think, although most of the people
you intend to offend won't even bother replying to this kind
On Sat, 30 Oct 2004 23:30:06 +0200, Jean-Marie Monnier
[EMAIL PROTECTED] wrote:
I think this is grossly off topic, and hiding behind a n3td3v mask
doesn't give you any right to insult the intelligence of our fellow
americans (not being one gives me the right to defend them, I think,
although
On Sat, 30 Oct 2004 17:18:11 -0500, Brent J. Nordquist [EMAIL PROTECTED] wrote:
Can you be more specific, what you mean by the American way of life?
Finally, do you have anything to say about your own government and
leader, or is only the U.S. that is responsible for Iraq? ;-) I just found it
I'm not going to get into this off-topic discussion, but I will point
out an incorrect assumtion on your part.
No it wasn't a baited e-mail just to wind people up. This is the
problem with some americans, when you try and tell them about the
truth of whats happening in the world, they think
--On Saturday, October 30, 2004 11:46 PM +0100 n3td3v
[EMAIL PROTECTED] wrote:
If bush gets voted in, bin laden will go, OK the enemy is bush/U.S gov
and the american people
I'm just curious. How hard would someone have to work to become this
stupid? Is it a 24/7 exercise? Or can you get some
Once again, a perfect example of the media misconstruing a security
vulnerability. XSS holes are not (as we all know) an immediate bypass for
any authentication. It can be used, with a bit of work, to steal
cookies/authentication data from unexpecting users, NOT as an immediate
break-into-accounts
On Fri, 29 Oct 2004 04:42:09 +0200, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Mrs. Aisha Bamaiyi
C/o Chief MUSA JOHNSON (SAN)
Lagos - Nigeria.
E-mail: [EMAIL PROTECTED]
EXTREMELY URGENT AND CONFIDENTIAL
I am highly delighted to be in contact with you, my letter
to you is based on the
Obviously not many of you Americans ( which I am )
travel to Europe much do you.
You fail to see, and therefore cannot comprehend the attitude of many
Europeans
about the attitudes of the American government ( f*cking with other parts of
the
world ) for peace and freedom when it is about
there is a [x] box..
Don't ask for my password for 2 weeks.
this sets the users cookie. Gmail uses the cookie for authentication.
XSS holes are not (as we all know) an immediate bypass for
any authentication.
right
It can be used, with a bit of work, to steal
cookies/authentication data
Indeed, but surely the cookie information stored should be dependant on
the user's authentication details? It makes sense to use semi-dynamic
cookie information like this, making holes like this one a little more
hard to 'gain and keep' access.
there is a [x] box..
Don't ask for my password
This entire discussion hardly belongs on list however...
Paul Schmehl wrote:
--On Saturday, October 30, 2004 11:46 PM +0100 n3td3v
[EMAIL PROTECTED] wrote:
If bush gets voted in, bin laden will go, OK the enemy is bush/U.S gov
and the american people
I'm just curious. How hard would someone
I feel sorry for all the security pros outside of gmail and google, so
I say the below on behalf of them...
Should the general public be expecting a disclosure of the
vulnerability to security mailing lists once a solution has been
implemented to patch the hole, so other web-based services are
On Sun, 31 Oct 2004 14:29:07 +1100, Brett Hutley [EMAIL PROTECTED] wrote:
It's a variation on the Nigerian scam.
This stuff has been going around the net for a while.
--
Brett Hutley {MAppFin,CISSP,SANS GCIH}
mailto:[EMAIL PROTECTED]
http://hutley.net/brett
Interesting i've noticed a
On Sat, 30 Oct 2004 19:57:52 -0700 (PDT), jo s [EMAIL PROTECTED] wrote:
It's an email scam for moneyRead here:
http://home.rica.net/alphae/419coal/
Ok, it all makes sense now.
Thanks,
n3td3v
___
Full-Disclosure - We believe in it.
Charter:
Re: [Full-Disclosure] Slightly off-topic...
This has got to be the dumbest thread on this list so far. My two cents:
Proposed write-in campaign:
Elect Homer Simpson President, then put Mickey Mouse, Donald Duck, etc.
into the House and Senate. At the very worse, world opinion of the US and
23 matches
Mail list logo
