- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
>Hashcash isn't even a tiny speed bump if you're a spammer and
>have 50,000
>zombies - each one only takes a 5 second hiccup and continues
>spamming
Hashcash and other systems that rely on some sort of check summing is going
to cause problems and hence their adoption is always going to be un
On Sat, 12 Feb 2005 23:31:03 +0100, Maximillian Dornseif
<[EMAIL PROTECTED]> wrote:
> Fix
> ===
>
> Update to CitrusDB version 0.3.6 or higher and set the $path_to_ccfile
> in the configuration to a path not accessible via http
>
How about NOT using software coded by people without _any_ sense f
Greetings!
On Sun, 13 Feb 2005 15:31:53 +0530
"Aditya Deshmukh" <[EMAIL PROTECTED]>
wrote:
>
> 1. postfix will reject 90% of the spam during the initial handshake
> stage - by using a variety of dns / mx resolution tricks
> 2. clamav and spam assassin integrate into postfix so that you don't
> ha
>
> > I thought Full Disclosure propagators actually endorsed waiting for a
> > vendor to fix the vulnerability before announcing a security hole..
> > On the other hand what do I know? My hat is black.
>
> Some days I find myself leaning more towards 'responsibility' while most
> days I recogn
Phased wrote:
blahblahblah...
(page after page)
> We all know most of these lists exist as an advertising media.
Puleeeaaase people, learn to reply as non-Micro$oft Outlook junkies and stop
waising my time by making me page through tons of crap to get to the meat of
the message. Multiply
Maximillian Dornseif wrote:
> A group of students at our lab called RedTeam found an
> information disclosure vulnerability in CitrusDB which can
> result in disclosure of credit card information.
Nice job. Congrats to your students.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Sec
Loptr Chaote wrote:
> Who ever the authors,
> they should never have been put in front of a developer environment..
No, they should have been put in front of a fireing squad...
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
Anders Langworthy wrote:
> [EMAIL PROTECTED] wrote:
> > Unless we have a Schrodinger's Cat John who manifests itself twice,
> > once saying "Yup" and once saying "Oh shit!". :)
> >
>
> Hehe. Technically it doesn't work that way. At this very
> moment, the certificate can be both valid and inv
Hello,
As I can see this is not the only adviso for CitrusDB.
http://tsyklon.informatik.rwth-aachen.de/redteam/advisories/rt-sa-2005-002.txt
http://tsyklon.informatik.rwth-aachen.de/redteam/advisories/rt-sa-2005-003.txt
http://tsyklon.informatik.rwth-aachen.de/redteam/advisories/rt-sa-2005-004.tx
Salut ZATAZ,
Well they probably wanted to wait with the release until the vendor
fixed the flaws, how about that? Now they're published thanks to you,
maybe next time you simply don't send these question to a mailinglist but
to them in private?
Note to "Red Team":
Setzt die perms euer release d
Hello,
As Maximillian Dornseif say's they are "unpublished". Look the ""
If they are on the website off Red Team so they are "published" to every body.
Just browsing on the website after searching into the advisory part of Red Team website.
I was also suprised to find this adviso on the website.
Valid ... Invalid ... Nonsense.
The only meaningful thing the engine could do is check whether the certificate
is the certificate it is supposed to be by looking at the public key contained
therein.
A public key that has never before been seen in the real world, by anyone,
anywhere, is a threa
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
Puleeeaaase people, learn to reply as non-Micro$oft Outlook junkies and
stop
waising my time by making me page through tons of crap to get to the meat
of
the message. Multiply my waisted 10 seconds by 10, and you will see
what
a service you are doing for the world.
Sorry for the rant.
Curt
Perhaps you'd like to automate that email with a discriptive, static
subject people can filter. Or better yet, maybe someone should start a
Kurt Seifried moderated subset of this list. Yeah, that's an idea.
On Feb 13, 2005, at 5:58 PM, Kurt Seifried wrote:
If you want to stop wasting time I run
17 matches
Mail list logo
