Re: [Full-disclosure] iKAT - The Interactive Kiosk Attack Tool v2.0 Released - http://ikat.ha.cked.net

On Wed, May 27, 2009 at 09:01:33PM +1200, Paul Craig wrote: [...] On a final note, the 'iKAT Girl' as some people call her ( the iKAT logo) , is a common point of contention people like to email me about. Apparently a half naked girl plucking a thong out of her ass is not acceptable when

Re: [Full-disclosure] Exploitation of unused IPv6-capabilities

Hi, The papers pointed to by the others are basically straight forward and not really new issues if you know how ARP poisoning works. The thing that makes me wonder and adds some new points is 'As soon as the victim has an IPv6 address issued by your radvd it will prefer -entries over

Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!

Hi dude, On Wed, Mar 05, 2008 at 04:54:16AM -0800, Andrew A wrote: hey dude, how is merely sending a single datagram not going to be faster than doing an entire handshake? First, to know whether a TCP port is open you do not need a complete handshake. A single TCP packet is enough. I doubt

Re: [Full-disclosure] Exploring the UNKNOWN: Scanning the Internet via SNMP!

On Tue, Mar 04, 2008 at 12:02:25AM +, Adrian P wrote: * Exploring the UNKNOWN: Scanning the Internet via SNMP! * http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/ Hacking is not only about coming up with interesting solutions to problems, but also

Re: [Full-disclosure] Am I missing anything ?

On Tue, 24 Jul 2007, Deeþàn Chakravarthÿ wrote: Hi, Yes. Do not forget to mention that Security 2.0 is only half of the truth. Folks tends to buy protections against any kind of Cross Brain Smashing (CBS) or Anti-Anti-Anti Think Pinning (AAATP) and used to let their X and telnet servers open.

Re: [Full-disclosure] Month of Random Hashes: DAY FOUR

On Thu, 14 Jun 2007, Month of Random Hashes wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [ITEM #1] md5: c6cab3a9af2ec1d281a6bf46ff61b3a8 sha1: eb4fdace21518071d68a72d37b395a609305b42f sha256: b11cb917eac32ac0c1f7d733eee8513e47e9681cbef25e2625f4a410b11d This one is old

Re: [Full-disclosure] hiding routers

On Wed, 18 Apr 2007, Kristian Hermansen wrote: Hi, All better firewalling equipment offers a stealth-routing feature; patches also exist for the Linux kernel. They can be detected using DF-bit and certain other fields within the IP hdr, depending on implementation and setup. Not decrementing TTL

Re: [Full-disclosure] Newest hacks

On Wed, 21 Mar 2007, Saeed Abu Nimeh wrote: Hi, This is not very different from the common session riding attacks happening since ages, except the part after the vulnerability (changing DNS or whatever). Internal 192.168.x.y img src= tags have been used since years to trigger intranet CGI's and

[Full-disclosure] Open Source call graph paper announcement

Hi, For those who are interested in: http://www.suse.de/~krahmer/instrumental/instrumental.pdf and http://www.suse.de/~krahmer/bbpaint/bbpaint.pdf The first one describes how to use certain GCC features to generate call graphs from a running program. The second one describes how ptrace() might

[Full-disclosure] Advisory * +Thu Mar 16 21:05:17 EST 2006+ * Directory Transversal in ISC INN

Advisory * +Thu Mar 16 21:05:17 EST 2006+ * Directory Transversal in ISC INN +++ I. Description Remote exploitation of a directory traversal vulnerability in ISC INN could allow attackers to overwrite or view arbitrary files with user-supplied

[Full-disclosure] no-NX paper announcement

Hi, A new paper describing NX technology and its limitations can be found at http://www.suse.de/~krahmer/no-nx.pdf It contains in depth discussion and sample code for the Hammer/Linux platform, analyzes the weaknesses and discusses countermeasures. regards, Sebastian -- ~ ~ perl self.pl ~

[Full-disclosure] SUSE Security Announcement: cvs (SUSE-SA:2005:024)

-BEGIN PGP SIGNED MESSAGE- __ SUSE Security Announcement Package:cvs Announcement-ID:SUSE-SA:2005:024 Date: Monday, Apr