Horse riding around schools won't be allowed, if they wouldn't let me bring
a paintball gun in, they won't allow this.
On 25 Feb 2014 18:19, Pete Herzog li...@isecom.org wrote:
How to teach hacking in school and open up education:
s/with their Facebook or Twitter credentials//g
On Tue, Feb 4, 2014 at 10:51 PM, security curmudgeon
jeri...@attrition.orgwrote:
: From: Mark Litchfield mark () securatary com
: As previously stated, I would post an update for Ektron CMS bypassing :
the security fix.
: A full step by
(infosec) care about is money and not helping
the world.
On 3 Oct 2013 08:41, Benji m...@b3nji.com wrote:
No-one is making you do anything.
If you don't feel like helping for free, like in the old days (2 years
ago..) then don't
Jeeze, I remember when you guys used to moan that a company had
I look forward to see who wins in this argument over personal opinion.
On Tue, Apr 23, 2013 at 4:12 PM, Gregory Boddin greg...@siwhine.net wrote:
You have to think about end-users as well ... Those are impacted first,
not the vendors.
On 23 April 2013 16:51, Georgi Guninski
, and that a 'QA'
process of any type will not make up for developer mistakes.
Sent from my iPhone.
On 22 Apr 2013, at 07:39, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Apr 20, 2013 at 7:37 PM, Benji m...@b3nji.com wrote:
Because security engineers are different to a QA department you originally
Yes, after the people that can make mistakes, we should have people that
are incapable of making mistakes. I totally agree, what a good idea.
On Sat, Apr 20, 2013 at 10:28 PM, Bryan br...@unhwildhats.com wrote:
The code monkeys can make mistakes as long as there is a process to
detect and
Let me expand on that, otherwise I'm sure it's unclear.
Is your suggestion, to remove the worry of developers making mistakes, to
add another human process after it and rely on this to remove all mistakes?
On Sat, Apr 20, 2013 at 10:54 PM, Benji m...@b3nji.com wrote:
Yes, after the people
their
vulnerabilities, more responsible QA testing within the company will
prevent many of these vulnerabilities from occurring in the first
place. Or do you have a better idea?
On Sat, Apr 20, 2013 at 11:06:33PM +0100, Benji wrote:
Let me expand on that, otherwise I'm sure it's unclear
(in my opinion)
On Sat, Apr 20, 2013 at 11:42 PM, Benji m...@b3nji.com wrote:
Yes, a better idea would be to educate and inform developers. At a
business level atleast this will a) save extra expenditure on needless
staff and extra departments b) result in faster turn arounds as there's
, that involves
hiring specialized staff.
On Sat, Apr 20, 2013 at 11:49:22PM +0100, Benji wrote:
(in my opinion)
On Sat, Apr 20, 2013 at 11:42 PM, Benji m...@b3nji.com wrote:
Yes, a better idea would be to educate and inform developers. At a
business level atleast
to think through each implication of
each feature they implement
Solution: Hire security engineers to think through each implication.
Why are we disagreeing?
On Sun, Apr 21, 2013 at 12:11:51AM +0100, Benji wrote:
Your proposition was that developers will always make mistakes and
introduce
(For example,
http://webcache.googleusercontent.com/search?q=cache:2cXGaaHnqyMJ:www.computerworld.com/s/article/9235954/Researchers_find_critical_vulnerabilities_in_Java_7_Update_11+cd=8hl=enct=clnkgl=uk)
On Sun, Apr 21, 2013 at 12:37 AM, Benji m...@b3nji.com wrote:
Because security engineers
Sorry, by flaws, I should have said, *has not prevent bad code/ineffective
patches from being pushed out
On Sun, Apr 21, 2013 at 12:41 AM, Benji m...@b3nji.com wrote:
(For example,
http://webcache.googleusercontent.com/search?q=cache:2cXGaaHnqyMJ:www.computerworld.com/s/article/9235954
LIke the one you just sent?
On Fri, Mar 29, 2013 at 1:07 PM, Jerry dePriest jerr...@mc.net wrote:
**
wow, another important fucking post that has NOTHING to do WHAT SO EVER
with FD. farging hypocrites...
I could spend HOURS pointing out the bullshit posts, at least mine has
merit.
FOAD
of hacker script punks thinking
FOAD
hurhurhur
On Fri, Mar 29, 2013 at 1:10 PM, Jerry dePriest jerr...@mc.net wrote:
I'll could spend the whole day pointing out stuff that isn't pertinent
to this list.
at least I have a moral motive, not just a bunch of hacker script punks
thinking
STOP STRESSING YOUR HEART JERRY, OR THAT OPERATION YOU HAD ON IT WONT SAVE
YOU
On Fri, Mar 29, 2013 at 4:00 PM, Gage Bystrom themadichi...@gmail.comwrote:
Personal habit when it comes to posting on lists that has nothing to do
with integrity.
On Mar 29, 2013 8:55 AM, Jerry dePriest
I think its getting ridiculous, if you don't have a name in the industry
you're getting sued for the vast majority of bugs you solve...
And on the other hand, those same companies give away 3-15.000 for a
single bug if the researcher happens to be known :|
Examples please
On Wed, Mar 20, 2013
Actually, adding input sanitisation really wouldnt increase the code size
that much. Are you just incompetent?
On Wed, Mar 6, 2013 at 7:46 AM, Źmicier Januszkiewicz ga...@tut.by wrote:
Dear list,
Well, I suppose this had to be a proof-of-concept piece of code to
demonstrate how port
Replace you with they if you want.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Arbitrary moral compass? Amazing.
Please, explain the morals behind finding a bug, reporting it, getting a slap
on the a wrist, and then running a vuln scanner against the site? If his true
intent was to see if it was fixed, I would suggest that he checked it with the
finesse, logic and
Someone please explain to me why he had to run a vulnerability scanner to
check one vulnerability, and again, how are we still arguing about this?
Whether you think he had a 'right' to test this or not, he was either too
dumb or too naive to know it was against the law.
If anyone would like to
He found the vulnerability by running Acunetix against the system. He is
what most be would describe as, a class A moron.
On Mon, Jan 21, 2013 at 8:43 PM, Frank Bures lisfr...@chem.toronto.eduwrote:
A student has been expelled from Montreal’s Dawson College after he
discovered a flaw in the
On Thu, Jan 17, 2013 at 9:20 AM, COPiOUS copi...@hushmail.com wrote:
In my opinion they are, since a software crack allows unauthorized use of
software and the exposure of (possible) trade secrets
How is this possible with a cracked app but not one that isnt cracked?
So you would say, that you find the things he posts of interest?
Please expand on how and why anti automation bugs in unknown cms's are of
interest?
On Mon, Dec 31, 2012 at 11:58 PM, some one s3cret.squir...@gmail.comwrote:
If you do not like or find of interest what the guy posts is it not
posts.
Regards
On Jan 1, 2013 3:04 PM, Benji m...@b3nji.com wrote:
So you would say, that you find the things he posts of interest?
Please expand on how and why anti automation bugs in unknown cms's are
of interest?
On Mon, Dec 31, 2012 at 11:58 PM, some one s3cret.squir...@gmail.comwrote
in other news, have you heard of the super cool site hacktalk.net where
they almost have 1000 members?
On Thu, Dec 20, 2012 at 3:13 PM, Luis Santana hackt...@hacktalk.net wrote:
Not a single fucking exploit on the entire site. gg sir, gg
On Dec 10, 2012, at 2:17 PM, tig3rh...@tormail.org
l33t', print it out, and then shit on it.
Suck my dick.
On Fri, Dec 21, 2012 at 10:12 AM, Benji m...@b3nji.com wrote:
You say n00bz welcome, where is my assistance and the warm atmosphere to
embrace me into the world of script kiddy-ism? Oh, and the obvious literary
genius.
On Fri, Dec 21
On Dec 21, 2012, at 3:22 AM, Benji m...@b3nji.com wrote:
in other news, have you heard of the super cool site hacktalk.net where
they almost have 1000 members?
On Thu, Dec 20, 2012 at 3:13 PM, Luis Santana hackt...@hacktalk.netwrote:
Not a single fucking exploit on the entire site. gg sir, gg
but uh, the main page runs SMF not WeBid so I'm not really
too sure where you pulled that from. Good job though, maybe santa will give
you some of his cookies for your effort.
On Dec 21, 2012, at 5:26 AM, Benji m...@b3nji.com wrote:
Also genius, I know you're quick to kick things down because you
What we need is a robots2.txt that defines what users are allowed to access
the robots.txt file.
Problem solved.
On Mon, Dec 10, 2012 at 11:33 PM, Gynvael Coldwind gynv...@coldwind.plwrote:
Hey,
Here is an example:
An admin has a public webservice running with folders containing
Yup, this is most likely.
Sent from my iPhone
On 27 Nov 2012, at 15:41, Gregor S. rc4...@googlemail.com wrote:
More interesting than the rootkit itself is how it found it's way into the
box.
Chances are that Squeeze has a non-disclosed 0day, and that's worring me a
bit...
On Mon,
Command execution through Dynamic DNS setup is quite clearly not expected
functionality.
On Mon, Nov 26, 2012 at 11:28 AM, Gary Driggs gdri...@gmail.com wrote:
On Nov 26, 2012, at 1:47 AM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
Is a privilege escalation vulnerability in Linux not
.. coul
On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca lu...@sulweb.org wrote:
Hello *,
I've setup my browser to remember login password at my server phpmyadmin
login page. It usually fills the two fields correctly, but today it showed
this crap instead:
.. could you have provided any less information? why dont you look through
your code instead of emailing a screenshot to a mailing list? really?
On Mon, Nov 19, 2012 at 4:47 PM, Benji m...@b3nji.com wrote:
.. coul
On Mon, Nov 19, 2012 at 4:45 PM, Lucio Crusca lu...@sulweb.org wrote:
Hello
.
Sorry for not knowing non-industry terms used by 1% of the populous you hipster.
Sent from my iPhone
On 15 Nov 2012, at 03:45, Nick FitzGerald n...@virus-l.demon.co.uk wrote:
Benji wrote:
Oracle attacks?
See into the future?
Padding oracle attacks?
Oracle SQL injections?
You noobs
:
Benji wrote:
Oracle attacks?
See into the future?
Padding oracle attacks?
Oracle SQL injections?
You noobs...
http://www.drdobbs.com/understanding-oracle-attacks-on-informat/184405917
(Don't get too tied up in the crypto stuff in that article.)
klondike's point
companies.
Sent from my iPhone
On 15 Nov 2012, at 18:59, klondike klond...@klondike.es wrote:
El 15/11/12 09:47, Benji escribió:
Sometimes when people argue over the definition of '0day', it is important
to be clear.
I never called my attack a 0-day, did I?
Although the bash script made it clear
, klondike klond...@klondike.es wrote:
El 15/11/12 09:47, Benji escribió:
Sometimes when people argue over the definition of '0day', it is important
to be clear.
I never called my attack a 0-day, did I?
Although the bash script made it clear, I have never ever seen someone call
'user enumeration
This has nothing to do with the client. The service is at fault.
Also for the record, r/netsec is a huge circlejerk.
On Wed, Nov 14, 2012 at 10:20 AM, Kirils Solovjovs
kirils.solovj...@kirils.com wrote:
The team has worked around this and are now trying to fix the
bug/feature. :)
0-day means it is being actively used in the wild.
No it does not.
On Wed, Nov 14, 2012 at 2:52 PM, Christian Sciberras uuf6...@gmail.comwrote:
0-day means it is being actively used in the wild.
Is this the case?
Chris.
On Wed, Nov 14, 2012 at 10:52 AM, ReVuln i...@revuln.com wrote:
Oracle attacks?
See into the future?
Padding oracle attacks?
Oracle SQL injections?
On Wed, Nov 14, 2012 at 3:44 PM, klondike klond...@klondike.es wrote:
El 14/11/12 11:20, Kirils Solovjovs escribió:
The team has worked around this and are now trying to fix the
bug/feature. :)
This is why I find the standard security mantra of disable root
logins and use su / sudo to be extremely silly.
I think you've taken that far too literaly. My understanding of it is to
protect against a) brute force retardation b) dumb attackers. Noone said
it's supposed to completely protect
The advice weakens your system from a local perspective granted, but if an
attacker has a local user on your box already, it's already game over.
Yes, if you were a user with intelligence. I must've forgot that everyone
that uses a computer does so with sense.
On Sat, Nov 10, 2012 at 6:30 PM,
from the lowest denominator up, not top down.
On Sat, Nov 10, 2012 at 6:49 PM, Benji m...@b3nji.com wrote:
The advice weakens your system from a local perspective granted, but if an
attacker has a local user on your box already, it's already game over.
Yes, if you were a user with intelligence
also while we're at it can you please remove all references to common
sense and logic in any emails that are in the full disclosure archive.
wait...
On Sun, Oct 21, 2012 at 2:09 PM, ZeroDay.JP unixfreaxj...@gmail.com wrote:
Full Disclosure Maillist Admin, please kindly delete the posted email of
..
On Tue, Oct 2, 2012 at 6:40 AM, Vulnerability Lab
resea...@vulnerability-lab.com wrote:
Title:
==
Paypal BugBounty #9 - Persistent Web Vulnerabilities
Date:
=
2012-10-02
References:
===
http://www.vulnerability-lab.com/get_content.php?id=646
Why did you report this to UKCERT?
On Tue, Oct 2, 2012 at 7:16 AM, Scott Herbert
scott.a.herb...@googlemail.com wrote:
-
Affected products:
-
Product : Zenphoto 1.4.3.2 (and maybe older) fixed in 1.4.3.3
Affected function:
Dear genius
I believe the point was to not give credit
lot of love,
captain obvious
On Mon, Sep 24, 2012 at 4:04 PM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
{*} samba 3.x remote root by bla...@fail0verflow.com {*}
Give some credit to the guy who actually made this.
2012/9/24
you seem surprised by the level of idiocy, are you new to this list?
On Mon, Sep 17, 2012 at 2:42 PM, Julius Kivimäki
julius.kivim...@gmail.com wrote:
Did you guys seriously just send five different advisories on five different
vulnerable parameters on one vulnerable script?
2012/9/17 HTTPCS
Christian, are you suggesting the people from itsecuritypros.org are
infact, idiots?!
On Sat, Sep 8, 2012 at 12:02 PM, Christian Sciberras uuf6...@gmail.com wrote:
His initial email doesn't make him look like a newb? Really?
Quoting: It appears Adobe has become a whore to Google like Mozilla.
Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
any more data through their back channels by using their browser.
is that why you use gmail?
On Sat, Sep 8, 2012 at 10:14 PM, Jeffrey Walton noloa...@gmail.com wrote:
Hi Chrisitan,
[Corrected Title]
I'll feed you one
.
On Sat, Sep 8, 2012 at 5:18 PM, Benji m...@b3nji.com wrote:
Explorer and IE vulnerabilities. Plus, I'm not trying to feed Google
any more data through their back channels by using their browser.
is that why you use gmail?
On Sat, Sep 8, 2012 at 10:14 PM, Jeffrey Walton noloa...@gmail.com
well Im glad we got multiple emails saying you all agree,.
On Thu, Sep 6, 2012 at 8:50 AM, Michael D. Wood m...@itsecuritypros.org wrote:
I agree. Splunk *IS* doing what it was designed to do.
--
Michael D. Wood
ITSecurityPros.org
www.itsecuritypros.org
From: JxT
this list is and it's many
failings, then I think I have succeeded. Stay classy, keep fighting
whatever fight you're fighting.
On Mon, Aug 27, 2012 at 5:45 PM, Igor Igor unclyi...@gmail.com wrote:
Robots.txt not supported in any printer.. too bad, all listed in all major
search engine
Benji
User interaction is required to exploit this vulnerability in that
the target must visit a malicious page or open a malicious file.
sorry, what?
On Wed, Aug 22, 2012 at 4:48 PM, ZDI Disclosures
zdi-disclosu...@tippingpoint.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-149
but with bowling 4 crypto as email, natural and logical 2 assume u
plan big crypto massacre, how many innocent bits will we lose this
time?
On Sat, Aug 11, 2012 at 8:07 PM, Hambone Turkey
bowling4cry...@gmail.com wrote:
So I know FD isn't Craigslist but I figured its my best bet. I am looking
Ok.
On Mon, Aug 13, 2012 at 2:28 PM, Jann Horn jannh...@googlemail.com wrote:
On Sun, Aug 12, 2012 at 09:47:57PM +0200, Jann Horn wrote:
And finally, I've found another vuln that essentially lets apps gain root
rights without asking the user, and I will release all details about it in
two
ah fantastic, a lesson on trolling and bullying. what a valuable
service you are providing.
On Thu, Aug 9, 2012 at 8:19 PM, Pete Herzog p...@isecom.org wrote:
Hi,
Version 2 of Hacker Highschool (www.hackerhighschool.org) is wrapping
up. We will begin publishing/replacing each lesson as we
wait, this was a serious email? not like this bro, not like this.
On Sun, Jul 29, 2012 at 11:08 PM, kaveh ghaemmaghami
kavehghaemmagh...@googlemail.com wrote:
I think ur on vacation now aren't u Plus nobody ask u to read my
post and i am not interested about ur opinion keep it for yourself
LOL @ script kiddie == terrorist
By that logic, public urination is an act of arson.
Both acts are petty and at best deserve to face a firing squad at dawn.
On Thu, Jul 19, 2012 at 2:53 PM, valdis.kletni...@vt.edu wrote:
On Wed, 18 Jul 2012 09:16:29 -0400, Abdikarim Roble said:
As some of
All compromised systems talk to the Internet to dump data or route spam.
yup, this is 1000% true and utterly foolproof.
On Mon, Jul 16, 2012 at 2:48 PM, Gary Baribault g...@baribault.net wrote:
I suggest one of the first answers was the good one, intercept the traffic
routed to the internet
SO you're talking about making a baseline?
On Mon, Jul 16, 2012 at 7:52 PM, Ali Varshovi ali.varsh...@hotmail.com wrote:
Hello everybody and thank you for your useful comments.
Now I'm thinking that we need a comparison base or normal behavior profile to
be able to detect any deviations or
Yes, god Jann, you're such a moron.
On Fri, Jul 13, 2012 at 9:46 AM, Gokhan Muharremoglu
gokhan.muharremo...@iosec.org wrote:
You can find an example page and combined vulnerabilities below URL.
This example login page is affected by Predefined Post Authentication
Session ID Vulnerability.
x
On Thu, Jul 12, 2012 at 2:15 PM, generic...@hushmail.com wrote:
Benji,
Do you write anything but scathing criticism? I've never seen you
contribute anything of use to this list. You must be a real pleasure in
person.
Sent
around.
Come to Europe, we show you how to party@#!
On Fri, Jul 13, 2012 at 3:10 PM, Григорий Братислава
musntl...@gmail.com wrote:
On Thu, Jul 12, 2012 at 9:15 AM, generic...@hushmail.com wrote:
Benji,
Do you write anything but scathing criticism? I've never seen you
contribute anything
Yes but you live in cave x
On Fri, Jul 13, 2012 at 3:56 PM, Григорий Братислава
musntl...@gmail.com wrote:
On Fri, Jul 13, 2012 at 10:44 AM, Benji m...@b3nji.com wrote:
Come to Europe, we show you how to party@#!
Is that is what Greeks and Spaniards call this behaviour? Is funny, to
me
Ah, please send more emails explaining the faults of retarded
programmers and serious vulnerabilities, and then link to an owasp
page.
Can you explain HTTPOnly cookies to me? I will only accept your
explanation if you can justify an impact of Critical, a likelihood of
High and a severity of High?
I have no words, just shock.
On Wed, Jul 11, 2012 at 9:34 AM, Gokhan Muharremoglu
gokhan.muharremo...@iosec.org wrote:
Vulnerability Name: Predefined Post Authentication Session ID Vulnerability
Type: Improper Session Handling
Impact: Session Hijacking
Level: Medium
Date: 10.07.2012
Vendor:
Just read this crap due to your amazing emails. Crap code, easily bypassable.
On Wed, Jul 11, 2012 at 9:37 AM, Gokhan Muharremoglu
gokhan.muharremo...@iosec.org wrote:
http://sourceforge.net/projects/iosec/
This module provides security enhancements against (HTTP) Flood Brute
Force Attacks
Thank you for confirming that, and providing an even sup3r c00ler POC.
I have always wondered how nc works, and combined with system, it
seems it makes a super exciting vulnerability.
On Fri, Jul 6, 2012 at 5:32 PM, larry Cashdollar lar...@me.com wrote:
verified,
hey! let them having something to add to CV! Stop be fun police!
Everyone know security isnt actually about security, just make CV look
super cool.
On Fri, Jun 29, 2012 at 10:45 PM, Morris, Patrick patrick.mor...@hp.com wrote:
-Original Message-
From: Joseph Sheridan
I hear Trustwave are reporting similar issues, like the fact you can
specify remote mysql servers in new installations, amazing right? Do
you work for them?
Btw, with phpmyadmin you can injection sql commands !!!
On Fri, Jun 22, 2012 at 12:00 AM, Denis Andzakovic
Which antisec kids? Unfortunately due to some poeple being utterly delued,
such as yourself, throwing that word around it's rather ambiguous now.
On Sun, Jun 10, 2012 at 10:49 PM, Laurelai laure...@oneechan.org wrote:
On 6/10/12 5:09 PM, Thor (Hammer of God) wrote:
OK, I’ll bite this one
You're the one that suggested a real suggestion would be to use an
'alternate os'.
Live in a cave please?
On Sun, Jun 10, 2012 at 10:56 PM, Laurelai laure...@oneechan.org wrote:
On 6/10/12 5:54 PM, Benji wrote:
Which antisec kids? Unfortunately due to some poeple being utterly delued
People using this service definitely wont be up to anything clever or
interesting, so it's barely a concern.
I mean really, this is useful?
On Mon, May 7, 2012 at 4:17 PM, Gage Bystrom themadichi...@gmail.com wrote:
Anyone visiting a compromised site can get the hash, meaning anyone
who is
Wow, yiou're like the jehovahs witnessess of the internet.
Stop with the childish bitching and grow up. Last time I checked
intern0t was also a script kid breeding ground.
On Sat, May 5, 2012 at 2:54 PM, InterN0T Advisories
advisor...@intern0t.net wrote:
Hi List,
To stop MustLive's desperate
:
On 4/25/12 4:48 AM, Benji wrote:
except it was rather obvious why.
On Wed, Apr 25, 2012 at 10:27 AM, Laurelailaure...@oneechan.org wrote:
On 4/25/12 3:56 AM, Georgi Guninski wrote:
On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote:
On Tue, 24 Apr 2012 17:36:55 +0200
And choosing to believe any of the other reasons when you think you're
an '1337 hacker' and are involved in that world, is a personality
problem, end of.
On Wed, Apr 25, 2012 at 10:58 AM, Laurelai laure...@oneechan.org wrote:
On 4/25/12 4:54 AM, Benji wrote:
No, with open eyes sight. If you
You should be paranoid if someone could construe what you're doing as illegal.
On Wed, Apr 25, 2012 at 11:07 AM, Laurelai laure...@oneechan.org wrote:
On 4/25/12 4:59 AM, Benji wrote:
And choosing to believe any of the other reasons when you think you're
an '1337 hacker' and are involved
except it was rather obvious why.
On Wed, Apr 25, 2012 at 10:27 AM, Laurelai laure...@oneechan.org wrote:
On 4/25/12 3:56 AM, Georgi Guninski wrote:
On Tue, Apr 24, 2012 at 12:15:26PM -0400, valdis.kletni...@vt.edu wrote:
On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said:
if you read his
in soviet russia, lesson teaches you. in west, no lesson learnt by anyone.
On Thu, Apr 12, 2012 at 9:51 PM, Adam Behnke a...@infosecinstitute.com wrote:
Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2:
http://seclists.org/fulldisclosure/2012/Apr/123
The posting was
How came im not surprised that public proxies are being abused for brute
force attacks?
You're just that far ahead of the curve?
On Tue, Apr 10, 2012 at 5:17 AM, n...@myproxylists.com wrote:
Hi
To any security-aware VPN providers out there reading this:
More than 800 hosts (mostly from
Yes, because this is incredibly new.
On Tue, Mar 6, 2012 at 8:54 PM, Zach C. fxc...@gmail.com wrote:
Even so, watch all the advisories pour in now for cookie-based SQL
injection. :/
On Mar 6, 2012 12:44 PM, valdis.kletni...@vt.edu wrote:
On Tue, 06 Mar 2012 14:28:51 CST, Adam Behnke said:
plz to tell me how long you left cluster fuzzer running to find this hole
size of a pin?
On Fri, Feb 24, 2012 at 3:08 PM, Thomas Richards g13...@gmail.com wrote:
# Exploit Title: PHP Gift Registry 1.5.5 SQL Injection
# Date: 02/22/12
# Author: G13
# Software Link:
A priv8 php shell, funniest thing I've ever heard on this list.
On Mon, Feb 20, 2012 at 1:37 PM, Gage Bystrom themadichi...@gmail.comwrote:
Uhh no, you misread what he said. He's saying he's seen that code in a few
php shells that were supposedly meant to be private but the authors were
Dear full-disclosure
I wrote to you to tell you about serious serious vulnerability in all
Windows versions.
If you turn machine on before system is configured, then you be able to set
user password yourself, big gaping hole
I make big large botnet to fully utilise this impressive
:11 PM, Julius Kivimäki
julius.kivim...@gmail.comwrote:
Funny but no, this does not need a non-installed wordpress.
2012/1/25 Benji m...@b3nji.com
Dear full-disclosure
I wrote to you to tell you about serious serious vulnerability in all
Windows versions.
If you turn machine on before
Sorry, you think people should be making a living off reporting open
redirect disclosure?
On Thu, Dec 8, 2011 at 2:53 PM, Charles Morris cmor...@cs.odu.edu wrote:
Michal/Google,
IMHO, 500$ is an incredibly minute amount to give even for a error
message information disclosure/an open
the money for issues that they claim to offer for issues
is not only dishonest but it is discouraging to beginning researchers.
I've personally seen it happen.
On Thu, Dec 8, 2011 at 9:57 AM, Benji m...@b3nji.com wrote:
Sorry, you think people should be making a living off reporting open
Which country is UNIQPASS registered as a tm?
On Fri, Dec 2, 2011 at 1:47 AM, adam a...@papsy.net wrote:
- reduce abuse
The concerning part is that you're serious. Tell me, how does someone
paying for a list of STOLEN passwords reduce abuse?
This email, your obsession with LulzSec and the
Oh thank god, this thread has now become a case of 'look how big my penis
will be in x amount of months'.
On Mon, Nov 21, 2011 at 12:24 PM, Darren Martyn
d.martyn.fulldisclos...@gmail.com wrote:
Jason has a good point. Now to make a simple statement - I am not (nor was
I) agreeing with the
and where in vTiger is this manipulatable from?
On Wed, Oct 5, 2011 at 11:02 AM, YGN Ethical Hacker Group li...@yehg.netwrote:
vTiger CRM 5.2.x = Remote Code Execution Vulnerability
1. OVERVIEW
The vTiger CRM 5.2.1 and lower versions are vulnerable to Remote Code
Execution. No fixed
Im sorry, why is it 'worrying' that a vpn provider that was a UK business
and was located in the UK, is subject to UK law?
On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn
d.martyn.fulldisclos...@gmail.com wrote:
Again, I hope this does not fail to send.
The reasoning behind the Pure Elite
, cheers,
xd
On 29 September 2011 22:45, Benji m...@b3nji.com wrote:
Im sorry, why is it 'worrying' that a vpn provider that was a UK business
and was located in the UK, is subject to UK law?
On Thu, Sep 29, 2011 at 9:51 AM, Darren Martyn
d.martyn.fulldisclos...@gmail.com wrote:
Again, I
methods, defeat simple plans benji.
xd
On 29 September 2011 22:53, Benji m...@b3nji.com wrote:
Yes they do. If you buy a server in America for example, even if you are
located in Russia, they are required by federal law to hand over your
details wherever you may reside. I dont know where
, Benji said:
Just because something is advertised as 'anonymous' doesnt mean it's 'so
anonymous you can break the law' and anyone using a EU/US-related country
to
do this is either stupid or naive.
There's also those servers that advertise anonymous and likely to stay
that
way because
not shat themself, then it would be a non story.
On 29 September 2011 23:00, Benji m...@b3nji.com wrote:
'Abuse' emails and court orders are very different.
On Thu, Sep 29, 2011 at 1:59 PM, xD 0x41 sec...@gmail.com wrote:
err, you are limited in those countries dude... id really checkup
If you hover over the t.co links the alt= tag holds the real url.
On Tue, Sep 27, 2011 at 4:11 PM, dave bl db.pub.m...@gmail.com wrote:
On 28 September 2011 01:00, Mario Vilas mvi...@gmail.com wrote:
On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky d...@doxpara.com wrote:
Ok, now nobody can
How can a product on version 2.6.1 be described as 'new' ?
On Wed, Aug 24, 2011 at 12:04 AM, Juan Sacco
jsa...@insecurityresearch.comwrote:
INSECT Pro is a new free tool for Penetration Testing and the ultimate
resource to demonstrate the security or vulnerability of your network.
INSECT Pro
Let's not be ridiculous
Heck, at this point you even topped MustLive's stuff in uselessness
On Tue, Aug 9, 2011 at 7:24 AM, Christian Sciberras uuf6...@gmail.comwrote:
OK, let's take this in parts;
1. Here's a little secret. Life sucks no matter how you look at it. Now go
cry in a corner,
1 - 100 of 252 matches
Mail list logo
