J.A. Terranson wrote:
Getting this angry little bully away from both the nuclear and
conventional triggers should be a top priority for *every* country.
That's _nuclular_. I have no idea how he pronounces conventional.
-jim
___
Full-Disclosure - We
Hi.
I am trying to learn Solaris Sparc assembly and how exploits works on
this architecture. I have a setuid root binary that has the following bug:
#include sys/stat.h
#include stdio.h
#include string.h
#include stdlib.h
main(int argc,char *argv[])
{
char buffer[40];
char buffarg[20];
char
Here is a few texts that might help you.
http://community.core-sdi.com/~juliano/thc3-en.txt
http://community.core-sdi.com/~juliano/mudge-bof.pdf
http://community.core-sdi.com/~juliano/dlsparc.zip
Visit http://community.core-sdi.com/~juliano/ for more information of
vuln coding.
/ Dunceor
On
check out this one: http://66.230.171.10/papers/UNF-sparc-overflow.txt
On Wed, Oct 20, 2004 at 11:16:42PM -0600, Fabio wrote:
Hi.
I am trying to learn Solaris Sparc assembly and how exploits works on
this architecture. I have a setuid root binary that has the following bug:
#include
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:kernel
Announcement-ID:SUSE-SA:2004:037
Date:
First, you didn't say, so I'm wondering if you checked the simple
things? I mean for why you couldn't see it or delete it? Like, does
it have read and hidden attributes?
OK, admittedly, even if the read attribute was taken off, being still in
use, you might not be able to delete it. However,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 572-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 21st, 2004
Gregh ([EMAIL PROTECTED]) wrote:
FYI - I know a lot of Americans FEEL that way but FYI once more, it
isn't true to most people in the world.
Well, speaking for clearly ignorant Ozzies such as yourself, you may
well be correct -- after all, you're the folk who just re-elected, as
your Prime
Title: [Full-Disclosure] interesting trojan found
On Wednesday 20 October 2004 11:51 am, Richard Stevens wrote:
A client had a problem home PC, after removal of all the usual
spyware, adware and 6 month old viruses,
there remained an unusual process in the process list, logon.exe,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Burnes,
James
Sent: 14 October 2004 17:42
To: ASB; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] Possibly a stupid question RPC
over HTTP
Welcome the wonderful wide world of web services. The
We can only pray that al-quaeda isn't as successful as they were in Spain.
It would have seemed there was enough controversy in the news about
the electronic voting machines for people not to use them but hey,
people probably still use IE. It's interesting what is needed to sway
a people.
Joe
- Original Message -
From: Nick FitzGerald [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 21, 2004 9:10 PM
Subject: Re: [Full-Disclosure] Will a vote for John Kerry be counted byaHartInterCivic
eSlate3000 in Honolulu? - OT
Gregh ([EMAIL PROTECTED]) wrote:
FYI - I
So why did you put yourself at risk and use it? You had a choice didn't you?
defiance
On Wednesday 20 October 2004 8:24 pm, Jason Coombs PivX Solutions wrote:
I just voted for John Kerry at a walk-in absentee ballot polling place in
Honolulu County using an eSlate3000 (unit serial number
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Jason, I have a rather direct question:
Given what you know...and what you wrotewhy in blazes did you
cast your vote electronically?
Bart Lansing
Manager, Desktop Services/Lotus Notes
Kohl's IT
[EMAIL PROTECTED] wrote on 10/20/2004
08:24:59 PM:
I just voted for John Kerry at a walk-in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NSFOCUS Security Advisory(SA2004-02)
Topic: HP-UX stmkfont Local Privilege Escalation Vulnerability
Release Date: 2004-10-20
CVE CAN ID: CAN-2004-0965
http://www.nsfocus.com/english/homepage/research/0402.htm
Affected system:
===
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Well I don't think anyone is saying that the issue is that 128 character
passwords are being easily hacked so I am not quite sure I understand your
point about 256 characters and why you mention it. People seem to dislike
passwords greater than 14 characters let alone entering passwords of 150 ,
hi,
But if it is a rootkit, does it not hide from normal AV scanning?
It's more like a worm. But it hides its presence in the file
system, when it's active - dirlist doesn't show it, so you can't
scan it like a file.
all the best,
W.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 573-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 21st, 2004
you want someone in office that will start to shred the Constitution
Yeah with laws like the Patriot act, an amendment banning gay
marriage, holding US citizens in communicato for national security reasons.
We need George W. Bush or else these types of things will happen!!!
On Thu, 21 Oct 2004 09:29:11 -0500, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Jason, I have a rather direct question: Given what you know...and what you
wrotewhy in blazes did you cast your vote electronically?
Didn't Jason find out the more specific information he provided about
this
I have been testing the code on k-otik's site for the last 3 days and have been unable
to get the
reverse shell technique working. My test environment consists of a winxp sp1 machine
in a vmware
session and a fully patched winxp sp2 host machine. The code reliably crashes explorer
when a
As per www.incidents.org
MS04-030 POC
A proof-of-concept (POC) exploit for MS04-030 has been
made available. The exploit, a perl script, claims to
trigger the DOS condition. While we are still working
to verify the exploit, here some signatures to look
for:
The exploit will send the following
Douschebag, take this off list, nobody but yourself cares what you
think about Kerry or about your topical humor. There are thousands of
other places to discuss this type of crap.
//Voting Nader.
On Oct 21, 2004, at 9:29 AM, Exibar wrote:
The question comes to mind... why oh why did you cast
cPanel check only the first 8 characters of webmail password.
HiddenBit.org Security Advisory.
Date: October 21, 2004
Software: cPanel 9.4.1-STABLE 65
Author: Andrey Bayora
BACKGROUND
cPanel WebHost Manager (WHM) is a next generation web hosting control
panel system. Both cPanel WHM are
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Exibar
Sent: Thursday, October 21, 2004 10:30 AM
To: [EMAIL PROTECTED]; Jason Coombs PivX Solutions
Subject: Re: [Full-Disclosure] Will a vote for John Kerry be counted by a
Hart InterCivic eSlate3000 in
I see.
For some reason, I was thinking he couldn't see it in systemprocess, but
now that I think about it, you are correct. So it was hiding but not
very well, therefore not the true trojan/rootkit hybrid. Thanks Peter.
-Original Message-
From: Peter Kruse [mailto:[EMAIL PROTECTED]
On Thu, 21 Oct 2004 13:21:10 +0100, Airey, John [EMAIL PROTECTED] wrote:
This gives you two options. One, use brute force to break the SSL encryption. Two
(and it's entirely possible that the security services have this already) come up
with a mathematical way to factor large primes rapidly.
In my experience NTP will work a lot better for
you than Windows Time server.
Windows time service uses SNTP.
The protocol is robust and you are not dependent on the
single point of failure called: time.microsoft.com.
Never heard of time.microsoft.com being down or incorrect. You can use
Greetings all,
I am not quoting any previous emails, as this is not directed at anyone
in particular, but to the entire thread. While I realize this thread is
probably quite interesting to some, particularly those involved in it, I
believe it is safe to say that it has gone clearly and
you're probably talking about those sploits
Microsoft IIS WebDAV XML Denial of Service Exploit
(MS04-030)
http://www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php
Microsoft Windows Metafile (.emf) Heap Overflow
Exploit (MS04-032)
Support Apathy! I don't give a shit... do you?
Until you are debating over who has the best malloc() ninjitsu technique
or which on of them can exploit a shatter attack, QUIT discussing the
candidates!
-KF
The question comes to mind... why oh why did you cast your vote for
Kerry?
I guess
I'll bet because Jason is testing the notification if system failed portion of the
process. And the way he wrote it, like he intended go on public record in a way that
*might* be useable in a public action later. Though if I may make an assumption...I'd
agree with Bart here, Jason, it's
On Thu, 21 Oct 2004 10:29:52 -0400
But, it's your vote, you can vote for anyone that you wish, I'll defend
that right to the end, even if Kerry wants to take it away
My vote will be PROUDLY cast for Bush, just like it was 4 years ago.
The problem is that neither you nor I nor any
OK, this is off-topic, but it can't be as bad as Bush vs. Kerry
arguments. Hopefully this at least will make some lucky subscriber to
Full Disclosure some money!
JOB DESCRIPTION
I couldn't picture having to tell my users to type in a 256 character
password. Let's make it force 20 uppercase, 20 symbols, 20 high-bit
character, 20 numbers as well. Although it'll be hard to crack, it'll take
three hours before they can log in once. and that's with 2 phone calls to
the
Will my vote be counted?
No.
In fact, you're lucky if you don't get euthanized for posting a question
like this to Full Disclosure.
[d]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Todd Towles [EMAIL PROTECTED] writes:
But if it is a rootkit, does it not hide from normal AV scanning?
The Rxbot/Spybot variant that I've seen recently had a couple of
startup hooks in the registry - blah service and value was
xaxe.exe or bling.exe. It made no real effort to hide, and could
we have teken it off list not a problem.
I actually thought we were being civilized about it too :-)
Ex
- Original Message -
From: KrispyKringle [EMAIL PROTECTED]
To: Exibar [EMAIL PROTECTED]
Cc: Curt Purdy [EMAIL PROTECTED]; 'Jason Coombs PivX Solutions'
[EMAIL PROTECTED];
IMO i find the comments about Bush and Kerry - in Jason's original
posting as well as the subsequently postings - very untastefully and
very very irellevant.
Yes, and it's worth pointing out this little nugget from the
full-disclosure list charter at
--On Thursday, October 21, 2004 09:29:11 AM -0500 [EMAIL PROTECTED]
wrote:
Jason, I have a rather direct question: Given what you know...and what
you wrotewhy in blazes did you cast your vote electronically?
Doesn't who he voted for make that patently obvious?
Paul Schmehl ([EMAIL
Product:
UBB.threads
Vendor:
===
UBBCentral (http://www.ubbcentral.com/)
Versions:
=
I tested it successfull on 3.4.x
At Version 3.5 you need to be logged in to perform a search. I didnt tested
this version.
Problem:
Sql-Injection in dosearch.php
dosearch.php?Name='
Curt,
And what was it that Bush lied to you personally about? or lied to the
American People about? WMD's in Iraq? Just because we haven't found many of
them (YES we have found some, BTW), doesn't mean they didn't exist
Like life on Mars, just because we haven't seem little green men
i had noticed the same thing with the normal login procedure
at my old isp. i don't know if it has been fixed in newer versions
of cpanel but i had set my password to sitename_666 so it was
easy to remember... but since my sitename was 8 chars long
my site was easily taken over by some-one :)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: squid
Advisory ID:
--On Friday, October 22, 2004 12:10:29 AM +1300 Nick FitzGerald
[EMAIL PROTECTED] wrote:
Most of the non-US folk I've met in the last six months (and many US
citizens too) are downright petrified of a Bush re-election.
Better start adjusting to the idea, Nick.
Please - can we take this OFF list
Hi,
Anyone aware of vulnerabilities (besides those you can find Googling) in
Websphere 3.5?
Regards,
IƱigo
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Wow, that has to rate as one of the greatest trolls ever, my friend!
Nicely done.
Exibar wrote:
Curt,
And what was it that Bush lied to you personally about? or lied to the
American People about? WMD's in Iraq? Just because we haven't found many of
them (YES we have found some, BTW),
due to Tiny-delicate windows implementation, current windows passwords don't
seem long enough (a m$ guy confirmed it).
i recommend windows passwords to be enlarged by 3 to 5 inches.
100% guaranteed! (if permitted by the EULA)
--
georgi
On Wed, Oct 20, 2004 at 10:56:37AM -0400, Danny wrote:
OK, this is off-topic, but it can't be as bad as Bush vs. Kerry
arguments. Hopefully this at least will make some lucky subscriber to
Full Disclosure some money!
JOB DESCRIPTION
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
You should post this to the security job mailing list at SecurityFocus.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
David Stein
Sent: Thursday, October 21, 2004 3:16 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] OT: Opening for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo David!
On Thu, 21 Oct 2004, Cushing, David wrote:
In my experience NTP will work a lot better for
you than Windows Time server.
Windows time service uses SNTP.
SNTP is RFC 2030, It says:
SNTP can be used when the ultimate performance
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: gaim
Advisory ID:
--On Wednesday, October 20, 2004 10:36:06 PM -0500 J.A. Terranson
[EMAIL PROTECTED] wrote:
FYI: This election *does* matter to people not in America. If you haven't
noticed, the position of President of the USA is currently being played
by a power-crazed jesus freak who has a penchant for
They can't help themselves, it's like a person with the flu and the
running shits, it has to comeout somewhere...
Thanks,
Ron DuFresne
On Thu, 21 Oct 2004, KF_lists wrote:
Support Apathy! I don't give a shit... do you?
Until you are debating over who has the best malloc() ninjitsu
I second that, do we hear a third?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of KF_lists
Sent: Thursday, October 21, 2004 1:36 PM
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Will a vote for John Kerry be
counted by
Ya'll need to change vocations, get out of IT and become political rabbits
running door to door changing minds and winning hearts, and leaving little
droppings on the doorsteps of those that don't care.
Thanks,
Ron DuFresne
On Thu, 21 Oct 2004, Exibar wrote:
Curt,
And what was it that
Exibar wrote:
Curt,
And what was it that Bush lied to you personally about? or lied to the
American People about? WMD's in Iraq? Just because we haven't found many of
them (YES we have found some, BTW), doesn't mean they didn't exist
Like life on Mars, just because we haven't seem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: wxGTK2
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Unsafe WAV header handling can cause DoS on Windows
Classification:
===
Level: [LOW]-med-high-crit
ID: HEXVIEW*2004*10*21*1
URL: http://www.hexview.com/docs/20041021-1.txt
Overview:
=
A specially crafted WAV file can cause WAV
On Thu, 21 Oct 2004 23:52:18 +0300, Georgi Guninski
[EMAIL PROTECTED] wrote:
due to Tiny-delicate windows implementation, current windows passwords don't
seem long enough (a m$ guy confirmed it).
i recommend windows passwords to be enlarged by 3 to 5 inches.
100% guaranteed! (if permitted by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: cups
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: gpdf
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: xpdf
Advisory ID:
Hello,
As far as I know, this mailing list is supposed to be related to computer
security. Unfortunately, it turned into a political debate.
I have nothing against politics, I even have interest for this election, despite
I am neither US citizen/resident nor native english speaker.
But I think
67 matches
Mail list logo