-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Clear text password exposure in Datakey's tokens and smartcards
Classification:
===
Level: [LOW]-med-high-crit
ID: HEXVIEW*2004*08*03*1
Overview:
=
Datakey (http://www.datakey.com) delivers smartcard and token-based
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
In the wise words of [EMAIL PROTECTED], on Wednesday 04 August 2004 07:08:
Clear text password exposure in Datakey's tokens and smartcards
[SNIP]
Cause and Effect:
=
The communication channel between the token and the
the swedish security group swehack is hosting it so it will remain
stable there, keep up the good work our underground friends in russia!
--
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Aditya, thanks a lot!
As a matter of fact, the following procedure try rebooting in safe mode
and running the scan provided to me by Stephen Blass
[EMAIL PROTECTED] did the trick.
I also got from Bernardo Quintero [EMAIL PROTECTED] this
alternate solution (untested, as the file seems to be
What were these highschoolesque drama fest parties?!?!? HAHHA.lame No
drama at the pivx parties just smart people and hot girls dancing in
their underwear. Nevermind that doesnt sound fun does it? noppers.
After all, you peeps get your kicks from debating off-topic style in
open forums in front
By the way, I just happened to be downloading PuTTY today to set up on a new
computer, and I saw that they released a new version:
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms,
along with an xterm terminal emulator. It is written and maintained primarily
by Simon
Application:thttpd
Vendors:http://www.acme.com/software/thttpd/
Version:2.07 beta 0.4 10dec99
Platforms: Windows
Bug:Directory Traversal
Date: 2004-08-04
Author: CoolICE
e-mail: CoolICE#China.com
Content:
in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Synopsis: Linux kernel file offset pointer handling
Product: Linux kernel
Version: 2.4 up to to and including 2.4.26, 2.6 up to to and
including 2.6.7
Vendor:http://www.kernel.org/
URL:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Exploitable Buffer Overflow in gv
Infohacking Security Advisory 08.04.04
www.infohacking.com
Aug 04, 2004
I. BACKGROUND
Infohacking team (me and myself) discovered a new and unreported local
root vulnerability in gv.
II. DESCRIPTION
The gv
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cmd.exe allow local (and sometimes remote) command execution
Infohacking Security Advisory 08.04.04
www.infohacking.com
Aug 04, 2004
I. BACKGROUND
We discovered a very dangerous local code execution vulnerability in
all
cmd`s. This issue can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
zen-parse ZP! told me that he discovered this vulnerability first...
Infohacking was missinformated... so we apologyze this mistake
Anyways you can still enjoy with my leet exploit
On Wed, 04 Aug 2004 03:18:53 -0700 Hugo Vazquez Carapez [EMAIL
Donato Ferrante
Application: Free Web Chat
http://sourceforge.net/projects/freewebchat/
Version: Initial Release
Bugs: Multiple Vulnerabilities
Date: 04-Aug-2004
Author: Donato Ferrante
e-mail: [EMAIL
Really the Cadillac of IPS, it is designed for high load networks. We were
very impressed with it but it carries a hefty price tag for that
performance.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul Schmehl
Sent: Tuesday, August 03, 2004 10:30
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:libpng
Announcement-ID:SUSE-SA:2004:023
Date:
I think he is just mad because he can't drink yet.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Mkrtchian
Sent: Tuesday, August 03, 2004 5:35 PM
To: Day Jay
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Defcon spelled half backwards is
Let some rich company get you beer? Why not..it doesn't make Microsoft more
secure...so what is the harm? lol
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Maynor
Sent: Tuesday, August 03, 2004 6:15 PM
To: Day Jay
Cc: [EMAIL PROTECTED]
Subject:
Ha Ha Ha !
Now get back to work.
Was there a specific advisory you were targeting for its obtusity? Or, do
you take exception to the presentation of advisories as a class?
- Original Message -
From: Hugo Vazquez Carapez [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August
I think he wasn't allowed to go to DefCon this year and now he's a bitter
boy
Of course there are Feds at DefCon how else would we be able to play
Spot the Fed without the Feds? :-)
Ex
- Original Message -
From: Martin Mkrtchian [EMAIL PROTECTED]
To: Day Jay [EMAIL
: Affected Packages: Corrected Packages:
OpenPKG CURRENT = png-1.2.5-20040629= png-1.2.5-20040804
= doxygen-1.3.8-20040725= doxygen-1.3.8-20040804
= ghostscript-8.14-20040630 = ghostscript-8.14-20040804
= kde-qt-3.2.3
Agreed. Please take your blackhat paranoia and your 0-day, and go root
a garbage can. Defcon's main purpose is to consume massive amounts of
alchohol and throw money at strippers. Down with the bartenders!
/m
Aditya, ALD [Aditya Lalit Deshmukh] wrote:
:Down with kiddies, down with admins,
Ron DuFresne wrote:
Still following here...
adding oneself to the list John mentioned might be the eaisier tack in
this situation, and make it so one is not hit by new implimentations, as
long as BIG-IP sites are not able to configure themselves out of the
do-not-probe listing as well;
John Hall
Frank Knobbe wrote:
Okay. I'm not sure how that would help since the server could just send
the reply. Actually, it could have sent several during the time it takes
to measure the round trip time. But this is not the place to discuss
3DNS merits.
Remember, we are only interested in RTT and
Mark wrote:
...
Yup, the TCP SYN packets I see do the same with the IPID.
(Embarrassed I missed that the first time I looked at them.) ;)
...
I disagree, if it is a DNS *server* I would think it wouldn't respond
with a RST. It would respond with a SERV FAIL because it's not
authoritative for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: libpng
Advisory ID:
Lionel Ferette wrote:
Note that this is true for almost all card readers on the market, not only for
Datakey's. Having worked for companies using crypto smart cards, I have
conducted a few risk analysis about that. The conclusion has always been that
if the PIN must be entered from a PC, and
Kiddie spelled half backwards and juxtaposed is die, dik.
Why don't you start an astalavistacon then?
The iDefense party got plenty of folks drunk, mission accomplished.
It's what happened AFTER the iDefense party that mattered ;)
-shag (the pronoun, damit)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo John!
On Wed, 4 Aug 2004, John Hall wrote:
Just about any response is useful for RTT/reachability measurement as long
as we can associate it back to the correct probe.
My name servers are not even in the same state or AS as my
dialups and
On Wed, 04 Aug 2004 09:17:04 PDT, Micah McNelly [EMAIL PROTECTED] said:
Agreed. Please take your blackhat paranoia and your 0-day, and go root
a garbage can. Defcon's main purpose is to consume massive amounts of
alchohol and throw money at strippers. Down with the bartenders!
If you
Los Alamos uses Tipping Point with apparently great results. They just did a
webinar with SANS over it last month. You can go to the archives on SANS site and
listen
---
Trey Keifer
Security Engineer - Level II
Fishnet Security
Direct:
816.701.2073
Main: 816.421.6611
Toll Free:
[EMAIL PROTECTED] wrote:
On Wed, 04 Aug 2004 09:17:04 PDT, Micah McNelly [EMAIL PROTECTED] said:
Agreed. Please take your blackhat paranoia and your 0-day, and go root
a garbage can. Defcon's main purpose is to consume massive amounts of
alchohol and throw money at strippers. Down with
On 4 Aug 2004, at 03:22, Paul Starzetz wrote:
Synopsis: Linux kernel file offset pointer handling
Product: Linux kernel
Version: 2.4 up to to and including 2.4.26, 2.6 up to to and
including 2.6.7
Vendor:http://www.kernel.org/
URL:
On Wed, Aug 04, 2004 at 11:49:50AM -0700, John Hall wrote:
It's possible the packets that solicited the traffic were spoofed, but
it's generally more likely that someone on your network browsed the site
in the last day or two and you just haven't yet been aged out of the list
of sites the
Los Alamos. Their problem seems to be with removable media
http://www.cnn.com/2004/TECH/science/07/23/security.losalamos.reut/
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keifer, Trey
Sent: Wednesday, August 04, 2004
1:25 PM
To:
[EMAIL PROTECTED]
Jeremiah Cornelius [EMAIL PROTECTED] forgot to start a new thread and use
a meaningful subject line and trim quoted text when he said...
http://www.cnn.com/2004/TECH/science/07/23/security.losalamos.reut/http://www.cnn.com/2004/TECH/science/07/23/security.losalamos.reut/
Officials condemned a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 536-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
August 4th, 2004
36 matches
Mail list logo