> I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
> with latest windows updates applied (as of Today -sept 09 2010).
Could be a virus/trojan from my XP machine might have caused some form
of immunity against this issue?
And perhaps my extensive meddling and customization somehow
I must say I can't take your word according to my testing.
I've tested on Clean Licensed Windows 7 Professional Edition 64-bit
with latest windows updates applied (as of Today -sept 09 2010). I
used Acros Security's 64 bit demo.
Should I make movie to prove that like
1- Updating Windows (check for
jf wrote:
> I still don't see how this is really MSFTs fault. I mean ...theres a
> fairly clear warning on MSDN for LoadLibrary & SearchPath ...
Do not confuse: SearchPath is not the issue.
Yes, there is a warning, which is recent:
http://blogs.technet.com/b/srd/archive/2010/08/23/more-info
One problem with your scenario: any person sophisticated enough to know what
nmap is (much less use it) is going to be just a little suspicious about
running nmap on some random "data file" that you send them.
--Rohit Patnaik
On Wed, Sep 8, 2010 at 8:29 PM, wrote:
> jf wrote:
>
> > ... my unde
jf wrote:
> ... my understanding of the issue was not the default library search
> path, but rather that people are using SearchPath() or similar to locate
> DLLs which they then pass to LoadLibrary() ...
And, people loading DLLs they do not need, for OS version detection.
(Maybe others?)
> ...
===
Ubuntu Security Notice USN-978-1 September 08, 2010
thunderbird vulnerabilities
CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, C
Fyodor wrote:
>> nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
>
> Nmap is not vulnerable. DLL hijacking works because of an unfortunate
> interaction between apps which register Windows file extensions and
> the default Windows DLL search path used for those apps. Nmap doe
That is what others said, yet it installed automatically on mine.
The only interaction was that I allowed it to be downloaded and
installednot really geeky at all...
I must say you'll have to take my word on it.
On Thu, Sep 9, 2010 at 1:36 AM, wrote:
> Christian Sciberras wrote:
>
Christian Sciberras wrote:
>>> MS issued a patch quite some time ago.
> http://support.microsoft.com/kb/2264107
That is not a "patch", not installed by default: is only for
uber-geeks who manually install it. Was issued a week ago, in
response to this kerfuffle, not "quite some time ago".
Which
This is gay.
On Wed, Sep 8, 2010 at 11:10 PM, Ben wrote:
> From: "www.tuscl.net"
> To: auto595...@hushmail.com, iluv2c...@gmail.com, benh...@gmail.com,
> be...@physics.uakron.edu
> Date: Wed, 08 Sep 2010 19:01:24 +
>
> Just received this email from the owner of the site:
>
> Ben
>
> How '
http://support.microsoft.com/kb/2264107
That is installed both in my win7 64bit workstation system and the
32bit XP Pro (virtualized) system.
For the matter, that POC never worked on my PC, at least their initial
implementation was always flawed.
(speaking of which, did they really have to fail it
On Sun, Sep 05, 2010 at 07:01:19PM +0530, Nikhil Mittal wrote:
> 1. Overview
> nmap <= 5.21 is vulnerable to Windows DLL Hijacking Vulnerability.
Nmap is not vulnerable. DLL hijacking works because of an unfortunate
interaction between apps which register Windows file extensions and
the default W
*From:* "www.tuscl.net"
*To:* auto595...@hushmail.com, iluv2c...@gmail.com, benh...@gmail.com,
be...@physics.uakron.edu
*Date:* Wed, 08 Sep 2010 19:01:24 +
Just received this email from the owner of the site:
Ben
How 'bout I send a couple of strippers over to your condo there in Akron so
Christian Sciberras wrote:
> MS issued a patch quite some time ago.
Would you be able to give a reference to that patch, and comment on
its relationship to the recent
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
http://www.microsoft.com/
> Do you mean that the practical solution would be for MS to set
> sensible defaults? It took them many years for SafeDllSearchMode,
> expect just as many for CWDIllegalInDllSearch.
Did you read my email about real-world testing of this issue?
MS issued a patch quite some time ago.
This "vulnerabi
Christian Sciberras wrote:
> ... the approach to fixing it is not practical ...
> ... it is [the fault of] the underlying dll loading mechanism.
Do you mean that the practical solution would be for MS to set
sensible defaults? It took them many years for SafeDllSearchMode,
expect just as many fo
It's true that conventional certs have been completely devalued by the
bottom-feeders. This is a good argument for EV. Goatse may dismiss EV as a
joke, but there are very few EV CAs and none of them are TELECOM MINISTRY
OF BUTTFUCKISTAN. The spec requires that they authenticate the operation
of the
> However, why don't we have server certificates with multiple
> independent CA signatures?
Tim, I find that concept very interesting.
Cheers,
Chris.
On Wed, Sep 8, 2010 at 10:34 PM, Tim wrote:
>> > I'd rather have a company pay some good bucks to get their hands on a
>> > highly trusted certif
===
Ubuntu Security Notice USN-985-1 September 08, 2010
mountall vulnerability
CVE-2010-2961
===
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
This a
> > I'd rather have a company pay some good bucks to get their hands on a
> > highly trusted certificate than kids who's aim in life is wiping as
> > much hard disks as possible.
> > Which also answers why those $10-$20 assholes does a better job than
> > the kids we all know about...
>
> Same. I
On Wed, Sep 08, 2010 at 09:12:13PM +0200, Christian Sciberras wrote:
> I'd rather have a company pay some good bucks to get their hands on a
> highly trusted certificate than kids who's aim in life is wiping as
> much hard disks as possible.
> Which also answers why those $10-$20 assholes does a be
Dan,
Upon examining SRP, you are correct. SRP solves the same problem in a
superior manner. lulz
On Wed, Sep 8, 2010 at 2:52 PM, Dan Kaminsky wrote:
> Ah, a new password-authenticated DH. At first glance, this is similar to
> SRP (http://srp.stanford.edu/), but the server stores a plaintext pas
On Wed, Sep 8, 2010 at 12:12 PM, Christian Sciberras wrote:
> Call me paranoid, but I stick to the #1 rule of never ever trusting the
> public.
That is what is good about WoT. You can set the policy on who to
trust. You can trust only yourself, certain people, or $BIGCORP if
that is what you wan
Andrew,
The whole point of the current PKI is to ensure that with no prior
knowledge on the first connection the person you are communicating
with is who they say they are via a trusted third party who can
vouch for them.
If you can verify their identity once you can cache their
cryptographic
Ah, a new password-authenticated DH. At first glance, this is similar to
SRP (http://srp.stanford.edu/), but the server stores a plaintext password.
Initial thinking -- I'm not convinced that an offline brute force attack
won't work -- the nonce may break rainbow tabling, but it is transmitted v
> > This is no different then installing a client cert
>
> Yes, exactly. This is as equally secure as installing a client cert.
> Except it is achieved without a client cert, using only a password, in
> a manner that can be more easily scaled to lots of users.
Um... I think you have it backwards.
> Amen. This is why we should use and support web of trust style systems.
Webs of trust could definitely make SSL's PKI more fault tolerant.
The hard part is figuring out how to make it work while users don't
have to put forth any additional effort. Thoughts?
tim
___
We want a certain X people from a certain X chan dictating how some X
software is fully trusted and can run on my computer.
Call me paranoid, but I stick to the #1 rule of never ever trusting the public.
I'd rather have a company pay some good bucks to get their hands on a
highly trusted certific
I was recently taking a look at the Apache Traffic Server project (which I
believe was formerly developed by Yahoo Inc) and notice a series of potential
problems relating to the way that it handles DNS. This proxy does not rely on
the OS supplied resolver library for resolving hostnames but ins
So now it's a matter of scaling?
I'd rather stay on the grounds of certificates, where scaling has been
one of the primary focuses since the early 2k.
In my opinion it's pretty much useless reinventing the wheel; the idea
behind certificates is as much a security medium as is the party being
acti
On Wed, Sep 8, 2010 at 9:24 AM, Andrew Auernheimer wrote:
> un-tl;dr abstract: SSL is broken. Certificate authorities only exist
> to let the US, Chinese, Turkish, Brazilian etc etc government or
> Russian mob spy on you (whichever is interested first). Well, I guess
> they also exist to line the
> This is no different then installing a client cert
Yes, exactly. This is as equally secure as installing a client cert.
Except it is achieved without a client cert, using only a password, in
a manner that can be more easily scaled to lots of users.
>
>
> Trying to not sound like a dick,
> dvs.
On Wed, Sep 08, 2010 at 07:15:35PM +0200, Christian Sciberras wrote:
> You're expecting us to trust YOU over the Government X?
>
> How do we know you're not working for the French Government (seeing
> how you didn't list it in your conspiracy list)?
>
> I love jokes, but this is a bit too late fo
So you might then add another pass of making a hash after the details of
transaction are known that embodies transaction details, then use oblivious
transfer again so that each end knows that the transaction was done and
was thus accepted?
Takes care of someone taking over the transaction perhaps,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2106-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2010
> While we may be similar to other proposed ideas, our implementation is
> unique and we are rapidly developing a PAM module at this moment. We
> are not limited to https.
I would expect there to be quite a bit less value in adding something
like this to SSH for the following reasons:
* Users o
Tim,
Absolutely, the risk of javascript being rewritten is highlighted
below-- which is why there needs to be something outside the reference
implementation below.
While we may be similar to other proposed ideas, our implementation is
unique and we are rapidly developing a PAM module at this mome
On Wed, Sep 8, 2010 at 10:08 AM, Przemyslaw Frasunek
wrote:
>
> There is a working exploit, allowing to gain local root privileges. It will be
> released after 14 days from this advisory.
This is for good to practice. Disclosure eleventeen is years after we
has must posted description. You follo
Chris,
The cryptographic primitives are long-standing and strong, and the
source is open! Feel free to pick apart our proposed protocol
specification!
On Wed, Sep 8, 2010 at 12:15 PM, Christian Sciberras wrote:
> You're expecting us to trust YOU over the Government X?
>
> How do we know you're n
You're expecting us to trust YOU over the Government X?
How do we know you're not working for the French Government (seeing
how you didn't list it in your conspiracy list)?
I love jokes, but this is a bit too late for April's Fool.
Cheers,
Chris.
On Wed, Sep 8, 2010 at 6:59 PM, Tim wrote:
>
With the recent MS update/patch and my POC failure (to exploit the
vuln), it is clear that this type of "vulnerability" is impractical.
In the (few) cases where it *might* work, the approach to fixing it is
not practical; that is, there are hundreds if not thousands, of
vulnerable applications.
Jus
Hello Andrew,
> un-tl;dr abstract: SSL is broken. Certificate authorities only exist
> to let the US, Chinese, Turkish, Brazilian etc etc government or
> Russian mob spy on you (whichever is interested first). Well, I guess
> they also exist to line the pockets of assholes who want $10-50 for
> p
A GOATSE SECURITY RELEASE
Application layer authentication-inherent validation of public key
integrity without the use of a trusted third party
Andrew Auernhemer and Jordan Borges.
More readable version w/ reference links available here:
http://security.goatse.fr/clench-our-way-of-saying-screw-you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless
LAN Controllers
Advisory ID: cisco-sa-20100908-wlc
Revision 1.0
For Public Release 2010 September 08 1600 UTC (GMT
FreeBSD 7.0 - 7.2 pseudofs null pointer dereference
Disclosed by: Przemyslaw Frasunek
18/08/2010
1. Synopsis
Starting from FreeBSD 5.0, the system supports POSIX extended attributes,
allowing to store metadata associated with file. Those attributes can be
manipulated using extattr_* syscalls.
On
# host websecurity.com.ua
websecurity.com.ua has address 62.149.9.65
On 8/09/2010 9:00 PM, YGN Ethical Hacker Group wrote:
> Good job, Dude
>
> You didn't even bother to hide your track.
>
>
> [snip]
> Received: from a (shalb.com [62.149.9.65])
> by lists.grok.org.uk (Postfix) with SMTP id
Good job, Dude
You didn't even bother to hide your track.
[snip]
Received: from a (shalb.com [62.149.9.65])
by lists.grok.org.uk (Postfix) with SMTP id F1F06324
for ;
Wed, 8 Sep 2010 04:41:17 +0100 (BST)
[/snip]
-
Delivered-To: li..
YMMD :)
> Hello Full-Disclosure!
>
> I want to warn you that I dont know anything about running secure sites. > As
> a result it seems I have been compromised!
>
> www.websecurity.com.ua
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http:/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2105-1 secur...@debian.org
http://www.debian.org/security/Giuseppe Iuculano
September 07, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2098-2 secur...@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
September 7, 2010
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[ FreeBSD 8.1/7.3 vm.pmap kernel local race condition ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
http://lu.cxib.net
Date:
- - Dis.: 09.07.2010
- - Pub.: 07.09.2010
Affected Software (verified):
- - FreeBSD 7.3/8.1
Original URL:
htt
A vulnerability is a vulnerability.
A SQL Injection is a type of Vulnerability.
For each type of Vulnerability, there will be thousands of web
applications that might be vulnerable to it.
DLL Hijacking is same.
We do each post rather than a list so that security vulnerability news
site can get req
52 matches
Mail list logo