Oh come on Pierre.. you are talking to a reporter here... it is as
much of a rootkit as Metasploit is a virus. Again... you are talking
to a reporter so it is about as usefull (especially in this case) as
talking to you morning dump before you flush.
On 1/3/06, Pierre Vandevenne [EMAIL
Bad internet connection and no clue when hitting reply. Good job. I
know I am impressed with all the certifications.. are you impressed
Bijana? You should be.. I mean come on... the CISSP is SOOO HARD to
get
ROFL...
On 1/5/06, Horatiu Bandoiu [EMAIL PROTECTED] wrote:
Dear Biljana,
for what it is worth. I am able to modify versions of the WMF exploit
and bypass products like that POS pvix crap as well as the current
available snort sigs...
First of all, you have no idea what about you are really talking about,
the prevention library mentioned in last mail DOES NOT rely
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Buffer Overflow in PHP MySQL functions
I. RISK
Low - Remote code execution on some systems
The function is not normaly exposed to external users via input data
II. AFFECTED VERSIONS
4.x Branch under Windows
III.BACKGROUND
PHP
Here Is The investigation about DAP, as I see there's no problem and no flaw
at this time, but someone can act as a Proxy and replace some text mirrors
form the list that Mirrorssearch.speedbit.com response. On this way could a
user download some malicious file without knowledge.
Affected:
Oh where to begin...
On 1/5/06, Joe Average [EMAIL PROTECTED] wrote:
I guess he got bored of turning netdev into public enemy number one, to
You are n3td3v, and talking in the third person under an assumed
identity just adds to your own turmoil.
divert attention away from the real guy who is
On Thu, Jan 05, 2006 at 06:53:01PM +, Joe Average wrote:
[snip]
It brings up some
issues with communication and coordination we've observed during 2005.
We can't disclose things like employee names, but i'm sure you get the
idea.
Why are you mentioning n3td3v? This thread is about infosecbofh, please keep on topic. I don't believe the two XSSing vulnerabilities on Google Groups is all netdev is responsible for. Look closer into whats going on. Theres a world of conspriacy out there to be had. Lets not argue amoung
n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a weenie n3td3v is a
On 1/5/06, Joe Average [EMAIL PROTECTED] wrote:
Why are you mentioning n3td3v? This thread is about infosecbofh, please keep
First of all:
Joe Average to Frank, full-disclosure 11:28 am (4 hours ago)
I guess he got bored of turning netdev into public enemy number one,
to divert attention away
I can confirm the patch appears on Windows Update for my win2k SP4 machine.
-sb
On 1/5/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Looks as if MS is issuing a fix out of band for the WMF issue. Should be
available at 5:00 PM EST today.
All mirrors from DAP were in speedbit server, and were validated as
Application Servers like (twcows, downloads.com, etc) so there's no
matter about corrupted or backdoored file as I see.
ok agreed.
but sorry for my ignorance but who are responsible to keep track
of the integrity of all
---
wine-20050930/dlls/gdi/driver.c
---
/**
Escape [EMAIL PROTECTED]
*/
INT WINAPI Escape( HDC hdc, INT escape, INT in_count, LPCSTR in_data,
LPVOID out_data )
{
INT ret;
POINT *pt;
switch (escape)
{
On Thu, Jan 05, 2006 at 03:15:28PM -0600, H D Moore wrote:
---
wine-20050930/dlls/gdi/driver.c
---
You have all the wrong places, this is all valid functionality.
You want this place:
dlls/gdi/metafile.c::PlayMetaFileRecord
...
case META_ESCAPE:
Escape(hdc, mr-rdParm[0],
Blue Coat WinProxy Remote DoS Vulnerability
iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
January 05, 2006
I. BACKGROUND
BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium businesses. In addition to
Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability
iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364
January 05, 2006
I. BACKGROUND
BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium
Blue Coat WinProxy Telnet DoS Vulnerability
iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365
January 05, 2006
I. BACKGROUND
BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium businesses. In addition to
yeah how hard is it to hit delete
you kids are whiny
Original Message
Subject: Re: [Full-disclosure] infosecbofh
From: Peter Besenbruch [EMAIL PROTECTED]
Date: Thu, January 05, 2006 12:53 pm
To:
Cc: full-disclosure@lists.grok.org.uk
full-disclosure@lists.grok.org.uk
What we really learn from this all WMF thingie, is that when Microsoft
wants to, it can.
Microsoft released the WMF patch ahead of schedule
( http://blogs.securiteam.com/index.php/archives/181 )
Yep, THEY released the PATCH ahead of schedule.
What does that teach us?
There are a few options:
I quote the guy on my blog:
http://blogs.securiteam.com/index.php/archives/183
Let's just say it sounds very very familiar.
Gadi.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
On Thu, 05 Jan 2006 04:15:27 PST, InfoSecBOFH said:
I did it because SANS said so... Yes sans is always right and L0pht
was a bunch of blackhats too...
So tell me - how much money does SANS make if they lose their reputation
as being right on security? Seems like they have a vested
Thanks for your worthless rant,
Please confirn to us you're not a bot http://www.google.com/sorry/?continue=http://groups.google.com/group/n3td3v
Take care now.
On 1/5/06, GroundZero Security [EMAIL PROTECTED] wrote:
lol wow mr joe avarage aka n3td3v turns things around once again.
if you check
Hi
I am tired of asking you to take this off-list. Consider yourself moderated.
Cheers
- John
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Advisory #4 Title: Mozilla Firefox image Buffer Overflow Vulnerability# # # Author: 0o_zeus_o0# Contact:
[EMAIL PROTECTED]# Website: Elitemexico.org# Date: 05/01/2006# Risk: High # Vendor Url:
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
It's easy for us on this side to Monday morning quarterback and say oh
make it so. There are times too that I go...okay ...come on ...how
many days has it taken for that to get fixed? But then again, I don't
write code, I don't track back
Adrian Marsden wrote:
This is a silly post What are you trying to prove? That in some cases a
company can test a patch quicker than in others?
MS understood the issue, promised a fix on their scheduled date and did better
than expected So you criticise them
Way to go Make it
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Don't release a beta patch
1. it would get patches into reverse engineering faster [hello look what
happened to the leaked patch]
and 2.
Don't ask for an untested patch if you are not willing to be there in
the newsgroups,
As I'm not a coder.. I don't have the technical information to answer
that one authoritatively. The WMF issue has taught me ...if you aren't
an authority on the issueshut up! :-)
Gadi Evron wrote:
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
It's easy for us on this side to
This is a silly post What are you trying to prove? That in some cases a
company can test a patch quicker than in others?
MS understood the issue, promised a fix on their scheduled date and did better
than expected So you criticise them
Way to go Make it so they can never
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:003
http://www.mandriva.com/security/
You should read the section entitled FAQ:
How does the extended support for Windows 98, Windows 98 Second Edition,
and Windows Millennium Edition affect the release of security updates
for these operating systems?
For these versions of Windows, Microsoft will only release security
updates for
On 1/5/2006 11:07 PM +0100, James Lay wrote:
I didn't learn anything new...just confirmed what I've thought all
along...MS's Security sucks (who in their RIGHT MIND would have an
image file reader able to execute code???), and that the REAL hero's
are people in the security sector like here that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:004
http://www.mandriva.com/security/
Don't release a beta patch
1. it would get patches into reverse engineering faster [hello look what
happened to the leaked patch]
and 2.
Don't ask for an untested patch if you are not willing to be there in
the newsgroups, communities and listserves helping the dead bodies after
a bad
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:005
http://www.mandriva.com/security/
Greetings, fellow FD'ers ---
As part of my doctoral studies, I am seeking community input regarding how
secrecy and openness can be balanced in the analysis and alerting of
security vulnerabilities to protect critical national infrastructures. To
answer this question, my thesis is investigating:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:007
http://www.mandriva.com/security/
Hi Gadi,
Anyone who releases software to a demanding customer who is in a hurry
knows that quick fixes can sometimes make more problems. While some
customers are more understanding than others, many customers are already
somewhat disgruntled about there being a problem in the first place. If
Here's an article I just wrote up real quick on how to monitor for
Sober.Y HTTP activity (set to begin at midnight 06-Jan-2006) using the
Squid proxy server and swatch.
Example configurations are provided. These are the swatch config
entries that I am using for monitoring Squid's access.log
Oh here we go again... n3td3v jumps into the circle jerk.
Once again proving you know nothing of what you are talking about.
The load I left on your mom's chin contained more exploit code than
you and your dumb ass split personality could ever come up with.
Don't you have some 1337 XSS holes to
RECON 2006 - Call for papers - 06/01/06
Montreal, Quebec, Canada
16 - 18 June 2006
We are pleased to announce the second annual RECON conference, which
will take place in Montreal from the 16th to the 18th of June 2006.
We are looking for original technical presentations, in the fields
41 matches
Mail list logo