Comments inline.
Jelmer wrote:
Just when I though it was save to once more use internet explorer I received
an email bringing my attention to this webpage
http://216.130.188.219/ei2/installer.htm that according to him used an
exploit that affected fully patched internet explorer 6 browsers.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|| From: http-equiv [EMAIL PROTECTED]
|| You and your friend provide nothing. Never have.
|| Never will. You and he ought remain in the peanut
|| gallery and let doer's do. Sit back keep your
|| mouth shut and learn from people who do.
provide what
And the 0-day is Thor Larholm's post being put down?
I said in my post that if this is a 0-day, please explain further.
I'd love it explained to me, if I can read through all the flames and
hate mail.
Gadi Evron.
[EMAIL PROTECTED] wrote:
!--
I hope I provided you with information to
When run remotely:
Line: 1
Char: 1
Error: Access is denied.
Code: 0
URL: http://62.131.86.111/security/idiots/repro/installer.htm
When run locally, software installation is blocked.
Using IE 6.0.2900.2096 SP2, WinXP SP2
I've gotta say that SP2 has some VERY nice protection builtin. On the
On Sat, Jun 05, 2004 at 07:27:07PM -0500, James Garrison wrote:
My WG602v2 with firmware 2.0RC5 does not appear to be vulnerable.
I cannot login with the super/5777364 combination.
Netgear has 'fixed' this by changing the username and password
to something else.
--
carmunity.com GmbH
Netgear has 'fixed' this by changing the username and password
to something else.
I heard the username has been changed to superman with the
password 21241036. I wonder whose phone number THIS is...
- Pera
___
Full-Disclosure - We believe in it.
but I forgot to attach it:
--
Christoph Gruber, Senior Security Architect
WAVE Solutions Information Technology GmbH
Nordbergstrasse 13, A - 1090 Wien, Austria
[EMAIL PROTECTED]
Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
PGP-Fingerprint: CCFF 5D66 7073 952C 7AB3 C2DF 435A C85C
On Tuesday 08 June 2004 10:05, [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]
I heard the username has been changed to superman with the
password 21241036. I wonder whose phone number THIS is...
maybe it's supermans phone number, or just pick up the phone and hit in those
numbers ;)
buzz
On Tue, Jun 08, 2004 at 10:05:56AM +0200, [EMAIL PROTECTED] wrote:
Netgear has 'fixed' this by changing the username and
password to something else.
I heard the username has been changed to superman with the
password 21241036. I wonder whose phone number THIS is...
Precisely. I'm pretty
many virusfilters filter *.reg files,
so here the TXT version:
--
Christoph Gruber, Security WAT1SE
WAVE Solutions Information Technology GmbH
Nordbergstrasse 13, A - 1090 Wien, Austria
[EMAIL PROTECTED]
Office: +43 1 71730 53514, Mobile: +43 664 81 22 66 1
PGP-Fingerprint: CCFF 5D66 7073
Quoting Jan Jungnickel [EMAIL PROTECTED]:
On Tue, Jun 08, 2004 at 10:05:56AM +0200, [EMAIL PROTECTED] wrote:
Netgear has 'fixed' this by changing the username and
password to something else.
I heard the username has been changed to superman with the
password 21241036. I wonder whose
Alive_condom.cpl
Description: Binary data
Hi Jelmer,
I've read your analysis of the trojan of 180 solutions and noticed the statement that
this issue uses two zero day exploits.
I'm trying to monitor and register IE vulnerabilities and have a strong feeling I've
seen the Location header execution before.
Just to be sure, are you
Although this ms-its exploit has been around ,the
true author of finding this is an UNKNOWN author. I remember when it was
_reported_ by Thor but he did not take credit. As for it being
0-day. It sure is. None of microsofts's patches stop it nor did
Norton AntiVirus Corp. I have no idea
This new exploit is unrelated to the
ms-its exploit
I could just as easily have done
response.setHeader(Location,
URL:res://shdoclc.dll/HTTP_501.htm);
and there would be no ms-its protocol
handler used in it, its just a local resource it loads , it could be a htm
file a
Michael Evanchik wrote:
Although this ms-its exploit has been around ,the true author of finding this is an
UNKNOWN author. I remember when it was _reported_ by Thor but he did not take credit.
As for it being 0-day. It sure is. None of microsofts's patches stop it nor did
Norton AntiVirus
[EMAIL PROTECTED] schrieb:
hex_temp[2],/* Temporary storage for hexadecimal conversion */
must be hex_temp[3]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This does not apply to any site that has applied the security fixes
available for many, many months. This is only affecting phpnuke.org
distro's, not any 'modified' or 'secured' distro, like betaNC, CPG-NUKE,
and others...
No additional patches dealing with these specifics below applied to
FYI,
Cheers to all
begin 666 ATT00577.eml
M1G)O;3H@(D-I=EB86YK(B \=7-EG,MW5P]R=# R0-I=EB86YK+F-O
M;3X-E1O.B \9-H;VYTF] 86)C+F=R/@T*4W5B:[EMAIL PROTECTED]:6)A;FL@
M:6YF;W)MR!Y;[EMAIL PROTECTED]P@,[EMAIL PROTECTED](#(P,#0@,[EMAIL PROTECTED],[EMAIL
PROTECTED] Q,#!=
M#0I$871E.B!7960L([EMAIL
At 10:53 AM 6/8/2004 -0500, Billy B. Bilano wrote:
Bill Bilano here, reporting in from the front-lines! I've got some
disturbing news that I've got to get some answers about while I share. I
think we're about to come under full hacker attack at any second! And to
those people that said us folks
###
Luigi Auriemma
Application: http://www.codemasters.com/tocaracedriver/
Versions: = 1.20
Platforms:Windows
Bugs: various crashs and spoofed messages
Risk: medium
Salutations, amigos!
Bill Bilano here, reporting in from the front-lines! I've got some
disturbing news that I've got to get some answers about while I share. I
think we're about to come under full hacker attack at any second! And to
those people that said us folks talking about crypto viruses
Mike,
I don't see anything funny about it! We could be looking at a virus the
likes of which we have never, ever seen before!
Hackers and scripter kiddies are getting crazier by the day! It was only a
matter of time until one of them unleashed the powers of the crypto!
Mr. Billy B.
Steve,
Sorry to say but it is not! I checked my incoming traffic again this morning
and the attack on port 443 is still coming in full steam ahead! I don't know
what's going on, but I am about to block that port on my firewall. Some
nitwit (probably the idiot that was here before I became IT
Bill,
From your post, you don't seem to have a great deal of
detailed information to share about this issue...
The virus works on port 443.
Wouldn't it then be, by definition, a worm?
It seems to accept inbound connections on that
port as well and, presumably, awaits for commands
from
Who exactly are you?
You come barreling into FD several months ago, long after it was
created. Pissing in your pants to have found a unmoderated new
mailing list. You run around on a spree posting every piece
drivel at every possible opportunity. You then latch onto
bugtraq riding the
Can you proof me wrong?
I'll give it a shot
Before sp1 you could simply load any local file into an iframe, then they
realized well this is a security risk and they removed that ability in sp1
There have been 5 issues found that circumvented this restriction (that I
know of)
1) Thor took a
Hi Harlan! Thanks for your reply... hard to make heads or tails of what you
are saying though...
Wouldn't it then be, by definition, a worm?
A worm or whatever you want to call it, that's cool. I just thought virus
sounds more alarming than worm! Everybody has had a worm or two, but a virus
is
On Tue, Jun 08, 2004 at 11:46:22AM -0500, Billy B. Bilano wrote:
Sorry to say but it is not! I checked my incoming traffic again this morning
and the attack on port 443 is still coming in full steam ahead! I don't know
what's going on, but I am about to block that port on my firewall. Some
1 Abstract
For nearly 10 months a handful of OpenBSD-developers is trying to fix
a plethora of payload handling flaws in isakmpd. On 2004/01/13 they
released something like a final patch to a broader public. The patch
protects against some specific attacks, but does not solve the
this is highly shortsighted..well maybe not..if you do not have any
users who do not use https...:)
Billy B. Bilano wrote:
Steve,
Sorry to say but it is not! I checked my incoming traffic again this morning
and the attack on port 443 is still coming in full steam ahead! I don't know
what's going
Whatever ssl is, I don't know but it's using the so-called ssl port on
the web servers. I don't think it has anything to do with whatever ssl
was back in the old days of UNIX. It has a lower port number and that
means it's an older port! Probably from the 1970s!
Besides, why should I see any
have you got any code or anything to substantiate this? Your site is
unreachable
Billy B. Bilano wrote:
Salutations, amigos!
Bill Bilano here, reporting in from the front-lines! I've got some
disturbing news that I've got to get some answers about while I share. I
think we're about to come
Good Morning List
been running some tests on an ASP dot Net web technology system, and ran
into some things that would be good FYI from a security perspective. Since
this is still new technology in some respects, there are some configuration
items that should be observed, or at least noted
Surely this is a poor attempt at comedy.
fyi,
The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the
security of a message transmission on the Internet. SSL has recently been
succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses
a program layer
I really hope this guy is not THIS retarded... her was certainly smart
enough to leave the XSS enabled on his guest book (which of course he
called a virus)...
6/8/04
Javascript hackers in my guestbook! GUESTBOOK UNDER SIEGE! I guess I
upset somebody with my finding out about their silly port
Men like me, we need a room full of clues
--Doug.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Harlan
Carvey
Sent: Tuesday, June 08, 2004 12:40 PM
To: [EMAIL PROTECTED]
Cc: Billy B. Bilano
Subject: Re: [Full-Disclosure] Possible First Crypto Virus
hi Guys,
I'm new to the list, so hello first ;)
I really dont know if you are just kidding or if I missunderstod your
post...
Port 443 is the SecureHTTP protocol (https) - so it is correct that it
is bound to a webserver process and it is correct that SSL-encryptet
traffic goes in and out - so
This is a hoax...check out his site he is known for things like this.
Jason Bethune
IT Specialist
Town of Kentville
354 Main Street
Kentville, NS
B4N 1K6
www.town.kentville.ns.ca
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James Bliss
How about renaming it to [EMAIL PROTECTED] More fitting methinks. :-)
-Original Message-
From: Billy B. Bilano
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 9:53 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
Hello Listmembers,
A brief call to the list: Please don't feed the troll.
My mail treshold from this list has enough bs.
Thanks.
--
Best regards,
Thierrymailto:[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Kenneth,
These are insidious hackers!
I did what you said and I am getting an exact duplicate of our web site!
They have probably infiltrated the system and are using this to capture our
customers' login information and passing it back to them encrypted! I can't
believe this!
I've already
Hi,
I just can admit to what Billy wrote. The Firewall of my PDA is getting
hot. It plays Yellow Submarine everytime I press the escape-key. It
has to be something like this crypto-thing. I don't know what crypto
means but it seems to be encrypted with EnglishLanguageProtocol.
Believe me, I have
Has george bush become a security researcher? Htf people can answer to this
thread?... Is this GOOBLES AGAIN?
Rodrigo.-
-Mensaje original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de Meeusen,
Charles D
Enviado el: Martes, 08 de Junio de 2004 13:50
Para: [EMAIL
The only thing funnier than this post are the responses to it.
Good show.
Cheers Billy, thanks for the laugh.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Billy B. Bilano
Sent: Tuesday, June 08, 2004 11:53 AM
To: [EMAIL PROTECTED]
Thanks! I needed that
-Original Message-
From: Jakob Jünger [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 1:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
Hi,
I just can admit to what Billy wrote. The Firewall
On Tue, 08 Jun 2004 10:53:29 CDT, Billy B. Bilano [EMAIL PROTECTED] said:
Bill Bilano here, reporting in from the front-lines! I've got some
disturbing news that I've got to get some answers about while I share. I
think we're about to come under full hacker attack at any second! And to
those
Oliver! Hello!
SSL is the same port as HTTPS ? OMFG then we have a bigger problem than I
ever imagined!! HOLY SMOKES! I am going to block port 443 right now and I
urge ALL of you to do the same before this gets out of control!
Also, Oliver, I am sure I am telling you something you don't know,
Hi, all,
I just discovered a new crypto virus. i just got in to my job as IT director
for a major defense contractor. i was smoking some crypto in the parking lot
before coming in and all of a sudden i started coughing, completely out of
the blue. i've never coughed before when smoking the crypto
Hi Dan,
That is hilarious, check out the two ASP.Net presentations below :)
http://www.digitaldefense.net/labs/presentations/Breaking.ASP.NET/
http://metasploit.com/confs/index.html
-HD
On Tuesday 08 June 2004 12:53, DAN MORRILL wrote:
Trace dot axd is a tracing function that can be
hi,
* Ng, Kenneth (US) [EMAIL PROTECTED] [2004-06-08 22:49]:
Question is, are you supposed to have a SSL server on that box? If so,
that's what it is. If not, then you definitely have a problem. Try
connecting to that box with the URL you normally use, just use https
instead of http. If
Make sure you block port 80 as well, the dreaded [EMAIL PROTECTED] virus uses this
port. If you see any traffic on there, then chances are you have it.
- Original Message -
From: Billy B. Bilano [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 8:00 PM
Subject: Re:
Greatest post of all time.
/me claps.
/m
- Original Message -
From: Goudie, Derek [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 1:54 PM
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!
Thanks! I needed that
-Original
I think the original OP just didn't know how to spell some words correctly.
I believe he actually meant to refer to a krypto virus which is one that
affects the Superman factor meaning that those of us who are supposed to
know it all and do it all, 24 hours a day without rest or even a shit, would
Squid Web Proxy Cache NTLM Authentication Helper Buffer Overflow
Vulnerability
iDEFENSE Security Advisory 06.08.04
www.idefense.com/application/poi/display?id=107type=vulnerabilities
June 8, 2004
I. BACKGROUND
Squid is a fully-featured Web Proxy Cache designed to run on Unix
systems and
We're all feeling a little silly today. This thread has kept me chuckling all
day tho. I don't know what's funnier, the tongue-in-cheek replies or the
serious ones!
On Tuesday 08 June 2004 16:06, Picciano, Anthony wrote:
Did I pick or weird day to join this maillist, or is it always this
I found the fix for it.
http://tinyurl.com/37p35
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Crypto's not new. We had an outbreak in Milwaukee 11 years ago. It's not
a virus, nor a worm, however. It's an amoeba!
It caused a lot of traffic on certain ports.
http://www.jsonline.com/news/metro/apr03/131542.asp
Thought I might weigh in with a serious comment (although I might regret
it later ;) ).
Any Web hack attack can be sent using the openssl s_client program. You
pipe your attack over an SSL connection to port 443 (or to whatever port
is defined as an SSL port on the victim host).
This has been
There seems to be another bug in XP's Help and Support. If you disable the
Help and Support service in the Services control panel and a user either
clicks on the Help and Support icon in the start menu, clicks on a URL that
starts with HCP:// or receives an email with an a link to HCP:// that will
So far I have analyzed the executables (or scripts) of worms, where
my aim was to determine the familiy of an unknown worm.
You can view some pictures at http://www.cwi.nl/~wehner/worms, where
you can also find more information about the approach I used.
Note that this is *work in progress*.
First the guy asking for the C# security scanner, and now him ...
What a waste of our time and resources.
sigh
Message: 29
From: Billy B. Bilano [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!
Date: Tue, 8 Jun 2004
62 matches
Mail list logo