KF(The Whitehat) wrote:
If I were you bill I would find the nearest building and throw myself
from the roof.
Oh yeah please rm -rf / that box before you jump!
-KF
Dear whitehat,
In regards to the second half of your e-mail, I would like to make a
suggestion. That suggestion would be that you
Actrually I prefer evening primose filters myself. General tone gives
lots of real
information and many blather, but one can easily filter by hand. I
live in one of
those stupid all male social environments. I don't want judgements
being made
for me. I don't like harsh and dismissive. It
while discussing the jpeg overflow problem and remembering the similar bmp
issue, one of my co-workers (thanks lars) brought up the idea of
sanitizing jpgs on the gateway level. google found me no hints for
existing stuff except a modified micro_proxy for converting png 2 jpg from
2001, when png
A PoC for the Windows XP JPEG has been published. Because of the potential
impact, it is anticipated that this exploit will be widely used by worms and
other malware within a short period of time.
http://www.gulftech.org/?node=downloads
Regards,
[EMAIL PROTECTED]
http://exploitwatch.org
http://www.pcwelt.de/know-how/extras/103039/
PC-WELT discovers and fixes serious security issue in
Windows XP SP2
Windows XP Service Pack 2 with Advanced Security
Technologies helps you protect your PC against viruses,
hackers, and worms. - this is how Microsoft promotes its
Service Pack 2 on
Hi Dinis,
I've looked over some of your materials - thanks for the links.
However I am still unsure how an ASP.NET application, running in Full Trust,
can circumvent NTFS permissions. Given the following situation, how would
this be accomplished?
a) Windows 2003 / IIS 6.0 running in Worker
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 549-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
September 17th, 2004
-- Corsaire Security Advisory --
Title: Business Objects WebIntelligence XSS issue
Date: 27.05.04
Application: WebIntelligence 2.7, Business Objects 5.1
Environment: Various
Author: Stephen de Vries [EMAIL PROTECTED]
Audience: General distribution
Reference: c040527-002
-- Scope --
The aim of
-- Corsaire Security Advisory --
Title: Business Objects WebIntelligence arbitrary document deletion issue
Date: 27.05.04
Application: WebIntelligence 2.7, Business Objects 5.1
Environment: Various
Author: Stephen de Vries [EMAIL PROTECTED]
Audience: General distribution
Reference: c040527-001
[EMAIL PROTECTED] wrote:
A PoC for the Windows XP JPEG has been published. Because of the potential
impact, it is anticipated that this exploit will be widely used by worms and
other malware within a short period of time.
http://www.gulftech.org/?node=downloads
It might indeed, but I see it more
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200409-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:gtk2, gdk-pixbuf
Announcement-ID:SUSE-SA:2004:033
Date:
The only problem is this..there is no reason to sanitize jpeg's
as this is not a jpeg issue but a Microsoft problem when dealing
with jpeg's. Things that do not depend on the dll are not
affected(mozilla/firefox and opera if i remember correctly). If
this was a jpeg issue then everything
Ron DuFresne wrote:
scroll down there and do the custom patching, that will get you the GDI+
scanner, and any other patches you are missing, once that installs it will
scan for M$ apps needing the jpeg patch. Then you are directed to the
windows appplications update page. Of course to get the
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:XFree86-libs, xshared
Announcement-ID:SUSE-SA:2004:034
Date:
sure I'll get right on that.
want me to fdisk all the drives while I am at it?
-KF
r00t3d wrote:
KF(The Whitehat) wrote:
If I were you bill I would find the nearest building and throw myself
from the roof.
Oh yeah please rm -rf / that box before you jump!
-KF
Dear whitehat,
In regards to the
Symantec acquires @stake...
http://www.atstake.com/events_news/press_releases/template.html?usa/091604
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Davide Del Vecchio Dante Alighieri [EMAIL PROTECTED] ~ [EMAIL PROTECTED]
http://www.alighieri.org
Hello,
We are glad to announce the release of the VulnDisco
RADIUS protocol testsuite 1.2.
The purpose of this testsuite is to evaluate RADIUS
protocol implementations from the security point of view.
VulnDisco RAIDIUS testsuite written in Python and licensed
under GPL.
The testsuite has
You use the term whitehat like a dirty word?.
Who needs a hat?.
--- KF(The Whitehat) wrote:
---
--- If I were you bill I would find the nearest building and throw myself
--- from the roof.
---
--- Oh yeah please rm -rf / that box before you jump!
--- -KF
---
--- Dear whitehat,
--- In
On Fri, 17 Sep 2004 23:03:10 +1200, Nick FitzGerald said:
And, your suggestion does not say what to do with bad JPEGs -- it
seems you assume the JPG to PNG convertor will necessarily and
correctly deal with such invalid input. Do we really know that is a
valid assumption?
There's also
sort of what I was getting at..
I own a grey beanie...not really a hat.
*grin*
--- Ahh, but, where would the world be without an us and them mentality,
--- perhaps safer and more peaceful and all that. and who needs
--- that smirk!
---
--- Thanks,
---
--- Ron DuFresne
---
---
--- On Sat, 18
On Fri, 17 Sep 2004 01:58:21 +0300, nobody said:
IF you people really do think billy's *that* retarded, you'd better
improve your sense of humor... One can't be that retarded in the IT
field... :P
If programmers were carpenters, the first woodpecker that came along
would destroy civilization.
Ahh, consolidation, one has to love it as much as outsourcing. and one
has to question how many @stake employees will find themselves pink
slipped in the consolidation process...
Thanks,
Ron DuFresne
On Fri, 17 Sep 2004, Davide Del Vecchio wrote:
Symantec acquires @stake...
You won't ever find me wearing a hat... they mess my afro up.
-KF
Sean Crawford wrote:
You use the term whitehat like a dirty word?.
Who needs a hat?.
--- KF(The Whitehat) wrote:
---
--- If I were you bill I would find the nearest building and throw myself
--- from the roof.
---
--- Oh yeah
Ahh, but, where would the world be without an us and them mentality,
perhaps safer and more peaceful and all that. and who needs that smirk!
Thanks,
Ron DuFresne
On Sat, 18 Sep 2004, Sean Crawford wrote:
You use the term whitehat like a dirty word?.
Who needs a hat?.
--- KF(The
Mcafee acquired foundstone, Symantec acquires
@stake... lets see if they will improve their
product's SECURITY!
bipin
Symantec acquires @stake...
http://www.atstake.com/events_news/press_releases/template.html?usa/091604
__
Do you
(20040917) Information __
---
--- This message was checked by NOD32 antivirus system.
--- http://www.nod32.com
---
---
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This hidden Administrator account is part of Windows XP and NOT IBM's
porblem.
Every Windows XP system ships and installs with the Administrator and blank
password.
This hidden account has been known about for some time, just like Windows
2000
Administrator account is the same way. There are ways
I will be out of the office starting 09/17/2004 and will not return until
01/01/2005.
If you need something, you should you need something right away, please
contact Scott Yeager at 512-505-5195
*
Disclaimer
In compliance with
Billy,
I've been dealing with this Root fellow for years! I've found this page to be
very informative!
http://www.baseball-reference.com/r/rootch01.shtml
--
-Dave
[EMAIL PROTECTED]
On Thu, 16 Sep 2004, Billy B. Bilano wrote:
Dudes,
Think again... IBM thinks its their problem since hiding the admin account is
something IBM had to do on purpose.. so, IBM owned it and is fixing it.
-Original Message-
From: Chris Norton [mailto:[EMAIL PROTECTED]
Sent: Friday, September 17, 2004 11:59 AM
To: Michael Scheidell; [EMAIL
yes, my two biggest complaints:
1) they bypassed telling you there was one
2) if you knew about it, and wanted to change it, they told you that you would lose
data if you did!
(xp manual install recommends that you put a password on it!)
___
Well, that would be good news since once they get hired elsewhere, they'll
probably secure more companies than they have ever done.
- Original Message -
From: Ron DuFresne [EMAIL PROTECTED]
To: Davide Del Vecchio [EMAIL PROTECTED]
Cc: Full Disclosure [EMAIL PROTECTED]
Sent: Friday,
All,
Just got an attachment in this afternoon. The zipped file conatins 3
files:
1. foto.jpeg
2. foto.html
3. expander.exe
that will extract to its own foto directory when clicked on. Also, when
clicked on, the foto (not bad :) ) will be shown while the file
expander.exe is being installed.
Negative.
In previous versions of Windows (NT core), the install would allow you to
simply strike enter at the appropriate time, when being queried for an
administrator password, and voila - the administrative password would be
blank.
Windows XP manual install will ask if you are sure, while
I guess that means If you call IBM support and you have changed your local
administrator password to anything other than blank, then we may not be able
to help you out of the bind you have gotten yourself into (data loss).
IBM had decided that the average user (of their systems) cannot be trusted
I integrate tons of these PC and personally have always looked to it as a
back door in. My client aren't smart enough to figure this out. I realize
that is no excuse.
Looks like I am just going to have to image one of these before IBM patches
it :)
~pingywon MCSE
http://www.pingywon.com
Why is it that the GDI+ dll was fixed for PictureIT back it February '04?
If you pull down all the patches, the PictureIT patches date to 02/26/04
and the XP SP1 patch dates to 03/02/04? Then add to it XPSP2 is already
patched. Did MS sit on this patch until there was an exploit available in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: gdk-pixbuf/gtk+2
HA, you fools! Charlie Root is once again attempting to subvert
attempts to find out his true identity.
Everyone who has been tracking him for a while knows that Charlie Root
is an alias! Unfortunately the only picture ever taken of this wiley
character is from his youth:
I may not have a clue but when I read the email from the author of this POC it
stated that it was a poc to show where the overflow will occur and doesn't actually
exploit the vulnerability. Furthermore the vulnerability is a heap based overflow
which means that successful worm like
2) if you knew about it, and wanted to change it, they told
you that you would lose data if you did!
Amazingly enough, they are telling the truth. Security-related information for
that account, such as personal certificates, saved passwords, etc., are deleted
if the password is reset. Because
I guess that means If you call IBM support and you have
changed your local
administrator password to anything other than blank, then we
may not be able
to help you out of the bind you have gotten yourself into
(data loss).
See my prior post. To change the password without losing the
43 matches
Mail list logo