- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
HAPPY BIRTHDAY TO ME. ANY E-GREETING FOR ME FELLAS
(FROM LINKS TO LINKS WE ARE ALL LINKED)
cheers.
morris
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Well after running around for 2 days attempting to find the source of the
wireless points, it stopped.
We think that someone was running FakeAP, perhaps by accident (playing
around at home then forgetting to switch off), all the peer-to-peer Access
Points were of the same name and all the MACs
FYI, www.java.com is still dishing out 1.4.2_05
Phil
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Jouko Pynnonen
Sent: 23 November 2004 01:40
To: [EMAIL PROTECTED]
Phil,
So is the built in 'update' feature in the JVM, however the link mentioned
in the advisory works fine.
regards,
Rob
- Original Message -
From: Randal, Phil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 23, 2004 11:50 AM
Subject: RE: [Full-Disclosure] Sun Java
Hi people,
I'm releasing today a small tool named IPFront which enables users to
generate IPSec rules easily. It really speeds-up the process of
hardening Windows 2000/2003 in Bastion Host Environment.
Additionally, it allows to set-up IPSec exceptions, and enables a
couple of TCP/IP Stack
On Tue, 23 Nov 2004, Jouko Pynnonen wrote:
[script language=javascript]
var c=document.applets[0].getClass().forName('sun.text.Utility');
alert('got Class object: '+c)
[/script]
I implemented a short demonstration out of this. It works with 1.4.2_05
and IE/Mozilla.
I tried this with
= Winamp - Buffer Overflow In IN_CDDA.dll
=
= Vendor Update:
= http://www.winamp.com/player/
=
= Affected Software:
= Winamp 5.05 (only version tested)
=
= Public disclosure on November 23, 2004
= SecureCRT - Remote Command Execution
=
= Vendor Update:
= http://www.vandyke.com/download/securecrt/index.html
=
= Affected Software:
= SecureCRT V4.1, V4.0 (and probably lower)
=
= Public disclosure on November 23,
Hand me that tinfoil, will ya?
Is anyone else concerned about Wal-Mart having Reynolds putting RFID
chips into the tinfoil packages?
;)
--
Mike Lieman
Information Technology Director
Barry Scott Insurance Agency
___
Full-Disclosure - We believe in it.
Does anyone see Google's Italiano logo when you visit Google's
homepage? Has anyone heard of someone getting into Google's images
and switching them around?
NOTE: If no one else sees the Italiano image then my image cache could
be fubar. If this is the case, please disregard this email!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200411-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: XFree86
Advisory ID:
This crew has this entirely wrong. Have they read securityfocus.com lately?
This was a setup. He does have prior convictions but if you notice they are
the same date ever year. It seems they have this guy on their outlook
calendar reminders. Also by no means should anyone feel safe now since
And people wanna bust my balls for replying to a certification post on
here
~pingywon MCSE
http://www.pingywon.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Rutledge
Sent: Tuesday, November 23, 2004 10:00
To: [EMAIL PROTECTED] Netsys.
On Mon, 22 Nov 2004 17:14:09 -0600, vord [EMAIL PROTECTED] wrote:
[flame response] firstly, n3td3v is only mad because i happened to ban
him from #hackphreak ... which is incidentally the current home of
former/current members of [where to begin?] rhino9, w00w00 ... and
of course, people
Thanks to you all for the response. The problem seemed to resolve
itself. For some reason, I was seeing the Italiano Google logo for
the past week.
As to why this question was salient to FD, I was curious to find if
this was a possible attack against Google or just something on my
side. I had
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: libxpm4
Advisory ID:
We need signatures for IDS/IDP for Oracle's alert 68.
How can we protect against these attacks if we can not apply patches in some
platforms?
Any interesting ideas?
___
Full-Disclosure - We believe in it.
Charter:
On Tue, 23 Nov 2004 15:12:06 GMT, n3td3v said:
All you guys do on the channel is talk about pimps and whores and
That's what it looks like if you didn't get a copy of the codebook. :)
other *general chat* stuff. Nothing related to security or hacking is
discussed (and if it is, its in very
On Mon, 22 Nov 2004, Georgi Guninski wrote:
would prefer to keep my secrets encrypted with algorithm whose breaking
requires *provable* average runtime x^4242 or even x^42 instead of
*suspected runtime* 2^(x/4). (due to lameness the previous statement may be
incorrect but hope the idea is
Attached is an exploit for GLSA 200411-31 / ProZilla
/* 20/10/2004
** This is a private work of Serkan Akpolat [EMAIL PROTECTED]
** for the unpublished prozilla-1.3.6 format string/buffer overflow
** vulnerability , though this version only exploits the stack overflow.
** Tested against current
On Fri, 19 Nov 2004, Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of script kiddies
###
Luigi Auriemma
Application: Soldier of Fortune II
http://sof2.ravensoft.com
Versions: = 1.03 gold
Platforms:Windows, Linux and MacOS
Bug: memory corruption
On Tue, 23 Nov 2004 20:21:45 +0100, nicolas vigier
[EMAIL PROTECTED] wrote:
Are you really serious ? Is it a joke ?
Dude, I am seriously a naive idiot who just wanted to rant about the
people that abuse IRC. Hopefully this was just a momentary brain fart,
otherwise I might be in trouble, eh?
===
Ubuntu Security Notice USN-31-1 November 23, 2004
cyrus21-imapd vulnerabilities
CAN-2004-1012, CAN-2004-1013,
http://security.e-matters.de/advisories/152004.html
===
A
On Tue, 23 Nov 2004 18:43:22 +0100, Antonio Javier G. M. said:
We need signatures for IDS/IDP for Oracle's alert 68.
How can we protect against these attacks if we can not apply patches in some
platforms?
Just a reminder for everybody and the archives - unless you're using some sort
of
either use sudo or su to do work as root, but Windows doesn't
make users
the admin by default *either*, unless you setup Fast User Switching
*during* the install.
Windows XP doesn't allow that to be selected during installation. It is
activated or not based on available system memory
Nothing personal Im just trying to get a few people who wanna kick MY ass at
the next HOPE
~pingywon
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Rutledge
Sent: Tuesday, November 23, 2004 11:43
To: pingywon MCSE
Cc: [EMAIL PROTECTED] Netsys.
http://www.pcworld.com/news/article/0,aid,118664,00.asp
Government Uses Color Laser Printer Technology to Track
Documents
by Jason Tuohey, Medill News Service, 22 November 2004
Practice embeds hidden, traceable yellow data in every page
printed.
Next time you make a printout from your color
1. XP would be more suitable to run as a user if the runas service and
windows installers were developed to add more complete and easy to use
privilege elevation techniques outside of active directory and the
default group policy that gets applied.
...
4. The windows install creates the first
On 22 Nov 2004, at 12:47, Florian Weimer wrote:
* Georgi Guninski:
would prefer to keep my secrets encrypted with algorithm whose
breaking
requires *provable* average runtime x^4242 or even x^42 instead of
*suspected runtime* 2^(x/4).
It depends on the constant factors you omitted, including
I had a brief stint Primus Telecom in delhi ( www.primus-direct.com).
It has a flat network with absolutely no security. The routers as as
vulnerable to any known exploit and the same applies to a few web
servers they host. The basics such as patch management is never taken
care of.
This mail
* Andrew Farmer:
Especially considering that there aren't enough atoms in the universe to
store all that precalculated data, nor enough energy to do all the
calculations.
Typically, such estimates ignore the possibilities of quantum
superpositions.
(Schneier says that there's enough energy
is that windowed applications do not get polled for refresh, so for
example using an explorer instance in a runas will not
update the file
listing until you press F5 I have witnessed bad things
come of this
Are we able to run Explorer.exe using runas utility...
Yes, but it won't do much
hey guys i am stuck here.
would someone help how can i use port scanning tools to use the
public anonymous proxy if some specific gui based windows tool exists
please suggest.
--
(FROM LINKS TO LINKS WE ARE ALL LINKED)
cheers.
morris
___
Is there a quick and decent way to obtain the previledge password of a
cisco router my version is as follows
cisco 3640 (R4700) processor
--
(FROM LINKS TO LINKS WE ARE ALL LINKED)
cheers.
morris
___
Full-Disclosure - We believe in it.
Okay, I cry foul. While IAPW we would all like advisories to be tested
against all possible versions of all possible affected OS's, in the
world of academia (and Paul is welcome to contradict me on this if he
cares to, since after all he's IN it) the rules are not the same as IAPW.
In academia,
Next time you make a printout from your color laser printer,
shine an LED flashlight beam on it and examine it closely
with a magnifying glass. You might be able to see the small,
scattered yellow dots printed there that could be used to
trace the document back to you.
So they're using my
As for source code or other security vulnerabilities in closed- or open-soure
vote tabulators, there is little point in rigging such schemes, and less point
in exploiting them. Good old fashion statistical abberations exploited for the
benefit of the party that finds them first will win every
Hello Gregory,
Tuesday, November 23, 2004, 17:27:34, you wrote:
GG So, while the circular reasoning comment is cute, I support Paul's somewhat
GG cautious approach. After all, if say we were discussing a vulnerability
GG in Win2K or something similar, we would make damned certain that the
GG
[Security Advisory]
Advisory: [AD_LAB-04002]Jabberd2.x remote Buffer Overflows
Authors: [EMAIL PROTECTED]
Class: Boundary Condition Error
CVE:CAN-2004-0953
Remote: Yes, could allow remote compromise
Vulnerable: Jabberd 2.*
Unvulnerable: Jabberd 1.4
Vendor:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability
Revision 1.1
Date Published: 2004-11-22 (KST)
Last Update: 2004-11-22
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
Zwiki is a wiki clone in zope. It has a cross site
= Winamp - Buffer Overflow In IN_CDDA.dll
=
= Affected Software:
= Winamp 5.05, 5.06
=
= Public disclosure on November 24, 2004
== Overview ==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041122-09] cscope insecure temp file creation
vulnerability
Revision 1.2
Date Published: 2004-11-22 (KST)
Last Update: 2004-11-22
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
cscope is an interactive,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal
vulnerability
Revision 1.3
Date Published: 2004-11-22 (KST)
Last Update: 2004-11-22
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
KorWeblog is a weblog application
On 23 Nov 2004, at 12:51, john morris wrote:
would someone help how can i use port scanning tools to use the
public anonymous proxy if some specific gui based windows tool exists
please suggest.
This is not what Full Disclosure is about.
Please go back to the IRC channel you came from.
kthxbye
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041122-11] JSPWiki XSS vulnerability
Revision 1.0
Date Published: 2004-11-22 (KST)
Last Update: 2004-11-22
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
JSPWiki is one of famous wiki web applications. It
[flame]
n3td3v/malformed,
please think before you speak. ive already explained this to you more
than once. #hackphreak is no longer associated with a group and no
longer intends to be a channel dedicated primarily to matters of
hacking/phreaking technical discussion [we therefore accommodate
FYI
cheers
shashank
-Forwarded Message-
From: Fyodor [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: FBI Subpoenas
Date: Tue, 23 Nov 2004 17:41:49 -0800
Dear Nmap hackers,
Let me first wish you Americans a happy Thanksgiving. Meanwhile, I'm
hard at work on a holiday Nmap version
GetPass! from Boson
(http://www.boson.com/promo/utilities/getpass/getpass_utility.htm) will
give you certain passwords if you have the printed configuration, but
not the enable secret. Your other option, if you have physical access
to the router, is to perform a password recovery
On 23 Nov 2004, at 15:02, Florian Weimer wrote:
* Andrew Farmer:
Especially considering that there aren't enough atoms in the universe
to
store all that precalculated data, nor enough energy to do all the
calculations.
Typically, such estimates ignore the possibilities of quantum
superpositions.
- Original Message -
From: Gregory Gilliss [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 23, 2004 5:27 PM
Subject: Re: [Full-Disclosure] University Researchers Challenge Bush Win In
Florida
But, for heaven's sake, leave Paul alone. He's one of the few people
left on
ALD Subject: [Full-Disclosure] Network Security in India
ALD I had a brief stint Primus Telecom in delhi ( www.primus-direct.com).
ALD It has a flat network with absolutely no security. The routers as as
ALD vulnerable to any known exploit and the same applies to a few web
ALD servers
Hi John:
Thanks for that post. I am not at all surprised by the situation that you
have
described.
One of India's top telecomm companies Reliance routinely violates laws and
then gets away paying minimal fines. (The govt. is
in their pocket).
The situation wouldn't be much different in a lot of
55 matches
Mail list logo
