On 4/20/13, Sergio Alvarez shad...@gmail.com wrote:
Why instead of discussing about ethics about 0days, don't you discuss about
responsible DEVELOPMENT instead?
If products where properly designed and developed there wouldn't be 0days
for them, would them?
Only if the designers developers
sense
as a list of weird networking problems I've seen.
Lee
You will never have a switch per area; it doesn't work like that, you'll
have a series of distribution routers for routing to customers. Mail, www,
shell, SIP, whatever will be other services which of course are on one to a
milloin
I hope I'm not just feeding the troll...
A local admin is an admin on one system. The domain admin is an admin
on all systems in the domain, including mission critical Windows
servers. With temporary domain admin privs, the local admin could log
into the AD and change permissions / passwords for
Software: RomPager/4.07 UPnP/1.0
Issue: A reboot can be caused when a special crafted http request is sent.
Other Details: This version of RomPager is seen on a number of
residential routers that are shipped by a number of different ISP's.
The router I personal know it effects is the d-link
Hi,
Uh oh... This is a very huge security risk. It's not KeySoft's
fault (I'd say) - it's the network services on Windows CE's
problem. If someone does write a web app or a program which
launches automatically on the Apex, and if this program came
through standard ports on the network, then
access to the routers. That's a bit harder to
defend against.
Regards,
Lee
On 7/1/10, Dobbins, Roland rdobb...@arbor.net wrote:
On Jul 2, 2010, at 7:01 AM, Dan Kaminsky wrote:
Permanent DoS's are unacceptable even from intentionally malicious
traffic, let alone a few nmap flags. They're
On Tue, Dec 29, 2009 at 10:23 AM, T Biehn tbi...@gmail.com wrote:
This is an orgiastic dump of information, you must really hate ETB; or
you must be really excited for lulz.
or you're hoping that full disclosure will get ETB to fix the problem.
Regard,
Lee
-Travis
On Tue, Dec 29, 2009
On Tue, Dec 29, 2009 at 12:08 PM, T Biehn tbi...@gmail.com wrote:
This is a hiroshima versus 'harmless' mountain demonstration debate,
Lee. Because the post includes the raw data including ports, passwords
and ranges one must assume
no, I don't have to make that assumption
that Cilia
/*DoS code for Cisco VLAN Trunking Protocol Vulnerability
*
*vulerability discription:
*http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml
*
*To Known:
* 1.the switch must in Server/Client Mode.
* 2.the port ,attacker connected,must be in trunk Mode.
* Cisco Ethernet ports
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
James (njan) Eaton-Lee | UIN: 10807960
uld easily be read by a third party. [x] Alert me whenever I'm about to view an encrypted page that contains some unencrypted information.As soon as I click on OK, Firefox tries to load the webbug image.Regards,Lee
___
Full-Disclosure - We believe in it.
Cha
Lee E Rian/TCO/HQ/BOC wrote on 08/29/2006 01:49:40 PM:
I found something interesting w/ the cat6000s - telnet 127.0.0.11
gets you into the switch telnet 127.0.0.12 gets you into the router
% snmpget 127.0.0.11 sysDescr.0
RFC1213-MIB::sysDescr.0 = STRING: Cisco Systems WS-C6509.Cisco
far as I'm aware, so anything you buy now
*should* support WPA2. I'm not sure when this requirement came into
effect, though..
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
All at sea again / And now my hurricanes
Have brought down this ocean rain
animated cursors.
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
smime.p7s
Description
direct relevance this has to what I just said...
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php
Gadi,
Gadi Evron wrote:
It has relevance to what you replied to.
No doubt - but unfortunately not the part of it that I was actually
responding to; this isn't actually a reply to what I said, just a random
vaguely topical link.
- James.
--
James (njan) Eaton-Lee | UIN: 10807960
have any reply to make to what I actually *said*?
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
shocked since the account
was associated with dead bank details, anyhow..)
- James.
--
James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)
sites: https://www.bsrf.org.uk ~ http://www.security-forums.com
ca: https
Given the .co.uk domain name and the fact that it is a highschool computer, my thoughts are that this infers an RM (research machines) network.I have heard of this method working on RM networks in the past involving windows 98 machines, although I cannot verify that it works (the or now).
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Brian Jung Myeng Lee
Homepage: http://koreanbrian.com
___
Full-Disclosure - We believe
Nigel Horne [EMAIL PROTECTED] wrote on 06/28/2006 10:50:27 AM:
Dereck Martin wrote:
I have used AVG from Grisoft before.
I used to think AVG were good guys until the domain
park site www.clamav.co.uk appeared.
What makes you think Grisoft registered that domain?
Domain name:
On Fri, 2006-05-26 at 10:22 +0100, Justin Mason wrote:
(volume of accounts in thousands). However that's from 7 years
ago :(
There may be more recent figures but a quick google can't find 'em.
Wikipedia has some good ones on the 'Bank' page:
--
James (njan) Eaton-Lee | 10807960
On Fri, 2006-05-26 at 12:49 +0100, James Eaton-Lee wrote:
On Fri, 2006-05-26 at 10:22 +0100, Justin Mason wrote:
(volume of accounts in thousands). However that's from 7 years
ago :(
There may be more recent figures but a quick google can't find 'em.
Wikipedia has some good ones
I am suggesting that we all cooperate and produce a Code of
Conduct for participating on the Full Disclosure mailing list.
Suggested start :-
0a) Read the list charter.
0b) Realize that the Acceptable Content and Posting Guidelines
sections really do apply to you and not just
You would have to agree that Full Disclosure is a rather different (if
not alternate) mailing list. So one of the things i would do would be
using your favourite email client filters to reduce the noise and make
sure you won't read from specific people anymore, i've done so :)
What do you do
We proud to announce the release of a new site dedicated to security
conferences : http://www.security-briefings.com
What's wrong with this picture
a security related site that assumes visitors will have javascript
enabled
___
Full-Disclosure - We
Group Policy Works
http://technet2.microsoft.com/WindowsServer/en/Library/eb0042e3-699b-4c49-abcc-e3526dbecc0e1033.mspx
has quite a good overview of how Group Policy functions.
- James.
--
James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org
Semper Monemus Sed Non Audiunt, Ergo Lartus
[Advisory] # +Thu Mar 16 21:01:28 EST 2006+ # Buffer Overflow in Microsoft
Access
1. HISTORY
21-1-2006 - Vendor Notification.
22-2-2006 - Vendor Reply.
16-3-2006 - Public Disclosure.
APPENDIX A VENDOR INFORMATION
http://www.microsoft.com
APPENDIX B REFERENCES
RFC 3814
CONTACT
[EMAIL
.
--
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
will find that the address is irrelevant to MS.
Then... Is there anyone who knows what the meaning of this string sequence is?
Best Regards,
YH Lee.
- Original Message -
From: Raoul Nakhmanson-Kulish (en) [EMAIL PROTECTED]
To: Adi Pircalabu [EMAIL PROTECTED];
full-disclosure
://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:https://www.cacert.org/index.php?id=3
for playing.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean
believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca
On Wed, 2005-11-16 at 12:20 -0700, Dave King wrote:
While it still may not be millions of people several products come
bundled with the desktop edition of SQL Server 2000, and I'm sure many
will come with SQL Server 2005 Express. As far as I can tell by reading
the paper (but not testing it
On Mon, 2005-11-14 at 12:24 -0800, Bart Lansing wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Y'know...I usually take what you have to say with a grain of
salt...and maybe a few grains of pain killer...and let it go, but
enough already. If it wasn't for me you wouldn't have an
On Tue, 2005-11-15 at 10:38 -0500, Scott T. Cameron wrote:
On Tue, Nov 15, 2005 at 09:24:50AM -0600, n3td3v n3td3v wrote:
know need to give your name.
I know it already youz all dont get how powerful i am.
Who said British humour was dead?
It's not dead, it's just resting.
On Mon, 2005-11-14 at 01:02 +, n3td3v wrote:
Yet another fuckwit basing their opinion on someone they don't know.
If it wasn't for me you wouldn't have an internet to sent your packets
on right now. You take people at face value instead of getting to know
them first.
Oh no, guys! He's
On Sat, 2005-11-05 at 14:49 -0800, Brian Dessent wrote:
snip
Don't security professionals know how to use email
for god's sake?
Hi! You must be new to the list - little tip, but keep it to yourself;
Full Disclosure isn't entirely populated by security professionals ;)
/flippancy
- James.
On Mon, 2005-10-31 at 10:48 -0600, Todd Towles wrote:
Step 1 - Go to Google.
Step 2 - Search for filetype:pdf Insert Subject
Step 3 - Repeat Step 1 and Step 2 for all subjects needed.
Step 4 - Remember to get quote sources for all work as a responsible
researcher.
Step 5 -
://secunia.com/
-- _ Lee Quinton, CISSP.Key:0x2F6DF7B4FP: E841 44EA F7AC E53D 3577 A5EF AA83 65BC 2F6D F7B4
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia
Go here also,
http://www.spamhaus.org/
_
Lee Quinton, CISSP.
Key:0x2F6DF7B4
FP: E841 44EA F7AC E53D 3577 A5EF AA83 65BC 2F6D F7B4
On 9/10/05, Aditya Deshmukh [EMAIL PROTECTED] wrote:
One of domains is getting a *very* high number of 419 spams from an addressdelegated
believe in it.Charter:
http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/-- _
Lee Quinton, CISSP.Key:0x2F6DF7B4FP: E841 44EA F7AC E53D 3577 A5EF AA83 65BC 2F6D F7B4
___
Full-Disclosure
Dear all,
I discovered that an svchost.exe start when the server start.
This svchost.exe try to sync_sent to random http host when I view from
netstat, active port, and pviewer.
However, does anyone know which worms/torjon/normal process causes the
svchost do such job? and how to stop this?
Is
The svchost.exe will stop to run when I stop the automatic update.
But I'm sure the IP tried to connect by the svchost is NOT MS related site.
218.213.255.29
80.15.249.167
Regards,
Howard
Thanks.
I've check all the IP which the process generate. Part of them can be
confirmed as Microsoft IP.
I'm now contacting Microsft for the remaing IP list and asking them the
details about automatic update.
I think it is a valid windows update.
Microsoft
207.46.19.93
207.46.244.219
45 matches
Mail list logo