full-disclosure-request,
=== 2004-11-04 01:00:09 ===
Send Full-Disclosure mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a
On Thu, 11 Nov 2004 13:10:48 +1300, Stuart Fox (DSL AK)
[EMAIL PROTECTED] wrote:
You probably are being a little paranoid, although I prefer to run the
binaries as distributed by the supplier (I of course trust that they
haven't included backdoors, and they have compiled it sensibly. For me,
On Thu, 11 Nov 2004, Ted Percival wrote:
These vulnerabilities appear to exist in 2.6.9 as well. All five buggy lines
appear verbatim in the 2.6.9 source.
The patch for the first four vulnerabilities can be found here:
http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]
--
JiKos.
Hello,
This is regarding my post on FD from a couple of days ago:
Unfortunately it got bounced by Bugtraq.
Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3
http://seclists.org/lists/fulldisclosure/2004/Nov/0160.html
I slapped together a flash movie of the NAV Vulnerability in action so
full-disclosure-request,
=== 2004-11-04 01:00:09 ===
Send Full-Disclosure mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.netsys.com/mailman/listinfo/full-disclosure
or, via email, send a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
in my local network show up UDP broadcasts to the port 13364 from win2k
PC (I haven't access to this comp). I foundn only question without
reply.
http://www.it-faq.pl/news_archives/pl.comp.security/2003/aug/msg00017.html
Do You know anybody
Here Symantec, much like Microsoft does very often, prefers to give a silly
excuse instead of admitting their product needs to be fixed. I agree with
you in that Script Blocking is supposed to block *any* script-based threats,
without the need for any signatures. Obviously, that's not the case
* ez-ipupdate format string bug *
ez-ipupdate is a quite complete client for the dynamic DNS service offered
by http://www.ez-ip.net/ and many more. Currently supported are: ez-ip
[..] , Penguinpowered [..] , DHS [..] , dynDNS [..] , ODS [..] , TZO [..] ,
EasyDNS [..] , Justlinux [..] , Dyns [..]
On Thu, 11 Nov 2004, TK-421 wrote:
Yes, but because it's open source, you know that thousands of eyes are
looking at it daily. Especially in larger projects like
Mozilla/Firefox.
Riight, 220 MB of sources. On a daily basis, just how many people with
source code audit experience are desperate
Jay D. Dyson [EMAIL PROTECTED] 11/10/2004 4:33:44 PM
On this we are in total agreement. I would much prefer that we
push Diebold out of the picture and put open source solutions in
play.
And I'm certainly open to that possibility as it would afford
critical
design review from top to
It all boils down to this, without regard for with side you cheer for.
If you can't PROVE your candidate won, with the same certainty that you
and your bank can PROVE you checking account balance, you might as well
just stay home and screw the wife. At least you'll have some fun.
Let me
- Original Message -
From: mike lieman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, November 11, 2004 9:11 AM
Subject: [Full-Disclosure] Re: U.S. 2004 Election Fraud.
It all boils down to this, without regard for with side you cheer for.
If you can't PROVE your candidate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Jei [EMAIL PROTECTED] wrote on 11/10/2004 01:40:45 AM:
On Tue, 9 Nov 2004, Jay D. Dyson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 8 Nov 2004, Atom 'Smasher' wrote:
Evidence Mounts that the Vote Was Hacked
Read the whole thing and didn't see any evidence.
Exibar wrote:
- Original Message -
From: mike lieman [EMAIL PROTECTED]
YOUR VOTE DID NOT COUNT. And if you contend otherwise, PROVE IT.
Let me challenge YOU. Prove that my vote did not count. Show me absolute,
proof beyond a doubt that
my vote did not count.
Actually it probably
so what youre saying is that k-otik actually fucks up the exploits
before posting them? which i actually find to be plausible since a
lot of the exploits posted there has not been functional
assholes...
On Wed, 10 Nov 2004 15:27:54 +0100, class 101 [EMAIL PROTECTED] wrote:
My nice words
Subseven had a backdoor in it for years
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Michal Zalewski
Sent: Thursday, November 11, 2004 9:15 AM
To: TK-421
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Moox firefox/thunderbird
YOUR VOTE DID NOT COUNT. And if you contend otherwise, PROVE IT.
Let me challenge YOU. Prove that my vote did not count. Show me absolute,
proof beyond a doubt that
my vote did not count.
Depending on your state/county/whatever, your vote did count a LOT LESS
than other votes. It all
On Thu, 11 Nov 2004 05:42:54 CST, TK-421 said:
Yes, but because it's open source, you know that thousands of eyes are
looking at it daily. Especially in larger projects like
Mozilla/Firefox. I'm sure you'd hear about it if the Mozilla team was
including backdoors. That is unless you think
hey kiddy, if you dont know how to modify exploits and make them work...i think you arethe real asshole ;-)
Ciaoren hoek [EMAIL PROTECTED] wrote:
so what youre saying is that k-otik actually fucks up the exploitsbefore posting them? which i actually find to be plausible since alot of the
But please continue your finger pointing and pointless fighting in
private.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Exibar
Sent: Thursday, November 11, 2004 9:50 AM
To: mike lieman; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Re: U.S.
prolly to cover their own ases, and to stop the know-nothing kiddies
from abusing code they dont even know how to compile
On Thu, 11 Nov 2004 15:14:02 +0100, ren hoek [EMAIL PROTECTED] wrote:
so what youre saying is that k-otik actually fucks up the exploits
before posting them? which i
vulnerability in system software that
CSA is configured to protect. Another prerequisite for the attack is
that a user must be interactively logged in during the attack.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-2004-csa.shtml
Cisco is making patches available
On Thu, 11 Nov 2004 10:50:14 EST, Exibar said:
Let me challenge YOU. Prove that my vote did not count. Show me absolute,
proof beyond a doubt that
my vote did not count.
If you cannot prove that my vote did not count, then you STFU.
By that logic, we should ban all discussion of holes in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gary E. Miller wrote:
I am unaware of ANY php bug that has not required a preexisting
server side php program to be explioted. If I am wrong please
enlighten me.
I am unaware of any, either. But there are some that merely require
*any* PHP
Yes please do. If there was an issue of fraud or hacking I'm sure the real
media would be all over it. Unfortunately it looks like us geeks are the
only one really arguing and discussing it.
Whoever started this message, thanks for congesting my inbox with useless
argument over the internet.
{}
{ [waraxe-2004-SA#037]
}
{}
{
Hello,
I'm responsible for running and administering apache web server that
serves dynamic content using php, and I'm wondering what are the best
practices of securing it.
Basically, I can't trust my users and even the scripts they write, so I
would like to limit damage that a successful break-in
Hi,
Does anyone know a point of contact in HP related to their OpenView / Coda
programs?
--
Noam Rathaus
CTO
Beyond Security Ltd.
http://www.beyondsecurity.com
http://www.securiteam.com
___
Full-Disclosure - We believe in it.
Charter:
http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html
--
Mike Lieman
Information Technology Director
Barry Scott Insurance Agency
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[EMAIL PROTECTED] wrote:
Depending on your state/county/whatever, your vote did count a LOT LESS
than other votes. It all depends on how many electoral college votes your
state has.
How does that feel? Knowing that someone elses vote is more important
than
yours?
The US is a federal republic
On Wed, 10 Nov 2004, Paul Starzetz wrote:
One of the Linux format loaders is the ELF (Executable and Linkable
Format) loader. Nowadays ELF is the standard format for Linux binaries
besides the a.out binary format, which is not used in practice anymore.
BTW: a.out loader appears to be
On the topic of CyberGuard, here is some additional information regarding
their desire for retractions and deletions. There is no additional
vulnerability information but this may be of interest on the responsible
disclosure front. There is also some information as to *why* CyberGuard
has a
On Thu, 11 Nov 2004 09:37:28 EST, [EMAIL PROTECTED] said:
todays hacker community. But the realities are that we are paranoid enough
to watch access to said systems to avoid at least 99% of local hacking,
eliminating that from feasibility.
We are?
At least some of the machines used had
On Wed, November 10, 2004 4:10 pm, Stuart Fox \(DSL AK\) said:
Why not just work with the mozilla team and apply the changes
to the source tree? It's not like he's adding features and
the team didn't want them because they would add to bloat.
[...]
Because it doesn't look like he's actually
Prove they didn't count. Factually and in a manor that would stand up in a
court of law.
Anyone who buys into this line without knowing / having the facts is just
fueling speculation.
If Kerry had thought he'd won, he'd be in court.
___
Quoting Exibar [EMAIL PROTECTED]:
Let me challenge YOU. Prove that my vote did not count. Show me absolute,
proof beyond a doubt that
my vote did not count.
If you cannot prove that my vote did not count, then you STFU.
Exibar
I don't know about _your_ vote specifically, but I do know
Hackers posting defused 'sploits? Oh dear...
If so, this is an old game. 2600 The Hacker Quarterly always used to screw
up the sploits and diagrams that they published. It was a routine to bitch
about how Emmanuel Goldstein (AKA Eric Corley) would Goldstein-ize the
published hacks so that they
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Since we're going the whole nine yards here, let's toss in the following
as well:
1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP
SP2
It's a hand-made Excel spreadsheet using OWC11 for Office 2003.
Has anyone seen this in the wild? I'm looking for a sample for
analysis. Please contact me off list.
http://www.sophos.com/virusinfo/analyses/trojbankeraj.html
http://news.com.com/Trojan+horse+spies+on+Web+banking/2100-7349_3-5448622.html?tag=nefd.top
TIA
J
Pinch me, I thought this was a technical security list, not a voting
thingie. STOP WASTING MY TIME AND MAILBOX RESOURCES! NOW!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Randall Perry
Sent: Thursday, November 11, 2004 2:08 PM
To: [EMAIL
Wow, 2nd day on this list and already a windows worm sent to it.
Is this a regular occurrence?
-Steve
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
we are not allowed to see log files, packet captures and pinpointing
exactly who the conspirators are would be tenable at best. The fact is,
the election was hacked. Look at the difference between exit polling
and actual results. Discrepancies of only a few points exist in
counties that use
I dont mean this
I mean kotik is receiving tons of exploits
everydays and is not displaying the half of it, they keep mostly all codes for
them. Of course I dont say this just because they didnt published an exploit
that I sended to this site but I got many echo so of some friends wich
Microsoft's security and mangement product manager (Ben English) says...
At a security roundtable discussion in Sydney on Thursday, Ben English,
Microsoft's security and management product manager, told attendees that
IE undergoes rigorous code reviews and is no less secure than any
other
Daniel,
Man, that was just awsome! Enjoyed the movie and the popcorn! Like to see
more PoC like that!!
thank you
Randall M
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Randall Perry responded to some other guy... uh.. wossname...
Quoting Exibar [EMAIL PROTECTED]: yeah, that's him:
Let me challenge YOU. Prove that my vote did not count.
Show me absolute, proof beyond a doubt that
my vote did not count.
If you cannot prove that my vote did not
n3td3v schrieb:
On Tue, 9 Nov 2004 10:38:13 -0800, Marc Maiffret [EMAIL PROTECTED] wrote:
Systems Affected:
Kerio Personal Firewall 4.1.1 and prior
I assume you are not aware of the history of Kerio and how alot of
consumers maybe still on Tiny versions of the code.
Tiny Personal Firewall (all
On Thu, 11 Nov 2004 15:59:20 -0600, Todd Towles
[EMAIL PROTECTED] wrote:
Microsoft's security and mangement product manager (Ben English) says...
At a security roundtable discussion in Sydney on Thursday, Ben English,
Microsoft's security and management product manager, told attendees that
Look at the difference between exit polling and actual results.
The election results and exit polls differ, therefore you assume the
election results are wrong? This is really dumb. There are endless
reasons to believe that exit polls are inaccurate. For one thing,
they're self-sampling: they
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
They should've at least released that statement after they fixed the
IE FRAME vulnerability. 0 day exploit is in the wild and no fix for
it, yet they claim its secure enough.
If the programmers are as smart as the company press releasers, I can
see why I.E. still sux.
Martin
On Thu, 11 Nov
Half this list subcontract for halliburton. Please stop feeding the
animals.
/m
- Original Message -
From: Dennis Heaton [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, November 11, 2004 2:12 PM
Subject: RE: OT[Full-Disclosure] Re: U.S. 2004 Election Fraud.
Pinch me, I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] schrieb:
Hi
I was hoping someone could kinda help me.. I have some reporting from our
firewall that produces the following output. I have to analyze this traffic
but i have to confess that i can not make out if this traffic is
Dear class101,
First off, fuck you for disclosing in the first place. Second, fuck
you even more for trying to be a scene whore, then complaining when
you didn't get your exploit published. Boo-hoo, wanna cry about it?
http://kleenex.com. Third, why the fuck are you sending it to k-otik
in the
Does anyone know a good way to do a password recovery on a cc:mail 6
post office DB file? Or to open the DB file with a password at all? It
is on a W2k box.
thanks
___
Full-Disclosure - We believe in it.
Charter:
On Thu, 11 Nov 2004 19:18:55 -0500, Danny [EMAIL PROTECTED] wrote:
Yes, IE security needs work. Yes, Firefox is a great web browser.
However, if Firefox or any other browser had the same market share as
IE, would it really be that much more secure? There sure would be a
lot more people
The counting systems mentioned in the article (where the votes from
different counties are tabulated) have nothing to do with
direct-user-contact.
[EMAIL PROTECTED] wrote on 11/11/2004 02:22:18 PM:
On Thu, 11 Nov 2004 09:37:28 EST, [EMAIL PROTECTED] said:
todays hacker community. But the
Tiny Personal Firewall 6.0 was tested immediately after we had discovered the
Kerio bug and the issue did/does not exist in the current version of Tiny
Personal Firewall 6.0. Only versions of Kerio Personal Firewall 4.0.0 - 4.1.1
are affected by the IP Options bug.
Signed,
Marc Maiffret
Chief
we are not allowed to see log files, packet captures and pinpointing
exactly who the conspirators are would be tenable at best. The fact is,
the election was hacked. Look at the difference between exit polling
and actual results. Discrepancies of only a few points exist in
counties that use
Hello list,
http://www.cherryware.de/framefix/
This is a program, which patches the FRAME/IFRAME vulnerability
described on the mailing list BugTraq
(http://www.securityfocus.com/archive/1/380175) on Windows 2000 and XP.
This vulnerability has been public for a rather short time and is
Thomas Rogg wrote:
snip
Any comments appreciated,
You told us everything useful/important about this except that it is
beg-ware. According to your web page:
Why do I need to donate?
This is a fundraiser project. Installing the patch will require you
to donate $2.50 via PayPal. This
Now I want to use fragroute,but there is a problem.I know fragroute requires
Libdnet and lipcap,and I have installed both of them .I have successfully make
a fragroute binary.However,when I run fragroute ,there is a error.It showed
./fragroute: error while loading shared libraries:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 09 Nov 2004 09:57:27 -0600 Martin Schulze wrote:
Package: gnats
Vulnerability : format string vulnerability
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0623
BugTraq ID : 10609
Debian Bug : 278577
65 matches
Mail list logo