A vulnerability is a vulnerability.
A SQL Injection is a type of Vulnerability.
For each type of Vulnerability, there will be thousands of web
applications that might be vulnerable to it.
DLL Hijacking is same.
We do each post rather than a list so that security vulnerability news
site can get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ FreeBSD 8.1/7.3 vm.pmap kernel local race condition ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
http://lu.cxib.net
Date:
- - Dis.: 09.07.2010
- - Pub.: 07.09.2010
Affected Software (verified):
- - FreeBSD 7.3/8.1
Original URL:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2105-1 secur...@debian.org
http://www.debian.org/security/Giuseppe Iuculano
September 07, 2010
YMMD :)
Hello Full-Disclosure!
I want to warn you that I dont know anything about running secure sites. As
a result it seems I have been compromised!
www.websecurity.com.ua
___
Full-Disclosure - We believe in it.
Charter:
Good job, Dude
You didn't even bother to hide your track.
[snip]
Received: from a (shalb.com [62.149.9.65])
by lists.grok.org.uk (Postfix) with SMTP id F1F06324
for full-disclosure@lists.grok.org.uk;
Wed, 8 Sep 2010 04:41:17 +0100 (BST)
[/snip]
# host websecurity.com.ua
websecurity.com.ua has address 62.149.9.65
On 8/09/2010 9:00 PM, YGN Ethical Hacker Group wrote:
Good job, Dude
You didn't even bother to hide your track.
[snip]
Received: from a (shalb.com [62.149.9.65])
by lists.grok.org.uk (Postfix) with SMTP id
FreeBSD 7.0 - 7.2 pseudofs null pointer dereference
Disclosed by: Przemyslaw Frasunek
18/08/2010
1. Synopsis
Starting from FreeBSD 5.0, the system supports POSIX extended attributes,
allowing to store metadata associated with file. Those attributes can be
manipulated using extattr_* syscalls.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless
LAN Controllers
Advisory ID: cisco-sa-20100908-wlc
Revision 1.0
For Public Release 2010 September 08 1600 UTC (GMT
A GOATSE SECURITY RELEASE
Application layer authentication-inherent validation of public key
integrity without the use of a trusted third party
Andrew Auernhemer and Jordan Borges.
More readable version w/ reference links available here:
Hello Andrew,
un-tl;dr abstract: SSL is broken. Certificate authorities only exist
to let the US, Chinese, Turkish, Brazilian etc etc government or
Russian mob spy on you (whichever is interested first). Well, I guess
they also exist to line the pockets of assholes who want $10-50 for
With the recent MS update/patch and my POC failure (to exploit the
vuln), it is clear that this type of vulnerability is impractical.
In the (few) cases where it *might* work, the approach to fixing it is
not practical; that is, there are hundreds if not thousands, of
vulnerable applications.
Just
You're expecting us to trust YOU over the Government X?
How do we know you're not working for the French Government (seeing
how you didn't list it in your conspiracy list)?
I love jokes, but this is a bit too late for April's Fool.
Cheers,
Chris.
On Wed, Sep 8, 2010 at 6:59 PM, Tim
Chris,
The cryptographic primitives are long-standing and strong, and the
source is open! Feel free to pick apart our proposed protocol
specification!
On Wed, Sep 8, 2010 at 12:15 PM, Christian Sciberras uuf6...@gmail.com wrote:
You're expecting us to trust YOU over the Government X?
How do
On Wed, Sep 8, 2010 at 10:08 AM, Przemyslaw Frasunek
veng...@freebsd.lublin.pl wrote:
There is a working exploit, allowing to gain local root privileges. It will be
released after 14 days from this advisory.
This is for good to practice. Disclosure eleventeen is years after we
has must posted
Tim,
Absolutely, the risk of javascript being rewritten is highlighted
below-- which is why there needs to be something outside the reference
implementation below.
While we may be similar to other proposed ideas, our implementation is
unique and we are rapidly developing a PAM module at this
While we may be similar to other proposed ideas, our implementation is
unique and we are rapidly developing a PAM module at this moment. We
are not limited to https.
I would expect there to be quite a bit less value in adding something
like this to SSH for the following reasons:
* Users of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2106-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2010
So you might then add another pass of making a hash after the details of
transaction are known that embodies transaction details, then use oblivious
transfer again so that each end knows that the transaction was done and
was thus accepted?
Takes care of someone taking over the transaction
On Wed, Sep 08, 2010 at 07:15:35PM +0200, Christian Sciberras wrote:
You're expecting us to trust YOU over the Government X?
How do we know you're not working for the French Government (seeing
how you didn't list it in your conspiracy list)?
I love jokes, but this is a bit too late for
This is no different then installing a client cert
Yes, exactly. This is as equally secure as installing a client cert.
Except it is achieved without a client cert, using only a password, in
a manner that can be more easily scaled to lots of users.
Trying to not sound like a dick,
dvs.
On Wed, Sep 8, 2010 at 9:24 AM, Andrew Auernheimer glutt...@gmail.com wrote:
un-tl;dr abstract: SSL is broken. Certificate authorities only exist
to let the US, Chinese, Turkish, Brazilian etc etc government or
Russian mob spy on you (whichever is interested first). Well, I guess
they also
So now it's a matter of scaling?
I'd rather stay on the grounds of certificates, where scaling has been
one of the primary focuses since the early 2k.
In my opinion it's pretty much useless reinventing the wheel; the idea
behind certificates is as much a security medium as is the party being
I was recently taking a look at the Apache Traffic Server project (which I
believe was formerly developed by Yahoo Inc) and notice a series of potential
problems relating to the way that it handles DNS. This proxy does not rely on
the OS supplied resolver library for resolving hostnames but
We want a certain X people from a certain X chan dictating how some X
software is fully trusted and can run on my computer.
Call me paranoid, but I stick to the #1 rule of never ever trusting the public.
I'd rather have a company pay some good bucks to get their hands on a
highly trusted
Amen. This is why we should use and support web of trust style systems.
Webs of trust could definitely make SSL's PKI more fault tolerant.
The hard part is figuring out how to make it work while users don't
have to put forth any additional effort. Thoughts?
tim
This is no different then installing a client cert
Yes, exactly. This is as equally secure as installing a client cert.
Except it is achieved without a client cert, using only a password, in
a manner that can be more easily scaled to lots of users.
Um... I think you have it backwards.
Ah, a new password-authenticated DH. At first glance, this is similar to
SRP (http://srp.stanford.edu/), but the server stores a plaintext password.
Initial thinking -- I'm not convinced that an offline brute force attack
won't work -- the nonce may break rainbow tabling, but it is transmitted
Andrew,
The whole point of the current PKI is to ensure that with no prior
knowledge on the first connection the person you are communicating
with is who they say they are via a trusted third party who can
vouch for them.
If you can verify their identity once you can cache their
On Wed, Sep 8, 2010 at 12:12 PM, Christian Sciberras uuf6...@gmail.com wrote:
Call me paranoid, but I stick to the #1 rule of never ever trusting the
public.
That is what is good about WoT. You can set the policy on who to
trust. You can trust only yourself, certain people, or $BIGCORP if
that
Dan,
Upon examining SRP, you are correct. SRP solves the same problem in a
superior manner. lulz
On Wed, Sep 8, 2010 at 2:52 PM, Dan Kaminsky d...@doxpara.com wrote:
Ah, a new password-authenticated DH. At first glance, this is similar to
SRP (http://srp.stanford.edu/), but the server stores
On Wed, Sep 08, 2010 at 09:12:13PM +0200, Christian Sciberras wrote:
I'd rather have a company pay some good bucks to get their hands on a
highly trusted certificate than kids who's aim in life is wiping as
much hard disks as possible.
Which also answers why those $10-$20 assholes does a
===
Ubuntu Security Notice USN-985-1 September 08, 2010
mountall vulnerability
CVE-2010-2961
===
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This
However, why don't we have server certificates with multiple
independent CA signatures?
Tim, I find that concept very interesting.
Cheers,
Chris.
On Wed, Sep 8, 2010 at 10:34 PM, Tim tim-secur...@sentinelchicken.org wrote:
I'd rather have a company pay some good bucks to get their hands on
It's true that conventional certs have been completely devalued by the
bottom-feeders. This is a good argument for EV. Goatse may dismiss EV as a
joke, but there are very few EV CAs and none of them are TELECOM MINISTRY
OF BUTTFUCKISTAN. The spec requires that they authenticate the operation
of
Christian Sciberras uuf6...@gmail.com wrote:
... the approach to fixing it is not practical ...
... it is [the fault of] the underlying dll loading mechanism.
Do you mean that the practical solution would be for MS to set
sensible defaults? It took them many years for SafeDllSearchMode,
expect
Do you mean that the practical solution would be for MS to set
sensible defaults? It took them many years for SafeDllSearchMode,
expect just as many for CWDIllegalInDllSearch.
Did you read my email about real-world testing of this issue?
MS issued a patch quite some time ago.
This
Christian Sciberras uuf6...@gmail.com wrote:
MS issued a patch quite some time ago.
Would you be able to give a reference to that patch, and comment on
its relationship to the recent
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
*From:* www.tuscl.net tuscl.foun...@gmail.com
*To:* auto595...@hushmail.com, iluv2c...@gmail.com, benh...@gmail.com,
be...@physics.uakron.edu
*Date:* Wed, 08 Sep 2010 19:01:24 +
Just received this email from the owner of the site:
Ben
How 'bout I send a couple of strippers over to your
On Sun, Sep 05, 2010 at 07:01:19PM +0530, Nikhil Mittal wrote:
1. Overview
nmap = 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default
Christian Sciberras uuf6...@gmail.com wrote:
MS issued a patch quite some time ago.
http://support.microsoft.com/kb/2264107
That is not a patch, not installed by default: is only for
uber-geeks who manually install it. Was issued a week ago, in
response to this kerfuffle, not quite some time
That is what others said, yet it installed automatically on mine.
The only interaction was that I allowed it to be downloaded and
installednot really geeky at all...
I must say you'll have to take my word on it.
On Thu, Sep 9, 2010 at 1:36 AM, paul.sz...@sydney.edu.au wrote:
Christian
Fyodor fyo...@insecure.org wrote:
nmap = 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default Windows DLL search path used for those
===
Ubuntu Security Notice USN-978-1 September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167,
jf j...@ownco.net wrote:
... my understanding of the issue was not the default library search
path, but rather that people are using SearchPath() or similar to locate
DLLs which they then pass to LoadLibrary() ...
And, people loading DLLs they do not need, for OS version detection.
(Maybe
One problem with your scenario: any person sophisticated enough to know what
nmap is (much less use it) is going to be just a little suspicious about
running nmap on some random data file that you send them.
--Rohit Patnaik
On Wed, Sep 8, 2010 at 8:29 PM, paul.sz...@sydney.edu.au wrote:
jf
jf j...@ownco.net wrote:
I still don't see how this is really MSFTs fault. I mean ...theres a
fairly clear warning on MSDN for LoadLibrary SearchPath ...
Do not confuse: SearchPath is not the issue.
Yes, there is a warning, which is recent:
I must say I can't take your word according to my testing.
I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
with latest windows updates applied (as of Today -sept 09 2010). I
used Acros Security's 64 bit demo.
Should I make movie to prove that like
1- Updating Windows (check
47 matches
Mail list logo