Im sure glad Microsoft spent more on security
and xp service pack 2 then the missle defense system. This works on
me using XP Pro SP2, malware[1].exe is in my startup folder!!! It
would be trivial and easy to trick users to drag something. I totally feel
unsecure with Microsoft and SP2 ye
If you were as annoyed as i was with your mailboxes being
bombarded I looked up native email filtering for microsoft environments.
Attatched is a basic script to get u started. This works on the Microsoft
SMTP service on NT4,2000, and 2003
Michael Evanchik
www.high-pow-er.com
Michael Evanchik
www.high-pow-er.com
Title: RE: [Full-Disclosure] Re: Six Step IE Remote Compromise Cache Attack
I would first like to commend microsoft on patching the exploit very quickly.
Second I would like to like to say I totally give up on internet explorer an have moved on to Mozilla firebird. Thank you open source!
A
/2003 10:56 AM
To:
Michael Evanchik
Cc:
[EMAIL PROTECTED]
Subject:
Re: [Full-Disclosure] Re: Six Step IE Remote
Compromise Cache Attack
Michael Evanchik wrote:> 1) take out the function
name and brackets and all code below> in default.htm and
s
permanent for any AOL user every time the icon is
imported.
3. Now your ready to create your html page on a web server.
In the html webpage all that is needed is simply...
This will not need to be changed ever again since your filename and
location is permanent foreveryone on AOL.
4. Send
That is definately true. But unfortunately I used known local exploit examples to give due credit to some people. There are many different local exploits that norton does not pick up as well as ways to rewrite the known ones to trick norton so I have been told.
Mike
From:
Feher Tamas
From:
[EMAIL PROTECTED]
Sent:
Fri 2/20/2004 9:39 PM
To:
[EMAIL PROTECTED]
Cc:
[EMAIL PROTECTED]
Subject:
[Full-Disclosure] RE: Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
Why don't you release your exp
I sure am, i do not want to uninstall the service pack. I looked
around for any encryption pack installs but nothing for IE6. This sucks no
https sites work.Mike
- Original Message -
From:
Technoboy
To: [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 2:04
PM
Subje
ve no idea who you are Gadi to give such
comments like that.
Michael Evanchik
www.MichaelEvanchik.com
- Original Message -
From:
Gadi Evron
To: Jelmer
Cc: [EMAIL PROTECTED] ; [EMAIL PROTECTED]
; [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 4:47 PM
Subject:
I disagree Colin,
A good administrator knows there is more then one way to skin a cat. Rafel,
I belive was just briefly stating some solutions to the problem. I can tell
you windows protection can be defeated with a few registry changes. Combine
that with an active directory login script and I
I have no problem with this list. I use a tool to passively filter this
list the same that I do for the spam problem that has taken over planet
earth
In your email client there is a button that will take care of this for you.
Look for something in the respects of "DELETE"
Anyone who can not
This crew has this entirely wrong. Have they read securityfocus.com lately?
This was a setup. He does have prior convictions but if you notice they are
the same date ever year. It seems they have this guy on their outlook
calendar reminders. Also by no means should anyone feel safe now since the
Too bad I cant add this too my cart and complain to customer service I am
not receiving my item
www.michaelevanchik.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Knarr, Joshua
Sent: Wednesday, December 01, 2004 9:59 AM
To: mikx; [EMAIL PROTECTED]
To all it my concern.
Even though I sadly have to admit to
... being a former spammer (it was good extra cash especially if you can
code)
understand their side well
... understand 2 wrongs don't make a right and that this is technically DDoS
I agree with this method to combat spammers who are
millions of dollars have been spent on securing SP2,
perfection is impossible. Through the joint effort of Michael Evanchik (http://www.michaelevanchik.com) and
Paul from Greyhats Security (http://greyhats.cjb.net),
a very critical vulnerability has been developed that can compromise a user's
s
try www.michaelevanchik.com/security/microsoft/ie/xss/index.html
might
be a little more reliable PoC
1) new
not known by AVP codes
2)
uses all start up menue languages
-Original Message-From: Michael Evanchik
[mailto:[EMAIL PROTECTED]Sent: Saturday, December
AVP codes
2) uses all
start up menue languages
-Original
Message-From: Michael
Evanchik [mailto:[EMAIL PROTECTED]Sent: Saturday, December 25, 2004 9:11
PMTo: Aviv Raff;
full-disclosure
n
error is shown, press OK. This is normal.
- Notice
in your startup menu a new file called Microsoft Office.hta. When run, this
file will download and launch a harmless executable (which includes a pretty
neat fire animation)
Michael
Evanchik
Relationship1
p:
914-9
Had a mistake in my code o well. Works now
PoC: http://www.michaelevanchik.com/security/microsoft/ie/xss/index.html
http://www.michaelevanchik.com/security/microsoft/ie/xss/writehta.txt <--
avp's should add this
Here is some new adodb code AVP's should add. No longer needed to connect
to ext
Had a mistake in my code o well. Works
now
PoC: http://www.michaelevanchik.com/security/microsoft/ie/xss/index.html
http://www.michaelevanchik.com/security/microsoft/ie/xss/writehta.txt
<-- avp's should add this
Here is some new adodb code AVP's should add.
No longer needed to co
ger needed to connect to external source.
Malicious recordset can be built locally.
www.michaelevanchik.com
-Original Message-From: Michael Evanchik
[mailto:[EMAIL PROTECTED]Sent: Monday, December 27, 2004
11:57 AMTo: Ron Jackson;
full-disclosure@lists.netsys.comSubje
Todd,
Listen, you are so wrong i cant belive you
even have the guts to post this. How stupid can you be? Norton or
any AVP can easily be fooled. The active x object "ca"+n b"+ +e crea"
+ted" like this. code changed around , or even different local code can be
used and tada AVP is fooled
Title: Re: [Full-Disclosure] And you're proud of this Mike Evanchick?
Let me put this lighter,
WRONG
I created this code first using KNOWN virus
strings. It would be trivial to use different code that is not
detected,
Mike
www.michaelevanchik.com
- Original Message -
Fro
http://securityresponse.symantec.com/avcenter/venc/data/trojan.phel.a.html
mike
www.michaelevanchik.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ger needed to connect to
external source. Malicious recordset can be built
locally.
www.michaelevanchik.com
-Original Message-From: Michael Evanchik
[mailto:[EMAIL PROTECTED]Sent: Saturday, December 25,
2004 9:11 PMTo: Aviv Raff;
full-disclosure@lists.netsys.comSubje
erpix
To: Todd Towles
Cc: Michael Evanchik ; full-disclosure@lists.netsys.com
Sent: Thursday, December 30, 2004 12:55
PM
Subject: RE: [Full-Disclosure] And you're
proud of this Mike Evanchick?
I have to aggree with Todd on this one, the attack was
extremelyunprofess
27 matches
Mail list logo
