-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2251-1 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
June 02, 2011
Hi Thor,
This is what I get when I click on the link..
The link you clicked on appears to be incomplete.
If the link is very long and wraps across two lines, try copying both lines,
one at a time, and pasting the full link into your browser's location box.
If that doesn't work, please reply
Hi, Mark,
On 06/01/2011 07:57 AM, Marc Heuse wrote:
this surprised me for two things.
First: Cisco was not aware.
I mentioned this issue to at least one guy @ PSIRT.
Nevertheless, it has to tell what it takes for a vendor to be aware. I
have had some experience in the past in which I
Same web browsers allow to show directory index or content of text-based
file in frame, when it is loaded via FILE protokol. It enables hijacking of
informations from user's local disk by dragdrop methods. I call this
technique FFFjacking (File From Frame hiJacking). Combination of Windows
XP and
Check out the latest security advisory: http://www.foofus.net/?p=319
Nathan Power
www.securitypentest.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
It would hardly be worth mentioning otherwise.
Cheers,
Mitja
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf
Of Dan Kaminsky
Sent: Thursday, June 02, 2011 5:36 PM
To: secur...@acrossecurity.com
Cc:
On Tue, May 31, 2011 at 01:16:48PM +1000, Daniel Hood wrote:
Anyone else seen this going around?
I've got a couple of links coming through for this via hacked email
accounts. Looks like its installing FakeAV.
Links include:
www [dot] epo4 [dot] com [slash] find11.html
I can't seem to
But it *is* worth mentioning that you have to create the malicious dll file,
copy it to the system, create folders etc, and all the other mumbo jumbo to
exploit this in the default configuration. So, the answer to Dan's
question is actually, no, you can't. Which brings into question the
Thor, the Online Proof of Concept section of the blog post points you to a
*remote*
exploit (without any warning) but let me repeat the link here:
http://www.binaryplanting.com/demo/XP_2-click/test.html
Visit this with IE8 on 32-bit Windows XP.
Please find further information here:
Thor, the Online Proof of Concept section of the blog post points you to a
*remote*
exploit (without any warning) but let me repeat the link here:
http://www.binaryplanting.com/demo/XP_2-click/test.html
Visit this with IE8 on 32-bit Windows XP.
Please find further information here:
Hello list!
I want to warn you about security vulnerabilities in ADSL modem Callisto
821+ (SI2000 Callisto821+ Router).
These are Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities. Which I've found in your modem. In April I've already drew
attention of Ukrtelecom's
Two things:
1) Are you sure a stock build of Windows doesn't pop a security
warning when right clicking the file:// IFRAME? You might have munged
your test OS.
2) You're getting closer with this Send To stuff, but you're still
socially engineering. Definitely better than classic please download
I'll call you on that. Set it up, send it out, and show us how many people IRL
you can actually get this to be exploited on. Your assumptions that the
majority will fall because of inherent casualness has no basis whatsoever,
and it just more blah-blah-windows-blah-blah crap from the Windows
Asterisk Project Security Advisory - AST-2011-007
++
| Product | Asterisk |
Hi,
Nice revelations here. what we need to understand here is that the majority
of Windows users there *will* fall for the remote exploit because of their
inherent casualness(some actually think that 7 is the nicest OS ever made).
I appreciate the efforts taken in finding these exploits,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List.
I need some help
What are some top Universities in information security in the
world? Which one is the best? preferably in the States or U.K ?
I know this sounds strange since most college dropouts are
historically the best hackers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Perdue has a top notch infosec program (check out
http://www.cerias.purdue.edu/) and Carnegie Mellon hosts CERT
(http://www.cert.org/) and has an excellent reputation. Ross Anderson
teaches at Cambridge and working with him is extremely prestigious.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2252-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
June 02, 2011
While I make no claims of being a security professional, the abolute best
thing you can do is look into schools that will lead to the prestigious CEH
certification, highly vaued in the infosec community, which will teach you
to use complex tools like sqlmap, nmap, and if youre skilled enough,
This is a joke, right?
On Thu, Jun 2, 2011 at 11:29 PM, t0hitsugu tohits...@gmail.com wrote:
While I make no claims of being a security professional, the abolute best
thing you can do is look into schools that will lead to the prestigious CEH
certification, highly vaued in the infosec
Wowa wowa steady there. Only nmap has a GUI and CLI is a bit eleet for full
disclosure at this stage. We should probably be suggesting he take some of
the blackhat courses offered at BlackHat HQ, the only real con with real
hackers who hack and find xss. (tm)
On Thu, Jun 2, 2011 at 11:29 PM,
On Thu, 2 Jun 2011, Benji wrote:
Wowa wowa steady there. Only nmap has a GUI and CLI is a bit eleet
for full disclosure at this stage. We should probably be suggesting
he take some of the blackhat courses offered at BlackHat HQ, the
only real con with real hackers who hack and find xss.
Well.. that cleared that up, then. lol.
On Thu, Jun 2, 2011 at 11:35 PM, Benji m...@b3nji.com wrote:
Wowa wowa steady there. Only nmap has a GUI and CLI is a bit eleet for full
disclosure at this stage. We should probably be suggesting he take some of
the blackhat courses offered at BlackHat
I thought you'd say Supreme Court Jester, for some reason or another.
Chris.
On Fri, Jun 3, 2011 at 12:39 AM, Paul Heinlein heinl...@madboa.com wrote:
On Thu, 2 Jun 2011, Benji wrote:
Wowa wowa steady there. Only nmap has a GUI and CLI is a bit eleet
for full disclosure at this stage.
This caught my eye, maybe our friend can get some free online training from
the gurus at sensepost
https://twitter.com/sensepost/status/74049270814212097
On Thu, Jun 2, 2011 at 11:47 PM, Christian Sciberras uuf6...@gmail.comwrote:
I thought you'd say Supreme Court Jester, for some reason or
Dan,
1) Are you sure a stock build of Windows doesn't pop a security
warning when right clicking the file:// IFRAME? You might have munged
your test OS.
IE allows you to right-click on a folder (but not on a file or on the
background) inside a file:// iframe without popping up a security
On Thu, Jun 2, 2011 at 12:22 PM, persuz92...@hush.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List.
I need some help
What are some top Universities in information security in the
world? Which one is the best? preferably in the States or U.K ?
I know this sounds
You are correct; a *true* professional knows to use Cain and Able (but
thats not something you'll learn at school)
On Jun 2, 2011 3:33 PM, Cal Leeming c...@foxwhisper.co.uk wrote:
This is a joke, right?
On Thu, Jun 2, 2011 at 11:29 PM, t0hitsugu tohits...@gmail.com wrote:
While I make no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
VMware Security Advisory
Advisory ID:VMSA-2011-0009
Synopsis: VMware hosted product updates, ESX patches and VI
Client update
29 matches
Mail list logo