On 3/4/08, lsi [EMAIL PROTECTED] wrote:
[19:15] lsi2lsi: hiya! ... so i was nearly vished today ...
[19:16] lsi2lsi: mobile rings - hello, we're calling from Lloyds TSB,
/schnip
--from whocallsme.com
I have contacted Adeptra (note spelling) to ask them if they are the
owners of this number.
WebCT 4.x Javascript Session Stealer Exploits
Software: WebCT Campus Edition 4.x (http://secunia.com/product/3280/)
Affected Version: 4.1.5.8
Discoverer: Benjamin balupton Lupton
Date Discovered: November 2005
Date Reported: 25/06/2007
Software Author Contacted (again) on: 20/07/2007
Date
hey dude, how is merely sending a single datagram not going to be faster
than doing an entire handshake?
On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer [EMAIL PROTECTED] wrote:
This is not true. I doubt there is any measurable advantage
of UDP vs. TCP scans if you do it right.
dude, you don't need the entire handshake for tcp scanning.
On Wed, Mar 5, 2008 at 2:54 PM, Andrew A [EMAIL PROTECTED] wrote:
hey dude, how is merely sending a single datagram not going to be faster
than doing an entire handshake?
On Tue, Mar 4, 2008 at 12:53 AM, Sebastian Krahmer [EMAIL
Hi dude,
On Wed, Mar 05, 2008 at 04:54:16AM -0800, Andrew A wrote:
hey dude, how is merely sending a single datagram not going to be faster
than doing an entire handshake?
First, to know whether a TCP port is open you do not need
a complete handshake. A single TCP packet is enough.
I doubt
Hi,
all due to the unreliable nature of UDP.
But the most important thing is, that if you do it large scale*,
you have to wait for some sort of reply anyways,
either TCP SYN|ACK or some application data. This time of waiting
can be used to SYN/request yet another 10,000 hosts.
Thus, how
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings.
I preface that this is not a discovery, but rather a simple observation.
http://www.goolag.org
I am finding that it takes only a few seconds for Google to block query
requests, BY IP! With this in mind, Goolag Scanner is actually an
That single UDP datagram is definitely faster. Compare the Code Red
worm to Sapphire (SQL Slammer), for instance:
Previous scanning worms, such as Code Red, spread via many threads,
each invoking connect() to probe random addresses. Thus each thread's
scanning rate was limited by network latency,
Hello,
In the light of recent discussions about firewire / DMA hacks, we would
like to throw in some of the results of our past research on this topic
(done mainly by Peter Panholzer) in the form of a short whitepaper. In
this paper, we demonstrate that the firewire unlock attack (as
implemented
sub ha scritto:
Previous scanning worms, such as Code Red, spread via many threads,
each invoking connect() to probe random addresses.
what the hell is this? visiting the iniquity of the applications upon
the protocols? Winsock is probably the only API that lets you connect()
asynchronously
No, but if you're querying the services for data you do.
On 3/5/08, Dmitry [EMAIL PROTECTED] wrote:
dude, you don't need the entire handshake for tcp scanning.
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:058
http://www.mandriva.com/security/
Dear All,
That said the original work on this from metlstorm is in the news [1]
and can be found here : http://storm.net.nz/projects/16
[1] http://it.slashdot.org/article.pl?sid=08/03/04/1258210from=rss
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [ERRATA UPDATE]GLSA 200801-09:03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
===
Ubuntu Security Notice USN-583-1 March 05, 2008
evolution vulnerability
CVE-2008-0072
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
###
Luigi Auriemma
Application: Perforce Server
http://www.perforce.com
Versions: = 2007.3/143793
Platforms:Windows, Unix, Linux and Mac
Bugs: NULL pointers, invalid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:059
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:060
http://www.mandriva.com/security/
http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
===
Ubuntu Security Notice USN-584-1 March 05, 2008
openldap2.2, openldap2.3 vulnerabilities
CVE-2007-6698, CVE-2008-0658
===
A security issue affects the following Ubuntu
On Wed, Mar 5, 2008 at 3:09 PM, Ivan . [EMAIL PROTECTED] wrote:
http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html
they also pwned my toothpaste and gave me diarrhea :( :( :(
H A C K E D B Y C H I N E S E, LOLOLOLOLOL
titan rain is dark comedy at its finest!
wouldn't be the first time that National intelligence agencies have
comprised IT gear
http://en.wikipedia.org/wiki/Crypto_AG
On Thu, Mar 6, 2008 at 10:51 AM, coderman [EMAIL PROTECTED] wrote:
On Wed, Mar 5, 2008 at 3:09 PM, Ivan . [EMAIL PROTECTED] wrote:
On Wed, Mar 5, 2008 at 4:07 PM, Ivan . [EMAIL PROTECTED] wrote:
wouldn't be the first time that National intelligence agencies have
comprised IT gear
true; i just meant that an elaborate back door isn't even necessary
when the front door lock can be bumped open (titan rain :)
the athens
On Wed, Mar 5, 2008 at 11:51 PM, coderman [EMAIL PROTECTED] wrote:
On Wed, Mar 5, 2008 at 3:09 PM, Ivan . [EMAIL PROTECTED] wrote:
http://www.pcpro.co.uk/news/173883/chinese-backdoors-hidden-in-router-firmware.html
they also pwned my toothpaste and gave me diarrhea :( :( :(
H A C K E D B Y
Typical media dramatization. No where in the article does it state that
backdoors HAVE been found in router firmwares.
Next we'll be seeing Japanese tactical nukes Hidden in Toyota trunks
On Thu, Mar 6, 2008 at 10:09 AM, Ivan . [EMAIL PROTECTED] wrote:
Next we'll be seeing Japanese tactical nukes Hidden in Toyota
trunks
And who knows what the French are putting in that cheese.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greets.
It does not matter so much if there is no hard proof about the router
firmware containing backdoors set in place by Chinese manufacturers.
~From a security perspective, it is a potential threat which should be
addressed, especially for
there is also the case of fake Cisco routers etc doing the rounds.
Whether these devices are back doored is anyones guess
http://news.zdnet.co.uk/communications/0,100085,39284348,00.htm
http://www.voipforyourbusiness.com/index.php?option=com_contenttask=viewid=115Itemid=1
On Thu, Mar 6,
Why stop at routers switches? You could own far more devices by
backdooring BIOS', HDD's, etc, all of which are often produced in Far East
countries.
On Thu, Mar 6, 2008 at 12:47 PM, Times Enemy [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greets.
It does not
I dont think they have
http://www.hqlaptops.com/hard-drives/infected-seagate-hard-drives
http://www.taipeitimes.com/News/taiwan/archives/2007/11/11/2003387202
On Thu, Mar 6, 2008 at 1:28 PM, quispiam lepidus
[EMAIL PROTECTED] wrote:
Why stop at routers switches? You could own far more devices
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings.
I agree, that the threat does not stop at firmware for routers and
switches. Even with open source, or dare i type, even more so with open
source, the threat for maliciously modified code exists. This is not a
new threat, per se,
I believe their work is an expansion of this:
http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html,
which demonstrated the vuln. in XP (and, according to the paper, it's been
demonstrated with other OS's as well), and their work was
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1512-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Thijs Kinkhorst
March 05, 2008
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Quoting PC Pro article: SecureTest believes spyware could be easily
built into Asian-manufactured devices such as switches and routers,
providing a simple backdoor for companies or governments in the Far East
to listen in on communications.
It seems
Come on, where are the evidences? Sounds pretty much like racialism.
Usually the engineers are having a hard time on even getting the
routers and switches functional for mass market; there won't be any
time left for them to plant well hidden backdoors.
On Thu, Mar 6, 2008 at 7:09 AM, Ivan .
On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said:
Come on, where are the evidences? Sounds pretty much like racialism.
Usually the engineers are having a hard time on even getting the
routers and switches functional for mass market; there won't be any
time left for them to plant well
On Thu, 06 Mar 2008 11:38:27 +0800, Jerome Jar said:
Come on, where are the evidences? Sounds pretty much like racialism.
Usually the engineers are having a hard time on even getting the
routers and switches functional for mass market; there won't be any
time left for them to plant well
OK, only if hidden backdoors are also part of their function specs...
I have friends in a router manufacturer. Besides basic functionalities
that a router must have, they usually have to deal with some
ridiculous requirements from customers. Mmmm, I also start to suspect
the customers *want*
On Thu, 6 Mar 2008, Roger A. Grimes wrote:
As somewhat indicated in the paper itself, these types of physical
DMA attacks are possible against any PC-based OS, not just Windows.
If that's true, why is the paper titled around Windows Vista?
I guess it makes headlines faster. But isn't as
On Wed, Mar 05, 2008 at 04:30:35PM -0500, Roger A. Grimes wrote:
As somewhat indicated in the paper itself, these types of physical DMA
attacks are possible against any PC-based OS, not just Windows. If that's
true, why is the paper titled around Windows Vista?
I guess it makes headlines
Why isn't there a patch?
From: [EMAIL PROTECTED]
Site: http://www.vashnukad.com
Application: Linux Kiss Server v1.2
Type: Format strings
Priority: Medium
Patch available: No
The Linux Kiss Server contains a format strings vulnerability that, if run
in foreground mode, can be leveraged for
Salut, Roger,
On Wed, 5 Mar 2008 16:30:35 -0500, Roger A. Grimes wrote:
As somewhat indicated in the paper itself, these types of physical
DMA attacks are possible against any PC-based OS, not just Windows.
If that's true, why is the paper titled around Windows Vista?
That's very easy:
Within most corporate networks, what effective methods can be used,
from the network's perspective, to block mass Google queries?
Probably you are best with some kind of ratelimiting and/or content inspection
of http traffic.
Probably some payload injection in the flow and blocking the user
46 matches
Mail list logo