Even moreso when you see the account that the money is being funneled into:
https://blockchain.info/address/16R14EH4v8A9GPXkAAP8gcMFBA8oxA8nbY
215,637.634057 * 482.60 (current Camp BX rate) = 104066722.195
104 mil.. they've had alot of different scams going besides this, I'm
guessing dang w
You mean the same guys who brought this? http://pastebin.com/XHyE9UJx
Broken English, email address with capital letters. I'm extremely
skeptical.
On 04/25/14 14:18, Dillon Korman wrote:
Saw a link to this:
http://pastebin.com/qPxR9BRv
There is no actual exploit code in there since they ins
Hi Rene,
Thanks for your responses. Keep in mind my criticisms are not
directed soley at you. They are directed at the entire Struts team,
it's practices and culture.
I've been on the front lines with applications who were pwned by
Struts bugs and thousands of users' personal information expos
On Fri, Apr 25, 2014 at 2:18 PM, Dillon Korman wrote:
> Saw a link to this:
> http://pastebin.com/qPxR9BRv
Fun!
> There is no actual exploit code in there since they insist of keeping it
private.
It'd be a lot less funny if they didn't keep it private. They claim to have
found a buffer overflow
https://blockchain.info/address/1BKRqnmWNfK5qjhouMaBFHwjHK9ibfrKhx
Apparently it's a rather successful scam.
2014-04-25 21:18 GMT+03:00 Dillon Korman :
> Saw a link to this:
> http://pastebin.com/qPxR9BRv
>
> There is no actual exploit code in there since they insist of keeping it
> private. Do
> It's bullshit. They say: 'A missing bounds check in the handling of the
> variable "DOPENSSL_NO_HEARTBEATS"'. That's not a variable, the "D" is
> not actually part of the name, and it's a compile-time macro that
> configures whether heartbeats will be compiled in or not. And because
> it's a comp
Hello list!
Recently I disclosed vulnerabilities in CU3ER
(http://seclists.org/fulldisclosure/2014/Apr/244) and vulnerabilities in
plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone
(http://seclists.org/fulldisclosure/2014/Apr/251). This is popular flash
file and in Google's ind
On Fri, Apr 25, 2014 at 08:18:04AM -1000, Dillon Korman wrote:
> Saw a link to this:
> http://pastebin.com/qPxR9BRv
>
> Do you think there really is a working exploit on new versions of OpenSSL?
It's bullshit. They say: 'A missing bounds check in the handling of the
variable "DOPENSSL_NO_HEARTBE
Also, I'm a tad confused by the regex you have as a stop-gap. For the
readers' convenience:
(.*\.|^|.*|\[('|"))(c|C)lass(\.|('|")]|\[).*,^dojo\..*,^struts\..*,^session\..*,^request\..*,^application\..*,^servlet(Request|Response)\..*,^parameters\..*,^action:.*,^method:.*
If your regex evaluatio
Saw a link to this:
http://pastebin.com/qPxR9BRv
There is no actual exploit code in there since they insist of keeping it
private. Do you think there really is a working exploit on new versions of
OpenSSL?
___
Sent through the Full Disclosure mailing
Thanks for pointing this out. The mitigation advice is obsolete once the
security patch release currently under review is published. Your point
should be addressed there. We would have delivered the release along
with the announcement if this issues would not have been disclosed already.
Thanks,
R
Hi,
Am 25.04.14 18:52, schrieb Tim:
>
>
> So I have to say, I feel like the Struts team is kind of... failing.
> Here are my gripes:
>
> A) I questioned the last bug fix in the thread here [1], where we
>were all reassured that it was just "ClassLoader manipulation", not
>RCE. Clearly
On 7/29/13 I've reported Live.com XFO vulnerability to the *Microsoft
Security team* and finally their investigation came to conclusion and fixed
the bug. So, Here is details of bug and timeline of fixing bug. A year ago
on the weekend, I started digging into MS services for bugs.
The timeline of
So I have to say, I feel like the Struts team is kind of... failing.
Here are my gripes:
A) I questioned the last bug fix in the thread here [1], where we
were all reassured that it was just "ClassLoader manipulation", not
RCE. Clearly that's not true.
B) The fix for the last CVE was th
Document Title:
===
Depot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1259
Release Date:
=
2014-04-23
Vulnerability Laboratory ID (VL-ID):
=
BACKGROUND
"iMember360is a WordPress plugin that will turn a normal WordPress site
into a full featured membership site. It includes all the protection
controls you can imagine, yet driven by Infusionsoft's second-to-none CRM
and e-commerce engine."
-- http://imember360.co
16 matches
Mail list logo
