Re: [Full-Disclosure] Please can some one help out.

!-- Can Some body tell me what is this? http://131.215.133.210/view/index.shtml?videos=one -- It looks like a live web cam [from: http://www.axis.com/index.htm] running on someone's machine at caltech.edu trying to install a signed .cab named Axis Media Control from Axis Communications

[Full-Disclosure] SecurityForest - Public Release no.2

to be released, screenshots and a demo movie are available. (A pre-beta version is available for those willing to help and PROVIDE FEEDBACK!). Cheers, Loni [EMAIL PROTECTED] http://www.securityforest.com ___ Full-Disclosure - We believe in it. Charter: http

Re: [Full-Disclosure] Slackware Security updates

http://slackware.com/lists/ provides security update lists, The patches can be found in the /patches dir of the version your running, including slackware-current. Colin Carlos de Oliveira wrote: Hi there! I've seen linux distributions sometimes posting here on full-disclosure it's security

[Full-Disclosure] Information System Security Assessment Framework (ISSAF) Draft 0.1

efforts to fully serve the profession and future ISSAF releases. The feedback form is given at the end of ISSAF; please email your feedback at [EMAIL PROTECTED] We will get back to you ASAP. Best regards, A.D. Moore ___ Full-Disclosure - We believe

[Full-Disclosure] HOW TO BREAK XP SP2 POPUP BLOCKER: kick it in the nut !

Friday, December 10, 2004 Internet Explorer 6 on the gadget commonly known as Windows XP SP2 enjoys a fairly robust popup blocker. This little 'thing' has been a major irritation to date. Nothing gets past it until now. Chatter exists that some sites have defeated it on the causal

Re: [Full-Disclosure] A suggestion to all AV vendors...

Couldn't agree more, their concern isn't security, but survival of the business model. By providing a what you proposed would be a threat to their profitable model as so eloquently pointed out by Valdis and many others time and time again. -cm [EMAIL PROTECTED] wrote: On Mon, 06 Dec 2004 19:29

Re: [Full-Disclosure] Old LS Trojan?

that this has probobly been fixed in various ways, but I have old Unixes for just such occasions. Dave Morgan David S. Morgan CISSP, CCNP aka: [EMAIL PROTECTED] When the winds of change blow hard enough, even the most tiny object can become a deadly projectile

[Full-Disclosure] HAPPY BIRTHDAY: Yahoo AmericanGreetings.com

Monday, November 22, 2004 Thoroughly enjoying the usage of the various electronic greeting cards going way back when to the days of Blue Mountain, today when the need has arisen to make usage, horror has been replaced enjoyment by noticing an ever increasing dwindling of the free cards. To

[Full-Disclosure] Re: New URL spoofing bug in Microsoft Internet Explorer

Since we're going the whole nine yards here, let's toss in the following as well: 1. This will of course give a different reading in the status bar 2. More importantly it will bypass the so-called 'popup blocker' in IE XP SP2 It's a hand-made Excel spreadsheet using OWC11 for Office 2003.

[Full-Disclosure] How to Break Windows XP SP2 + Internet Explorer 6 SP2

Tuesday, October 19, 2004 The following technical exercise demonstrates the enormously elaborate methods required to defeat the current [as of today's date] security mechanisms in place in both Microsoft Windows XP SP2 and Internet Explorer 6.00 SP2 fully patched: It is by no means easy.

Re: [Full-Disclosure] Full-Disclosure Posts

On Sat, 16 Oct 2004 19:13:18 -0700, Etaoin Shrdlu [EMAIL PROTECTED] wrote: Of course, anyone still using the term hax0r as though it were meaningful might want to think further about what a security professional might be A security professional is someone who cares more about money than

Re: [Full-Disclosure] Full-Disclosure Posts

On Sun, 17 Oct 2004 12:34:33 -0500, Todd Towles [EMAIL PROTECTED] wrote: I agree with your idea, but I am one of those uni graduate/20 something professionals. I am very passion about my work and the security of the company I work for. I work in a rural state and the money isn't as high

Re: [Full-Disclosure] Outlook cid: handling - Request for Information

!-- It has recently come to my attention that it is possible to circumvent functions inside of Microsoft Outlook 2003 and some other MUA's by using href tags containing cid:;. By default such MUAs no longer download web referenced images and objects, however images referencedby cid:;

Re: [Full-Disclosure] Google Desktop Search

Yahoo! is the lamest network online corp wise. The queuing up of security reports and the priority of them is all wrong, me thinks they are a tad under staffed I can access admin areaz of Yahoo!, I have various screenshots to prove it. I gave up contacting Yahoo! after they failed to be

[Full-Disclosure] Full-Disclosure Posts

Should Full-Disclosure only allow so-called -real- names? I was on Nanog (a network admin list) and they have a rule where you can only post with a first and second name, instead of an alias or nick, to kind of give more credibility that you are a security professional and not a hax0r or script

[Full-Disclosure] Reverse Engineering the First Pocket PC Trojan Tutorial

Reverse Engineering the First Pocket PC Trojan Airscanner Corp. has published a new tutorial on Reverse Engineering the First Pocket PC Trojan: http://www.informit.com/articles/article.asp?p=340544 This tutorial shows you how to reverse engineer a new example of Windows Mobile malware - step by

Re: [Full-Disclosure] Hacking into private files, my credit card purchases, personal correspondence or anything that is mine is trespassing and criminal.

Surely the threat of Take no Prisoners! is enough to scare anyone off, Harry. On Fri, 08 Oct 2004 14:09:26 -0400, Harry Hoffman [EMAIL PROTECTED] wrote: Umm, should the Paladin of Security have weak locks? ;-) Compute Fair, Compute Fun, Compute secure Jan Clairmont Paladin

[Full-Disclosure] Virus exploits workaround in Windows Mobile/Pocket PC architecture (Includes Source Code)

://airscanner.com/ [EMAIL PROTECTED] Contributors: Cyrus Peikari Seth Fogie Ratter/29A Jonathan Read ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]

!-- Alla Bezroutchko wrote: Also interesting that they don't use a {behavior:url(#default#AnchorClick);} in this exploit which seems to be an essential part of http- equiv's and mikx's exploits. The key to all this exploits is drag'n'drop access to a local directory. Since WinXP SP2

[Full-Disclosure] Re: FW: [Unpatched] Shell and Drag'n'Drop vulnerabilities

!-- The premise behind this Drag'n'Drop exploit is two-fold, one is the ability to open a window with local content and the other is the fact that dropping an IMG element will pass its DYNSRC attribute instead of its SRC attribute -- This is amusing. Though you're not the first to conjur

[Full-Disclosure] [NGSEC-2004-7] NtRegmon, local system denial of service.

Application: NtRegmon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) Date: 14/Aug/2004 Status: Patched version available (6.12). Platform(s): Windows OSs. Author: Fermín J. Serna [EMAIL PROTECTED] Location: http://www.ngsec.com/docs/advisories/NGSEC-2004-7.txt

[Full-Disclosure] Microsoft Windows XP SP2

Let's commence by giving credit where credit is due. The thinking is that the manufacturer of Windows XP has done a splendid job in patching their little operating system with 300 million dollar's worth of fixes. This is not exactly 'pocket change'. But this is: 1. trivial scripting in the

[Full-Disclosure] What A Drag II XP SP2

Internet Explorer supports a fantastic variety of styles and behaviors amongst other 'unique capabilities'. A lovely demonstration of that can be found here: http://www.malware.com/wottapoop.html -- http://www.malware.com ___

[Full-Disclosure] [NGSEC-2004-6] IPD, local system denial of service.

: IPD up to 1.4 (http://www.pedestalsoftware.com/) Date: 14/Aug/2004 Status: Vendor contacted on 14/Aug/2004. Platform(s): Windows OSs. Author: Fermín J. Serna [EMAIL PROTECTED] Location: http://www.ngsec.com/docs/advisories/NGSEC-2004-6.txt Overview

[Full-Disclosure] NGSEC's response to Idefense overflow protections whitepaper. (PART II)

Mr Johnson, We have made available a paper conatining several (unpublished by iDefense's paper) tests agains PAX-like solutions in WIN32. Only tests not deep information on how this products works. Grab it at: [264 KB]

[Full-Disclosure] NGSEC's response to Idefense overflow protections whitepaper.

Recently Idefense has made public the whitepaper[1] called A Comparison of Buffer Overflow Prevention Implementations and Weaknesses. Having reviewed this whitepaper we want to say it makes an inappropiated comparison on the windows protections, especially with our product StackDefender[2]

Re: [Full-Disclosure] AV Naming Convention

Randal, Phil wrote: I have to agree with Todd, the naming convention is now right useless for the normal population and make keeping up with viruses on a corporate level that much harder. AV companies are always trying to beat the other company and this leads to very little information sharing

Re: [Full-Disclosure] Re: Anyone know IBM's security address?

send it to [EMAIL PROTECTED] They will forward your mail to the responsible people! I did it the same way, and had a response within some hours! /oliver Jedi/Sector One wrote: On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote: Have a vulnerability in an IBM product. sent alert

[Full-Disclosure] Pavuk Digest Authentication Buffer Overflow

: Vulnerability Reported to: - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] * July 9 (Two Hours Later): SuSE's Roman Drahtmueller responds * July 9: Per SuSE request, issue forwarded to [EMAIL PROTECTED] * July 19: Initial date set

Re: [Full-Disclosure] Question for DNS pros

VX Dude wrote: named exploits are usefull for finding out what's inside a named.conf even in chroot jails. - 2 cents --- Paul Schmehl [EMAIL PROTECTED] wrote: Can this be done? Conditions: 1) You know an IP address that is running a DNS server. (IOW, it responds to digs.) 2) You do not know

[Full-Disclosure] XSS in Xitami testssi.ssi

Xitami Imatix testssi.ssi XSS = Xitami is an easy to use and open source webserver, running on several platforms. What? = Xitami Imatix 2.5c1 comes with the SSI test page /testssi.ssi, which delivers a website with the content of several SSI-variables. Within the

Re: [Full-Disclosure] Hacking Challenge?

Daniel Neugebauer wrote: Hi! and wtf is an SEK and can I buy a cup of coffee with that? It's the Swedish currency: http://en.wikipedia.org/wiki/Krona Exchanged that would be 108,70 EUR or 134,56 US-Dollar. That's not much for a challenge, is it? ;) Bye, Daniel

Re: [Full-Disclosure] Re: mi2g - fud, lies and libel

!-- Maybe the dark hearted criminals have de-faced the mi2g website? -- maybe light hearted ones can too. Stick this in the search thing on the main page. Pretty sad: ''img dynsrc=javascript:document.write ('brbrcenterbfont size=24cmall your digital risk base belong to

[Full-Disclosure] What A Drag

http://www.malware.com/wattadrag.html -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Brand New Hole: Internet Explorer: HijackClick 3

Paul has posted a tantilizing demonstration to bugtraq today. [see: http://www.securityfocus.com/archive/1/368652] This Internet Explorer sure provides hours of free entertainment. Let's install and run executable code on the target computers for the hell of it. Paul's beautiful demo

Re: [Full-Disclosure] MSN Messenger is vulnerable to the shell: hole

!-- Ctrl+clicking a shell:windows\\notepad.exe link in Microsoft Word 10.2627.3311 launches Notepad. -- this can be very interesting. The same in Outlook 2003 both html and rich text. Good thing the named temp file deposits were magically patched. As Andreas Sandblad mentioned the

Re: [Full-Disclosure] MicroSopht IE (on XPee only) launches messenger by callto:gates or outlook by outlook:calendar protocols

!-- I'm also really curious how this could be exploited. -- What do you mean: I'm also really curious how this could be exploited. it's already been exploited, it was all over the news and security lists a few months ago. What is this: eWEEK.com Security Center Editor Is someone

RE: [Full-Disclosure] What about M$ in the shell: race

!-- Every bit of real testing I've seen shows this is not a real vulnerability in IE. -- surely you jest. It is the Key to the Kingdom. To quote the original finder, way back in June of 2003: allows remote attacker to traverse Shell Folders directories. A remote attacker is able to

[Full-Disclosure] Re: Registry Fix For Variant of Scob

!-- No reason to set the kill bit? Take a look at http://seclists.org/lists/fulldisclosure/2004/Jun/0318.html And I am quoting you now You should be able to use this to compromise Windows XP SP2 through Internet Explorer despite the My Computer zone hardening since the Trusted Sites Zone

[Full-Disclosure] VERY HIGH VULNERABILITY DISCLOSURE !!! MASS ROOT POSSIBLE !!! PLEASE BE ATTENTIVE !!!

This is IHCTEAM material. We fuck blackhats and we own the planet. This is a leet advisory, s0 l33t. Just read it and be quiet. --- IHC TEAM private work, all the fame become to IHC TEAM and the leetest mr. [EMAIL PROTECTED] Product: PHP Version: all Security

[Full-Disclosure] The 3 D's: Demo for the Dullards and Dunces

? =;^) On or about 2004.07.02 02:52:05 +, [EMAIL PROTECTED] ([EMAIL PROTECTED]) said: Hey how nice, WindowsUpdate/WellsFargo magically appeared in front of me and I didn't even intend to go there .. I was just surfing for porn .. Let me hurridly download some stuff from there and give it my account

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

!-- The real fault doesn't belong with individual components (ADODB.Stream included), and I think the almost rant-like posts of Drew Copeley and HTTP-EQUIV miss this fact. ADODB.Stream does *not* represent a vulnerability, although it does act to significantly worsen the impact of an

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

!-- ActiveXObject(Shell.Application); obj.ShellExecut(mshta.exe,about:scriptvar wsh=new ActiveXObject('WScript.Shell');wsh.RegWrite ('HKCR\exefile\EditFlags', 0x3807, REG_BINARY);) /scriptiframe src=foo.exe); -- On quick reflection, I completely missed Matthew's point. It's

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

still have to contend with mshta.exe calling out through the iframe and more than likely firewalled long ago, so use it to write the registry to kill the download warning, then use it set the browser home page as http://www/foo.exe, that or the default search engine. tons of

RE: SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security

browsers are not affected: * Mozilla Firefox 0.9 for Windows * Mozilla Firefox 0.9.1 for Windows * Mozilla 1.7 for Windows * Mozilla 1.7 for Linux http://secunia.com/advisories/11978/ Perhaps someone who really knows will enlighten us all. Thor Larholm [EMAIL PROTECTED] said: From: [EMAIL

RE: SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security

browsers are not affected: * Mozilla Firefox 0.9 for Windows * Mozilla Firefox 0.9.1 for Windows * Mozilla 1.7 for Windows * Mozilla 1.7 for Linux http://secunia.com/advisories/11978/ Perhaps someone who really knows will enlighten us all. Thor Larholm [EMAIL PROTECTED] said: From: [EMAIL

RE: RE: SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security

about that, others...well...you know. Thor Larholm [EMAIL PROTECTED] said: Both you and I know perfectly well that Windows Update serves a different page for non-IE browsers, and that that page does not contain any frames. You should focus on the facts instead of letting your hatred

RE: RE: SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security

What an utterly pathetic scenario you present. Obviously you're blissfully unaware of the current security trend of site spoofing, 'phishing', url spoofing, DNS spoofing, zone spoofing and on and on and on. and of course now very the latest 'security expert spoofing' ! !-- Your subject

SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security

On the subject of IE bugs, I am running SP2 RC2, IE6.0.2900.2149 today I opened a window http://www.asus.com/products/server/srv-mb/ncch-dl/overview.htm In another IE window I had www.ingrammicro.com/uk open Whe I click on the picture of the motherboard in the first page to enlarge

[Full-Disclosure] SUPER SPOOF DELUXE : Take Two

Here's a quick and dirty demo injecting malware.com into windowsupdate.microsoft.com :) http://www.malware.com/targutted.html Thomas Kessler was kind enough to inform that this is not new, but in fact on old issue with Internet Explorer which by all accounts was supposed to be patched back

SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security

Here's a quick and dirty demo injecting malware.com into windowsupdate.microsoft.com :) http://www.malware.com/targutted.html Thomas Kessler was kind enough to inform that this is not new, but in fact on old issue with Internet Explorer which by all accounts was supposed to be patched back

Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients

With the current (in)security of most (if not all) ISP that provide ASP.Net or ASP Classic shared hosting services, all the attakers need to do is to get an hosting account in a shared hosting server (trivial) and infect these websites from the inside. I haven't heard of any new IIS exploit

[Full-Disclosure] Microsoft and Security

Where is Microsoft now protecting their customers as they love to bray? Should not someone in authority of this public company step forward and explain themselves at this time? All of sudden panic is being created across the WWW with IIS Exploit Infecting Web Site Visitors With Malware,

[Full-Disclosure] Microsoft and Security

Where is Microsoft now protecting their customers as they love to bray? Should not someone in authority of this public company step forward and explain themselves at this time? All of sudden panic is being created across the WWW with IIS Exploit Infecting Web Site Visitors With Malware,

RE: [Full-Disclosure] Microsoft and Security

volunteer as an expert witness when the negligence lawsuits finally arise :) and you? Burnes, James [EMAIL PROTECTED] said: One word, m-o-n-o-p-o-l-y And what are you going to do about it, punk? -Original Message- From: [EMAIL PROTECTED] [mailto:full- disclosure

[Full-Disclosure] Microsoft and Security

Where is Microsoft now protecting their customers as they love to bray? Should not someone in authority of this public company step forward and explain themselves at this time? All of sudden panic is being created across the WWW with IIS Exploit Infecting Web Site Visitors With Malware,

Re: [Full-Disclosure] RE: M$ - so what should they do?

ktabic wrote: On Tue, 2004-06-22 at 15:42 -0400, joe wrote: ActiveX/OLE/COM is, again, not core Windows. They are applications that run on Windows. The default user interfaces on the system use these for management of the system and they are heavily embedded in several user faced applications

Re: [Full-Disclosure] Vulnerability Disclosure Technics

There are several ways to search for vulnerabilities in applications. If you have the sourcecode, you can do a code review. There are many tools (like flawfinder etc.) wich will support you in finding static vulnerabilities like buffer-overflows du to incorrect usage of commands like strcpy and

[Full-Disclosure] MS Anti Virus?

Well they can't get a simple thing like a mail client right, they can't get a semi-simple thing like a browser right, they can't get not-so-simple thing like an operating system right, so let's branch out and fuck up some other things. No doubt a few years from now you'll see a line of food

[Full-Disclosure] MAGIC XSS INTO THE DNS: coelacanth

Tuesday, June 12, 2004 The following courtesy of 'bitlance winter' adds an entirely new dimension to the matter and also suggest some additional peculiarities at play: a href='http://quot;gt;lt;plaintextgt;.e-gold.com'foo/a a href='http://quot;gt;lt;scriptgt;alert()lt;%

Re: [Full-Disclosure] Akamai

james edwards wrote: I've just been told that it was a DoS. No details. Unlikely, Akamai is an overlay network the root content node is not reachable. Akamai can in real time spread web traffic through out their global network of servers, diluting a DoS to the point it is not significant. It is

[Full-Disclosure] RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)

This is all incorrect. 1. Any unusual characters in a file name will automatically be converted to random digits. This has been tested and demonstrated since 2001. 2. 'Save target' and an invoked download whether automatic or manually cannot be the same. Simple logic right click on a 15MB

[Full-Disclosure] COELACANTH: After Math

There is a sneaking suspicion that you can put the site contents in the so-called 'local zone' or 'my computer'. Since it validates the 'front end' of the address and ends up at the 'back end' this all would seem very similar to: object data=ms-its:mhtml:file://C:foo.mhtml!

[Full-Disclosure] FD info prompts M$ to summon the FBI on spy-vertisers

!-- http://zdnet.com.com/2100-1105-5229707.html http://news.com.com/2100-1002_3-5229707.html IE flaws used to spread pop-up toolbar by Robert Lemos, CNET News, 09 June 2004 The possibility that a group or company has apparently used the vulnerabilities as a way to sneak unwanted advertising

[Full-Disclosure] COELACANTH: Phreak Phishing Expedition

Thursday, June 10, 2004 The following was presented by 'bitlance winter' of Japan today: a href=http://www.microsoft.com%2F redir=www.e- gold.comtest/a Quite inexplicable from these quarters. Perhaps someone with server 'knowledge' can examine it. It carries over the address into the

[Full-Disclosure] Notes: COELACANTH: Phreak Phishing Expedition

Let me add some notes to this: 1. Placing microsoft.com in the so-called 'trusted zone', will render the site contents of e-gold.com in the 'trusted zone' 2. Opera fails, Mozilla functions 3. While it may appear to be related to the html form, the same can be achieved with a normal href or

[Full-Disclosure] FOUND: COELACANTH: Phreak Phishing Expedition

From the original discover, 'bitlance winter' one big fat coelacanth: a href=http://www.malware.com%2F redir=www.e-gold.comtest/a i guess that this issue is not e-gold's BUG, IE6 and Opera7.51 is vulnerable. Some server's DNS allow magic number subdomainname. the server allow , www.site.tld

[Full-Disclosure] SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition

We wrap this up with a full-on ssl site spoof. It seems limited how far you can 'shove' the real domain out of the way, but just enough to make it convincing so we adapt the window to 'cover' it up. Interestingly [with apologies to e-gold for playing with their site], they have a secured

Re: [Full-Disclosure] Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)

Who exactly are you? You come barreling into FD several months ago, long after it was created. Pissing in your pants to have found a unmoderated new mailing list. You run around on a spree posting every piece drivel at every possible opportunity. You then latch onto bugtraq riding the

[Full-Disclosure] TREND MICRO: The Protector Becomes The Vector Take II

Monday, June 07, 2004 !-- 1. When the product alerts it creates an html file in the temporary file of the user's machine [the so-called local zone] [screen shot: http://www.malware.com/weallcar.png 29KB ] This html file is viewed from an Internet Explorer browser object and indicates

[Full-Disclosure] Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)

!-- I hope I provided you with information to re-think your claims. -- Is that so? You and your friend provide nothing. Never have. Never will. You and he ought remain in the peanut gallery and let doer's do. Sit back keep your mouth shut and learn from people who do. Or create yet

[Full-Disclosure] TREND MICRO: The Protector Becomes The Vector [technical exercise: cross-application-scripting]

a suitable name with suitable html tags to render as we require. At present the actual browser and operating system automatically filter this {script.com becomes _script_.com]. 3. We need a container to achieve this and do so like this: PK à˜¸(ÏQhD D img[EMAIL PROTECTED] ](P^)7CC

Re: [Full-Disclosure] Pentesting an IDP-System

ph03n1x wrote: Hello I'm kinda new to this list and this is my first post so be nice to me :) Well I got an Intrusion Detection and Prevention System from a quite famous company which they lend me for betatesting. I already compiled a few exploits to test and it detected them quite reliable.

Re: [Full-Disclosure] http://www.chase.com/ vulnerability

Pathetic. Since you can spoof the main log in site all security calls to check for the 'little' padlock icon to determine the site is real doesn't exist on it plus the site has cross-site scripting capabilities: http://chase.com/inetSearch/index.jsp?

[Full-Disclosure] Rogers Cable Canada

Anyone on this list have a rogers cable modem connection want to do a quick test of something, drop me a note. -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] The Dangers of Cross-Site-Scripting: Rogers Hi-Speed Internet Network [Canada]

Wednesday, May 26, 2004 Many people dismiss the dangers of cross site scripting as nothing more than 'parlor tricks'. This is not a good idea. As previously indicated: [see: http://www.securityfocus.com/archive/1/348363] when the right circumstance arises, this puny 'parlor trick' can

[Full-Disclosure] The Alexis de Tocqueville Institution

What kind of rinky-dink operation is this? Hosted on geocities? Do you suppose they took the $11.95 per month or the $19.95 or made a big splash and went for the $39.95 per month special. A whopping $25 saving setup fee too. Broken links everywhere, script errors everywhere, missing images.

[Full-Disclosure] Stupid Phishing Tricks

Phriday , May 21, 2004 Several pheeble yet interesting phishing possibilities arise as phollows: Take one .htaccess trivially modified to suit the target scenario: AuthName EXCHANGE SERVER LOGIN ERROR: PLEASE TRY AGAIN AuthType Basic One throw-away domain which can include the target's

Re: [Full-Disclosure] Support the Sasser-author fund started

Georgi Guninski wrote: On Sun, May 16, 2004 at 12:19:21PM -0700, [EMAIL PROTECTED] wrote: The MS operating systems are the main source of problems for really only 2 reasons: 1) their popularity makes them the most valuable targets i suggest you stop smoking bad stuff, it is illegal in bulgaria

[Full-Disclosure] Buffer Overflow in ActivePerl ?

hi folks, i played around with ActiveState's ActivePerl for Win32, and crashed Perl.exe with the following command: perl -e $a=A x 256; system($a) I wonder if this bug isnt known?!? Because system() is a very common command Can anybody reproduce this? I put together a little advisory on my

RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?

hi folks, i played around with ActiveState's ActivePerl for Win32, and crashed Perl.exe with the following command: perl -e $a=A x 256; system($a) I wonder if this bug isnt known?!? Because system() is a very common command Can anybody reproduce this? I discovered this vulnerability

[Full-Disclosure] ROCKET SCIENCE: Outllook 2003

Monday, May 17, 2004 Technical final step to 'silent delivery and installation of an executable on the target computer, no client input other than reading an email' this can be achieved with the highly touted 'secure-by-default' Outlook 2003 mail client from the craftsman known as

Re: [Full-Disclosure] Support the Sasser-author fund started

Seth Alan Woolley wrote: On Sat, May 15, 2004 at 08:31:25PM -0400, Shane C. Hage wrote: Why should Microsoft have more blame? In my opinion, I believe that software companies, especially Microsoft, have taken all of the appropriate steps to provide security within their products. Keep your head

[Full-Disclosure] POA: Outlook Expresss 6.00

Thursday, May 13, 2004 The following is exceptionally unusual. For many years post Outlook Express 4 has been an impossibility to target html or remote sites directly into the 'window' of an Outlook Express mail message. That means all links [your basic href] would invoke the browser

[Full-Disclosure] PING: Outlook 2003 Spam

Tuesday, May 11, 2004 Outlook 2003 the premier mail client from the company called 'Microsoft' certainly appears to have a lot of security features built into it. Cursory examination shows excellent thought into 'spam' containment, 'security' consideration and many other little 'things'.

[Full-Disclosure] OUTLOOK 2003: OuchLook

Sunday, May 09, 2004 Outlook 2003 the premier mail client from the company called 'Microsoft' certainly appears to have a lot of security features built into it. Curosry examination shows excellent thought into 'spam' containment, 'security' consideration and many other little 'things'.

[Full-Disclosure] DEEP SEA PHISHING: Internet Explorer / Outlook Express

Saturday, May 08, 2004 More silliness : A HREF=http://www.microsoft.com alt=http://www.microsoft.com; IMG SRC=malware.gif USEMAP=#malware border=0 alt=http://www.microsoft.com;/A map NAME=malware alt=http://www.microsoft.com; area SHAPE=RECT COORDS=224,21 HREF=http://www.malware.com;

[Full-Disclosure] Re: iDEFENSE: Upcoming OpenSSH Security Advisory Announcement

as everyone could imagine, it's just another lame fake advisory of those non-skilled bugtraq.org guys. they always open their mouths very wide. in former times it was funny to see their mails to mailinglists like bugtraq or full-disclosure, but nowadays i can just bemoan these lame guys.

Re: [Full-Disclosure] Potential Microsoft PCT worm (MS04-011)

!-- This advisory below however is not from Microsoft,-- it is an 'official' Microsoft alert though :( news://news.microsoft.com/[EMAIL PROTECTED] not that anyone really cares :) -- http://www.malware.com ___ Full-Disclosure - We believe

Re: [Full-Disclosure] IE exploit going around on irc

!-- I thought you were already aware of the text/x-scriptlet object variation of Ibiza which was exploited in the wild before Ibiza was even discussed on Bugtraq -- Really? I be most interested in seeing a reference to that. The time-line I have is: 1. On Wednesday, February 11, 2004

[Full-Disclosure] Advisory: Multiple Vulnerabilities in Monit

attacker with access to Monit's WBA via HTTP or HTTPS clients could potentially gain the privileges of the root user. V. Vendor Response April 3, 2004: * First two vulnerabilities discovered * Monit team notified via e-mail ([EMAIL PROTECTED]) April 4, 2004: * Response from Jan Henrik

Re: [Full-Disclosure] IE exploit going around on irc

Someone's thinking [for once]. tehaa = 'ADO' + 'DB' + '.St' + 'ream'; var tehf = new ActiveXObject(tehaa); -- http://www.malware.com ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

[Full-Disclosure] Re: security enforcement - new monitor for winnt

!-- afaik, i can stop ie 0day exploits by doing these things. so, i made this: http://umbrella.name/winblox/ of course, free. -- This is fantastic. A truly useful effort for the benefit of the so-called security community. And free. And from security expert who actually finds new and

[Full-Disclosure] Re: New worm?

!-- GET / HTTP/1.1 HTTP/1.1 200 OK Server: My Bitchin' IE Infector Date: Sat Mar 27 13:22:27 2004 Content-type: text/html Accept-Encoding: identity Accept-ranges: bytes snip content -- reinsert content object data=ms-its:mhtml:file://C:foo.mhtml!

[Full-Disclosure] ISS 'Witty' Worm Analyzed

Dear Lists, I have completed an analysis of the 'Witty' worm that impacts multiple ISS products. The worm is spreading via a very simple UDP propagation algorithm. The unique nature of this worm made it a fascinating piece of code to analyze. The analysis gets into the details of the worm's

[Full-Disclosure] Updated Witty Analysis Information

Dear Lists, I have had an incredible surge in demand following my recent post of the analysis of the 'Witty' worm. Initially, some of you were able to access it now, but most of you were not. For those of you who were not able to obtain a copy, a mirror has been made available. Tremaine Lea

[Full-Disclosure] Re: The witty worm

!-- Joe just posted a URL with an analysis: http://www.lurhq.com/witty.html -- Certainly there is nothing like an 'early warning HUMAN system' but really, how about letting the author's of their own work make these announcements. There appears to be a new trend of coat-tail riders

Re: [Full-Disclosure] Re: The witty worm

...then you're a lazy incompetent fake security fuck waiting around for the house nigger to serve you your gin and tonic while you sit on the stoep sipping your gin and tonic. Mike Barushok [EMAIL PROTECTED] said: Hmm, seems a little hypocritical to call for only the author to announce

[Full-Disclosure] HOTMAIL / PASSPORT: phishing expedition

Thursday, March 18, 2004 Unbelievably ridiculous insertion of arbitrary html into the Hotmail web based email account of your targeted buddy. In order to gain your little pal's credentials, simply send him or her an email with an extra long subject like so:

[Full-Disclosure] PLAXO: is that a cure or a disease?

=iframe src=http://www.bloatedcorp.com input type=hidden name=Biz.Email1 value=[EMAIL PROTECTED] input type=hidden name=Biz.Email2 value= input type=hidden name=Biz.Email3 value= input type=hidden name=Biz.IM value= input type=hidden name=Biz.WebPage value= He had taken our entire contact list

  1   2   >