past for not fessing
up or giving credit where due; I agree with Linus Torvalds, vendor-sec
and ideas like it are a bad idea:
"I happen to believe in openness, and vendor-sec does not. It's that
simple." ( http://www.internetnews.com/dev-news/article.php/3458961 )
--
Seth Alan
ECTED]
> http://www.indianz.ch
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized
Key id EF10E21A = 36AD 8A92 8499 8439 E6A8 3724 D437
On Fri, Jul 16, 2004 at 12:10:33PM +1200, Nick FitzGerald wrote:
> Seth Alan Woolley to me:
>
> > > The correct solution to all such problems is simply to reject the
> > > content as malformed. And guess what will happen when you do that?
> > > Several reall
Sorry for the gory SGML details to follow...
On Thu, Jul 15, 2004 at 09:13:12PM +0200, Pavel Kankovsky wrote:
> On Wed, 14 Jul 2004, Seth Alan Woolley wrote:
>
> > If the topic of exploiting browsers to gain unauthorized access to
> > websites with buggy input validation is bac
lly if you want. I mostly care about the script
tag and the object and iframe tags, especially -- anything with src or
href attributes. The general fix would be to close the tag before the
text 'src=' or 'href=' and any other attribute like this.
It's a simple fix and not f
ead the comments on the reported bug, they seemed to fail to
understand the bug and how easy it would be to fix while maintaining
backwards compatibility. Then they resolved it duplicated on me when it
wasn't the same bug as the other bug, essentially keeping it quiet.
Seth
--
Seth Alan W
u could even check to see if it's invoked as non-root so that all your
non-root services are better off, but then again, I chroot _everything_
and there's no /bin/sh in those chroots.
Seth
--
Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized
Key id EF10E21A = 36AD
4
>
Does this issue also affect every other device using the Allegro RomPager/2.10
firmware?
If so, it affects /much/ more than the 3Com 812.
cf:
http://www.securityfocus.com/archive/1/62960
http://lists.netsys.com/pipermail/full-disclosure/2004-May/021828.html
Seth
--
Seth Alan Woolle
p.to/immhf/thread.html
All those integrated into mutt, spam (spambayes) and virus (clamav)
filtering, procmail filtering for mailing lists, and automatic month-old
mail archiving (fcrontab on my Maildir folders) have increased my mail
utility by an order of magnitude.
Seth
--
Seth Alan Woolley [
of it all is that CISCO can't do a damned thing about
it, despite the wishes of WIPO.
--
Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized
Key id EF10E21A = 36AD 8A92 8499 8439 E6A8 3724 D437 AF5D EF10 E21A
http://smgl.positivism.org:11371/pks/lookup?op=get&search=0xEF10
On Tue, May 25, 2004 at 04:59:20PM -0400, [EMAIL PROTECTED] wrote:
> On Tue, 25 May 2004 11:05:03 PDT, Seth Alan Woolley said:
> > Copyright means the right to publish a work in its entirety. As long as
> > they aren't republishing the whole code when they find a vulnerability
right to mean
something it never intended. The law is not broken in this case, even
though you think it is morally wrong. Get over it.
Re-read your first sentence. The only one that applies is
redistribution. Copying for personal use and use itself are still
perfectly legal outside of an explic
;$ip_address"'\r\nAuthenticate: " . 'A' x
1024 . "\r\n\r\n"' | nc "$ip_address" 80
$ ping $ip_address # doesn't work
Tested against a 3com 812 adsl modem.
This email is in the Public Domain.
--
Seth Alan Woolley [seth at positivism.org], SPA
My personal opinion is that more blame should be put on M$.
> > >
> > > The company is called Microsoft or MS in short. Why don't you use its
> > > proper name?
> > >
> >
> > are you sure it is MS and not M$
> >
> > i was always taught it was M$.
> >
> > --
>
with something better for my
internal DMZ purposes.
Seth
--
Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized
Key id EF10E21A = 36AD 8A92 8499 8439 E6A8 3724 D437 AF5D EF10 E21A
http://smgl.positivism.org:11371/pks/lookup?op=get&search=0xEF10E21A
Security Team Leader Source
imate, and so on.
Evolution never ends, even with catastrophes and periods of stasis.
--
Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized
Key id EF10E21A = 36AD 8A92 8499 8439 E6A8 3724 D437 AF5D EF10 E21A
http://smgl.positivism.org:11371/pks/lookup?op=get&search=0xEF10E21A
Securit
___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized
Key id EF10E21A = 36AD 8A92 8499 8439 E6A8 3724 D437 AF5D EF10 E21A
http://smgl.posit
xes that happen during regular upgrade cycles
in many products, closed and open source, so the significance of these
studies is inherently weak unless some attempt is made to estimate the
error that this fact introduces.
--
Seth Alan Woolley , SPAM/UCE is unauthorized
Key id EF10E21A = 36
18 matches
Mail list logo