Again, there's the problem with perception.
I don't interpret Jan's post as whining about the insecurity of the Internet
per se. To me, it appears he is simply noting, quite correctly IMO, that
there is an idiotic notion prevailing that somehow, because the Internet
*is* insecure, that it gives
0. (The primordial sin) The
vulnerable product is released ...
...
Vendors must work much harder
to avoid releasing ... code ...
Absolutely correct. Vendors who release code are the core problem.
Vendors should not release code, they should release its source.
Where this is not done,
Hi,
Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @
hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h
trojan (http://www.google.com.sg/search?hl=enq=netsnake.h)
Indeed. The malware, refered to in the jpg-exploit, was hosted as
msmsgs.exe (Netsnake-H) and has
i didn't notice you have disclosed this (or a very similar to it bug).
besides me more than 5 people tested variations of the testcase and it worked
for all of them.
can you comment on this testcases:
http://www.guninski.com/where_do_you_want_billg_to_go_today_1_demo2.html
Le ven 08/10/2004 à 20:09, Harry Hoffman a écrit :
Umm, should the Paladin of Security have weak locks? ;-)
His Holy Cyber-Blade of Justice should prevent them all through its 100
feet radius area of evil protection...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint:
By opening html in IE it is possible to read at least well formed xml from
arbitrary servers. The info then may be transmitted.
Can you clarify what is the security issue with reading information of
other servers from the web browser?
Am I missing the point here?
-- Aviv Raff
, 2004-10-08 23:52, morning_wood :
phood 4 th0ugh7,
last i heard being on the internet was voluntary...
( whether you are a person or business enity
and many successfull business have no internet presence )
if i am correct... being on the the internet is not manditory to
conduct life
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
hi,
Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @
hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h
trojan (http://www.google.com.sg/search?hl=enq=netsnake.h)
Indeed. The malware, refered to in the jpg-exploit, was hosted as
msmsgs.exe
On Fri, 2004-10-08 at 16:03, David Hane wrote:
I'm wondering how dangerous it is to allow a user on a
mysql db to view the grants for another user. Could
they take the encrypted password data and possibly
crack it? If they can, how easy is it?
I periodically export the mysql database with the
can you comment on this testcases:
http://www.guninski.com/where_do_you_want_billg_to_go_today_1_demo2.html
http://www.guninski.com/where_do_you_want_billg_to_go_today_1_demo.html
Interesting, both your exploit code as well as the exploit code we provide
in the advisory (Exploit section) do
hi,
I'm wondering how dangerous it is to allow a user on a
mysql db to view the grants for another user. Could
they take the encrypted password data and possibly
crack it? If they can, how easy is it?
on certain condition it's quite easy, if you have
a hash:
test.exe 57510426775c5b0f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
i wouldn't say so:
\wget -vv home.zccn.net/mm2004/mu/msmsgs.exe
--16:45:13-- http://home.zccn.net/mm2004/mu/msmsgs.exe
= `msmsgs.exe'
Resolving home.zccn.net... 218.89.171.197
Connecting to home.zccn.net[218.89.171.197]:80...
Can anyone tell me why this idiot keeps trying to
send the group kiddies script worms/viruses.
Why doesn't the moderators remove this losers
account.
- Original Message -
From:
Jkuperus
To: Full-disclosure
Sent: Saturday, October 09, 2004 1:14
AM
Subject:
Vince Able wrote:
Can anyone tell me why this idiot keeps trying to send the group kiddies script
worms/viruses.
Why doesn't the moderators remove this losers account.
I am sorry to interupt, but did it ever occured to you that he might
not be the actual sender of the stuff?
There are many
On Sat, 9 Oct 2004, Vince Able wrote:
Can anyone tell me why this idiot keeps trying to send the group kiddies script
worms/viruses.
Why doesn't the moderators remove this losers account.
If you had bothered to read the Received: headers you would know it was
quite likely (99.9%) not from
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
---
Fedora Legacy Update Advisory
Synopsis: Updated httpd packages fix security issues
Advisory ID: FLSA:2068
Issue date:2004-10-09
Product: Red Hat Linux, Fedora Core
Keywords:
On Sat, 9 Oct 2004, Bugzilla wrote:
Warning: This message has had one or more attachments removed
If anyone want to bother the sender. He/She lives at 69.87.155.66 and
happens to have a case of Bagle.AF (Or whatever your favorite scanner
wants to call it.)
Hugo.
--
I hate
Vince Able [EMAIL PROTECTED] writes:
Can anyone tell me why this idiot keeps trying to send the group
kiddies script worms/viruses.
Even on a list like bugtraq, you're likely to get PoCs and worse sent
- you probably shouldn't read a security list on a platform which you
think may be
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
[Full-Disclosure] Mailing List Charter
John Cartwright [EMAIL PROTECTED] and Len Rose [EMAIL PROTECTED]
Introduction Purpose
--
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.netsys.com.
The list was created on 9th July 2002 by
Hi there,
again it is time to announce a major release of the Auditor Security Collection,
the most advanced, penetration testing focused, linux live system.
Grab your copy at my website http://www.remote-exploit.org. With this
new release major feature enhancements where performed. See our
24 matches
Mail list logo