Re: [Full-disclosure] Sonicwall license servers down .. all customers affected
IT Security wrote: > DRM schemes like this only cause problems for the LEGITIMATE customers . And to think that you paid a very good amount of money for that level of service. We all know that there is no level of DRM that can protect anything. Where there is a will, there is a way. Your statement of affecting only legitimate customers is dead on the money. Time to start voting with dollars and holding companies accountable. This state of eating whatever they spoon feed to us needs to end. We all allowed this to happen. > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] VMSA-2008-0019 VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - VMware Security Advisory Advisory ID: VMSA-2008-0019 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve a critical security issue and update bzip2 Issue date:2008-12-02 Updated on:2008-12-02 (initial release of advisory) CVE numbers: CVE-2008-4917 CVE-2008-1372 - - 1. Summary Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console. 2. Relevant releases VMware Workstation 6.0.5 and earlier, VMware Workstation 5.5.8 and earlier, VMware Player 2.0.5 and earlier, VMware Player 1.0.8 and earlier, VMware Server 1.0.9 and earlier, VMware ESXi 3.5 without patch ESXe350-200811401-O-SG VMware ESX 3.5 without patches ESX350-200811406-SG and ESX350-200811401-SG VMware ESX 3.0.3 without patches ESX303-200811404-SG and ESX303-200811401-BG VMware ESX 3.0.2 without patches ESX-1006980 and ESX-1006982 NOTE: Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. 3. Problem Description a. Critical Memory corruption vulnerability A memory corruption condition may occur in the virtual machine hardware. A malicious request sent from the guest operating system to the virtual hardware may cause the virtual hardware to write to uncontrolled physical memory. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = VirtualCenter any Windows not affected Workstation6.5.x any not affected Workstation6.0.x any 6.5.0 build 118166 or later Workstation5.x any 5.5.9 build 126128 or later Player 2.5.x any not affected Player 2.0.x any 2.5.0 build 118166 or later Player 1.x any 1.0.9 build 126128 or later ACE2.5.x Windows not affected ACE2.0.x Windows 2.5.0 build 118166 or later ACE1.x Windows 1.0.8 build 125922 or later Server 2.x any not affected Server 1.x any 1.0.8 build 126538 or later Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X upgrade to Fusion 2.0 or later ESXi 3.5 ESXi ESXe350-200811401-O-SG ESX3.5 ESX ESX350-200811401-SG ESX3.0.3 ESX ESX303-200811401-BG ESX3.0.2 ESX ESX-1006980 ESX2.5.5 ESX not affected b. Updated Service Console package bzip2 bzip2 versions before 1.0.5 can crash if certain flaws in compressed data lead to reading beyond the end of a buffer. This might cause an application linked to the libbz2 library to crash when decompressing malformed archives. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1372 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX3.5 ESX ESX350-200811406-SG ESX3.0.3 ESX ESX303-200811404-SG ESX3.0.2 ESX ESX-1006982 ESX2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VMware Workstation 5.5.9 http://www.vmware.com/download/ws/ws5.html Release notes: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Windows binary: md5
[Full-disclosure] [USN-684-1] ClamAV vulnerability
=== Ubuntu Security Notice USN-684-1 December 02, 2008 clamav vulnerability https://bugs.launchpad.net/bugs/304017 === A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: libclamav5 0.94.dfsg.2-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service. Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.diff.gz Size/MD5: 159258 35b619fff489b7fdbfacd86170572cfa http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1.dsc Size/MD5: 1545 d35181ceb4a8b93aa8ef3d80f424a52e http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz Size/MD5: 22073819 7b45b0c54b887b23cb49e4bff807cf58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.94.dfsg.2-1ubuntu0.1_all.deb Size/MD5: 19497162 d2d7052e4859a66f9556a33839be072b http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.94.dfsg.2-1ubuntu0.1_all.deb Size/MD5: 1077346 0c0e57cf0a6d5004611621c81d158b3e http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.94.dfsg.2-1ubuntu0.1_all.deb Size/MD5: 208058 8dd86c35b97cfa0c111ec6a99f90d7b4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 239628 465bacd5ebfec386196f83b90c59b1d5 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 914866 309f142bd797da5b06bae9f3273c729a http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 255448 b28942a9a6ecd5b09eea78f22f56658c http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 235612 d7fc1fbc5112f2b8b4bb81f26f8495bd http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 573860 1a499485cdee3a5ed728fdb115d4708e http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 538626 f1ec69b8d9bc15cf1b6ab9b483b37568 http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_amd64.deb Size/MD5: 232722 4abb421ae13f2c04ccf7e975d68344f1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 233172 1e14e971a76712c4a38d3250e3f84a4f http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 849368 dc7e8747a2f1b40db10fd3dfa80d6d8f http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 253682 2dfbb18dbe45b97fe537e440c86079f0 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 232686 f5fc69f35bb5206e6f3f1802eab27b87 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 541856 cc9e3b0f262968372c5cdf8b62606280 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav5_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 524410 2d1f9e712a3ef57c99434469a584f38d http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.94.dfsg.2-1ubuntu0.1_i386.deb Size/MD5: 229260 280079fa42c8ff6a18a8fd1406956f3c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 232694 509ca94dd8ba239e70df349015eab8b6 http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 866262 636afb9207724719c22544dda5bd http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 253738 0581fb06ce78fd9a2d1e2d81cfa95e87 http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.94.dfsg.2-1ubuntu0.1_lpia.deb Size/MD5: 232232 7e301b68901a3435da4768b2845bf61d http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.94.dfsg.2-1ubunt
[Full-disclosure] [SECURITY] [DSA 1677-1] New CUPS packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1677-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 2nd, 2008 http://www.debian.org/security/faq - -- Package: cupsys Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2008-5286 Debian Bug : 507183 An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. For the stable distribution (etch) this problem has been fixed in version 1.2.7-4etch6. For testing distribution (lenny) this issue will be fixed soon. For the unstable distribution (sid) this problem has been fixed in version 1.3.8-1lenny4. We recommend that you upgrade your cupsys packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc Size/MD5 checksum: 1092 a7198b7e0d7724a972d4027e805b1387 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz Size/MD5 checksum: 108940 1321ea49cfa8c06d619759acb00b0b2e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 Architecture independent components: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb Size/MD5 checksum: 917900 4abe699f9d2a8f866b1e323934c6172a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb Size/MD5 checksum:46256 9e98540d35e8a7aef76a1042cc4befe4 Alpha architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1614646 18542415a7a35563aacf6baccc2c474c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb Size/MD5 checksum:39316 641f1871ea3d1e61a56dc009b2e58652 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb Size/MD5 checksum:85894 99a322067e2207a67afc55dccd5d63b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 1092462 e2c0dd66dc9d52d41b7e179fa83908ab http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb Size/MD5 checksum:95658 51c76b87321a3c01dfe996fabad2de88 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum:72682 751a0c814ae40bf75b0494dafd19bd8e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 175346 f8701aeb6bc3670c3f1e60cc80c4ded7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb Size/MD5 checksum: 183712 42dc520b09c22f1d25b7ff1e6d7574bb AMD64 architecture: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1576182 fe94635e099af684c654fb6468522f21 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb Size/MD5 checksum:36342 3e5954fdc1c572e86f2eeef93c1f466f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb Size/MD5 checksum:80704 9a21d4104655094da5f2ff3a4c019a08 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 1087506 cd83b8b030a4c972b1b3fa396114d9e9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb Size/MD5 checksum:86360 aeed41809da68dc26e7c586e87878c45 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb Size/MD5 checksum:53008 9f8e3453367ef72e6ef6f00dc6baf624 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb Size/MD5 checksum: 162608 a768dc52659411be6fd46b38df61d69b http:/
Re: [Full-disclosure] Sonicwall license servers down .. all customers affected
I am sure Sonic wall is going to lose many customers and other companies should learn and not put DRM in their products. I hope this will teach them. On Tue, Dec 2, 2008 at 9:36 PM, Elazar Broad <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I stopped using SonicWall when I learned I had to purchase a whole > new device for a customer that just wanted to add a few more > machines to their network, instead of bumping the license like most > "normal" vendors. > > On Tue, 02 Dec 2008 14:14:43 -0500 IT Security > <[EMAIL PROTECTED]> wrote: > >Sonicwall (makers of various security products) has had their > >license > >manager (server) go haywire overnight and it's "reset" (meaning > >invalidated) > >the licenses on all of their email security products. This means > >customers > >can't login to their own systems (a good case against draconian > >DRM like > >this). Calls to support have gone straight to voicemail all > >morning, and no > >ETA for resolution yet exists. > > > >This is affecting **all** of their customers, as far as I can tell > >(and > >based on what I'm told by their general support ticket-taker). > > > >Their forum (probably requires registration) is full of complaints > >about it. > >Screenshots of it and other problem areas are available on request > >.. but I > >don't want to email them to this entire list). > > > >The first alert was these warnings : > > > > > >~~ SonicWALL Email Security Alert (6.2.2.1071) ~~ > > > > > >[Summary: Your Email Security licenses have been reset.] > > > >Details: > >Host Name: **ourmailhost** > >Description: The Email Security licenses have been reset at > >12/02/2008 04:18 EST. The email filtering will not be > >working. > > > >TimeStamp: > >LocalTime: Tue Dec 2 04:18:49 2008 > >GMT: Tue Dec 2 09:18:49 2008 > > > >Additional Information: > >Recommended Action: Please contact SonicWall Technical > >Support. > > > >A response from their technical support on the issue went like > >this : > > > >"The issue is on our backend server who stores the registrations, > >some ES > >appliances got licences resetted. The exact cause is still being > >analized > >with high priority. In those cases entering the mysonicwall > >credentials or > >uploading file solve the issue. Kind Regards Ivan" > > > >And as of now, their license server is **still** off-line : > > > >$ telnet licensemanager.sonicwall.com 443 > >Trying 204.212.170.143... > >telnet: Unable to connect to remote host: Connection refused > > > >DRM schemes like this only cause problems for the LEGITIMATE > >customers . > -BEGIN PGP SIGNATURE- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQECAAYFAkk1jiwACgkQi04xwClgpZidpwP9EGnoiLpcTxqCI8uZn6IPZ5xNfSXs > mFJBuV7+4DimJdh1Wr6XdevITM3XTvb56SqoLuKYXJTatlt5pExV16PqpCbNFTIGJl/x > TjqFF2//M1GE0+02mfSpVFBTXAsji6chEWSM7KSk+4h/BGIpppc1bLC45JEscgrEWp4N > OBvxfp8= > =zRVw > -END PGP SIGNATURE- > > -- > Paying too much for your business phone system? Click here to compare > systems from top companies. > > http://tagline.hushmail.com/fc/PnY6qxu9tWrxyM1PdHDmXgMv34TDO7Gvn9NbAdfSuL24iBSp0vlKw/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 02 Dec 2008 11:50:46 -0500 rholgstad <[EMAIL PROTECTED]> wrote: >Mike C wrote: >> On Mon, Dec 1, 2008 at 5:27 PM, rholgstad <[EMAIL PROTECTED]> >wrote: >> >>> and how does making a color based on these inputs protect >people? >>> >>> >> >> Once all desktops have an icon or widget (say at the right hand >> corner) with the color, and this is consistently seen >everywhere, the >> users will start associating with their online security. they >will be >> reminded that they have to be careful with the data they share. >> >> This, if implemented correctly will be a boon to security >industry, >> where the weakest kinks currently are 'n00b' users. >> >> >you are joking right? > >So some widget is going to stop the next SMB remote or IE client >side >and protect the 'n00b' users? Please explain how this works. Also >please >explain how "they will be reminded that they have to be careful >with the >data they share. " has anything to do with protecting a users >machine >from being compromised. Thats the whole point. There is a fine line between using visual alerts to put people(Joe six pack) into a state of "awareness"(more like mild hysteria) of a threat versus knowing how to protect oneself against that threat and using that awareness indicator as the kick in the ass to get moving and shore up the defenses(hell, how many security folk do this too, then again, every time something goes bump we see red). Visual alerts are great at persuasion tools, especially when the goal is to get Joe to buy your latest all-in-one-will-make-your-coffee-and-buy-you-beer AV/Malware/Spyware/Foo(whats this doing here?)/evil monkey in the closet package. So of course, Joe will never learn how to properly defend his computer/data, and the "industry" will prosper. Now, thanks to our good friends over at the DHS, the color system has turned into a complete and utter joke(for the most part), so my friend, you see, this a complete exercise in futility(besides the fact that every friggin AV/IDS/Security/SIM company out there has red, yellow and green as their corporate "flag", if you are just joining the party, then you can completely ignore this) If you really want to change state of security for the n00bs, spread the knowledge, not the colors. My .02... elazar -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkk1jJIACgkQi04xwClgpZgUfgP/V8LI3a3rHs7C4q2ysvKV4NbQ4cPU nWV6y48oJ4FESHpt+TZnOjgG1hk/co/ANgejLnYAwwJQDL/rxjvfi9NY/GPK1iNeTiXm GUWrfrAhllrd2mov4lMXf5RVGq7Qrrk1ZXvEOmhZrDMd8dCQme0ORK+3CUB3S9PUGpfH 22I5eKQ= =OTUm -END PGP SIGNATURE- -- Become a Graphic Designer and earn up to $150/ hour. Click here. http://tagline.hushmail.com/fc/PnY6qxunKhhCjqRvNj8oq36yZn7HJGDPFWA7dYMteZ51ZzHPUHKiM/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sonicwall license servers down .. all customers affected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I stopped using SonicWall when I learned I had to purchase a whole new device for a customer that just wanted to add a few more machines to their network, instead of bumping the license like most "normal" vendors. On Tue, 02 Dec 2008 14:14:43 -0500 IT Security <[EMAIL PROTECTED]> wrote: >Sonicwall (makers of various security products) has had their >license >manager (server) go haywire overnight and it's "reset" (meaning >invalidated) >the licenses on all of their email security products. This means >customers >can't login to their own systems (a good case against draconian >DRM like >this). Calls to support have gone straight to voicemail all >morning, and no >ETA for resolution yet exists. > >This is affecting **all** of their customers, as far as I can tell >(and >based on what I'm told by their general support ticket-taker). > >Their forum (probably requires registration) is full of complaints >about it. >Screenshots of it and other problem areas are available on request >.. but I >don't want to email them to this entire list). > >The first alert was these warnings : > > >~~ SonicWALL Email Security Alert (6.2.2.1071) ~~ > > >[Summary: Your Email Security licenses have been reset.] > >Details: >Host Name: **ourmailhost** >Description: The Email Security licenses have been reset at >12/02/2008 04:18 EST. The email filtering will not be >working. > >TimeStamp: >LocalTime: Tue Dec 2 04:18:49 2008 >GMT: Tue Dec 2 09:18:49 2008 > >Additional Information: >Recommended Action: Please contact SonicWall Technical >Support. > >A response from their technical support on the issue went like >this : > >"The issue is on our backend server who stores the registrations, >some ES >appliances got licences resetted. The exact cause is still being >analized >with high priority. In those cases entering the mysonicwall >credentials or >uploading file solve the issue. Kind Regards Ivan" > >And as of now, their license server is **still** off-line : > >$ telnet licensemanager.sonicwall.com 443 >Trying 204.212.170.143... >telnet: Unable to connect to remote host: Connection refused > >DRM schemes like this only cause problems for the LEGITIMATE >customers . -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkk1jiwACgkQi04xwClgpZidpwP9EGnoiLpcTxqCI8uZn6IPZ5xNfSXs mFJBuV7+4DimJdh1Wr6XdevITM3XTvb56SqoLuKYXJTatlt5pExV16PqpCbNFTIGJl/x TjqFF2//M1GE0+02mfSpVFBTXAsji6chEWSM7KSk+4h/BGIpppc1bLC45JEscgrEWp4N OBvxfp8= =zRVw -END PGP SIGNATURE- -- Paying too much for your business phone system? Click here to compare systems from top companies. http://tagline.hushmail.com/fc/PnY6qxu9tWrxyM1PdHDmXgMv34TDO7Gvn9NbAdfSuL24iBSp0vlKw/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Sonicwall license servers down .. all customers affected
Sonicwall (makers of various security products) has had their license manager (server) go haywire overnight and it's "reset" (meaning invalidated) the licenses on all of their email security products. This means customers can't login to their own systems (a good case against draconian DRM like this). Calls to support have gone straight to voicemail all morning, and no ETA for resolution yet exists. This is affecting **all** of their customers, as far as I can tell (and based on what I'm told by their general support ticket-taker). Their forum (probably requires registration) is full of complaints about it. Screenshots of it and other problem areas are available on request .. but I don't want to email them to this entire list). The first alert was these warnings : ~~ SonicWALL Email Security Alert (6.2.2.1071) ~~ [Summary: Your Email Security licenses have been reset.] Details: Host Name: **ourmailhost** Description: The Email Security licenses have been reset at 12/02/2008 04:18 EST. The email filtering will not be working. TimeStamp: LocalTime: Tue Dec 2 04:18:49 2008 GMT: Tue Dec 2 09:18:49 2008 Additional Information: Recommended Action: Please contact SonicWall Technical Support. A response from their technical support on the issue went like this : "The issue is on our backend server who stores the registrations, some ES appliances got licences resetted. The exact cause is still being analized with high priority. In those cases entering the mysonicwall credentials or uploading file solve the issue. Kind Regards Ivan" And as of now, their license server is **still** off-line : $ telnet licensemanager.sonicwall.com 443 Trying 204.212.170.143... telnet: Unable to connect to remote host: Connection refused DRM schemes like this only cause problems for the LEGITIMATE customers . ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] More proof that Microsoft products are probably backdoored
all speculation: no 1 knows 4 sure. http://it.slashdot.org/article.pl?sid=07/12/17/1754257&from=rss http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/ http://www.theforbiddenknowledge.com/hardtruth/nsa_backdoor_windows.htm c how i did that n3td3v? i posted links, nd talked about the article w/out stealing ppls work. pay attention. On Tue, Dec 2, 2008 at 9:36 AM, Andy McKnight <[EMAIL PROTECTED]> wrote: > 2008/12/2 Ureleet <[EMAIL PROTECTED]> >> >> u arent getting it. >> >> it has nothing 2 do w/ backdoors. they r talking about actual >> backdoors in the code. so that anyone who knows the backdoor can >> acess any windows system regarless. they r saying that microsoft has >> coded backdoors into the system so that the govt can get into any >> system, patched or not. pay attention. > > I haven't seen anything that suggests that systems are/will be backdoored > here. The text of the statement said "remote searches" which in legal terms > could be anything from something as simple as browsing shared files > available through P2P to full remote system access. > > Do you have anything else that suggests Windows has backdoors present other > than this statement? > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
mike c, u r now in the same group as n3td3v. congratulations 4 being a moron, doing repetitive work, and suggesting nonsensical material. nice idea. especially if it hadnt already been done. 10x over. o, and u werent the lead of it. plug urself much? how about u plug ur n3td3v group 2? On Tue, Dec 2, 2008 at 12:47 PM, vulcanius <[EMAIL PROTECTED]> wrote: > *Sorry for my double posting to you Chris. > > All this solution does is take up their resources and piss off the users who > then find ways to get rid of it or circumvent the useless thing. In the case > of Mike C this means they'll be disabling whatever security software is in > place that uses it. > > Bravo folks, you've saved the tubes. > > On Tue, Dec 2, 2008 at 12:13 PM, Chris Jeane <[EMAIL PROTECTED]> wrote: > > If you are taking a proactive approach to security, maybe you should always > remind the user to be careful with their data. > How about 'all desktops have an icon or widget (say at the right hand > corner)' that flashes red every five minutes and says 'be careful with the > data you share.' This solution removes the overhead of all that pesky > monitoring and data mining. > > __ > _ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200812-07 ] Mantis: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238570, #241940, #242722 ID: 200812-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been discovered in Mantis, the most severe of which leading to the remote execution of arbitrary code. Background == Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apps/mantisbt < 1.1.4-r1 >= 1.1.4-r1 Description === Multiple issues have been reported in Mantis: * EgiX reported that manage_proj_page.php does not correctly sanitize the sort parameter before passing it to create_function() in core/utility_api.php (CVE-2008-4687). * Privileges of viewers are not sufficiently checked before composing a link with issue data in the source anchor (CVE-2008-4688). * Mantis does not unset the session cookie during logout (CVE-2008-4689). * Mantis does not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3102). Impact == Remote unauthenticated attackers could exploit these vulnerabilities to execute arbitrary PHP commands, disclose sensitive issue data, or hijack a user's sessions. Workaround == There is no known workaround at this time. Resolution == All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1" References == [ 1 ] CVE-2008-3102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102 [ 2 ] CVE-2008-4687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687 [ 3 ] CVE-2008-4688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688 [ 4 ] CVE-2008-4689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-07.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
*Sorry for my double posting to you Chris. All this solution does is take up their resources and piss off the users who then find ways to get rid of it or circumvent the useless thing. In the case of Mike C this means they'll be disabling whatever security software is in place that uses it. Bravo folks, you've saved the tubes. On Tue, Dec 2, 2008 at 12:13 PM, Chris Jeane <[EMAIL PROTECTED]> wrote: If you are taking a proactive approach to security, maybe you should always remind the user to be careful with their data. How about 'all desktops have an icon or widget (say at the right hand corner)' that flashes red every five minutes and says 'be careful with the data you share.' This solution removes the overhead of all that pesky monitoring and data mining. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200812-06 ] libxml2: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libxml2: Multiple vulnerabilities Date: December 02, 2008 Bugs: #234099, #237806, #239346, #245960 ID: 200812-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Background == libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/libxml2 < 2.7.2-r1 >= 2.7.2-r1 Description === Multiple vulnerabilities were reported in libxml2: * Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). * A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). * Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). * Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). * Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact == A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround == There is no known workaround at this time. Resolution == All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1" References == [ 1 ] CVE-2008-3281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281 [ 2 ] CVE-2008-3529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529 [ 3 ] CVE-2008-4409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409 [ 4 ] CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 [ 5 ] CVE-2008-4226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-06.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200812-05 ] libsamplerate: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libsamplerate: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #237037 ID: 200812-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability in libsamplerate might lead to the execution of arbitrary code. Background == Secret Rabbit Code (aka libsamplerate) is a Sample Rate Converter for audio. Affected packages = --- Package / Vulnerable / Unaffected --- 1 media-libs/libsamplerate < 0.1.4 >= 0.1.4 Description === Russell O'Connor reported a buffer overflow in src/src_sinc.c related to low conversion ratios. Impact == A remote attacker could entice a user or automated system to process a specially crafted audio file possibly leading to the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All libsamplerate users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=media-libs/libsamplerate-0.1.4" References == [ 1 ] CVE-2008-5008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5008 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-05.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200812-02 ] enscript: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: enscript: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #243228 ID: 200812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Two buffer overflows in enscript might lead to the execution of arbitrary code. Background == enscript is a powerful ASCII to PostScript file converter. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-text/enscript < 1.6.4-r4 >= 1.6.4-r4 Description === Two stack-based buffer overflows in the read_special_escape() function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the "setfilename" command (CVE-2008-3863), and Kees Cook of Ubuntu discovered a vulnerability related to the "font" escape sequence (CVE-2008-4306). Impact == An attacker could entice a user or automated system to process specially crafted input with the special escapes processing enabled using the "-e" option, possibly resulting in the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All enscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/enscript-1.6.4-r4" References == [ 1 ] CVE-2008-3863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863 [ 2 ] CVE-2008-4306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-02.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200812-01 ] OptiPNG: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OptiPNG: User-assisted execution of arbitrary code Date: December 02, 2008 Bugs: #246522 ID: 200812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability in OptiPNG might result in user-assisted execution of arbitrary code. Background == OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 media-gfx/optipng < 0.6.2 >= 0.6.2 Description === A buffer overflow in the BMP reader in OptiPNG has been reported. Impact == A remote attacker could entice a user to process a specially crafted BMP image, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All OptiPNG users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/optipng-0.6.2" References == [ 1 ] CVE-2008-5101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5101 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200812-04 ] lighttpd: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: lighttpd: Multiple vulnerabilities Date: December 02, 2008 Bugs: #238180 ID: 200812-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. Background == lighttpd is a lightweight high-performance web server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 www-servers/lighttpd < 1.4.20 >= 1.4.20 Description === Multiple vulnerabilities have been reported in lighttpd: * Qhy reported a memory leak in the http_request_parse() function in request.c (CVE-2008-4298). * Gaetan Bisson reported that URIs are not decoded before applying url.redirect and url.rewrite rules (CVE-2008-4359). * Anders1 reported that mod_userdir performs case-sensitive comparisons on filename components in configuration options, which is insufficient when case-insensitive filesystems are used (CVE-2008-4360). Impact == A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data. Workaround == There is no known workaround at this time. Resolution == All lighttpd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20" References == [ 1 ] CVE-2008-4298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298 [ 2 ] CVE-2008-4359 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359 [ 3 ] CVE-2008-4360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-04.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200812-03 ] IPsec-Tools: racoon Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPsec-Tools: racoon Denial of Service Date: December 02, 2008 Bugs: #232831 ID: 200812-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability. Background == IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-firewall/ipsec-tools < 0.7.1 >= 0.7.1 Description === Two Denial of Service vulnerabilities have been reported in racoon: * The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651). * Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely (CVE-2008-3652). Impact == An attacker could exploit these vulnerabilities to cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-firewall/ipsec-tools-0.7.1" References == [ 1 ] CVE-2008-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651 [ 2 ] CVE-2008-3652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200812-03.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
If you are taking a proactive approach to security, maybe you should always remind the user to be careful with their data. How about 'all desktops have an icon or widget (say at the right hand corner)' that flashes red every five minutes and says 'be careful with the data you share.' This solution removes the overhead of all that pesky monitoring and data mining. The internet is a dangerous place, and will continue to be. My 'noob' grandmother doesn't need a 1-5 Danger Scale to keep her from being scammed when she buys holiday gifts online. [Grandmother Voice] 'Ohh dear we are at Internet Danger Level: Tangerine, guess I can't order those knit socks for Johnny today.' [End Grandmother Voice] On Tue, Dec 2, 2008 at 10:50 AM, rholgstad <[EMAIL PROTECTED]> wrote: > Mike C wrote: > > On Mon, Dec 1, 2008 at 5:27 PM, rholgstad <[EMAIL PROTECTED]> wrote: > > > >> and how does making a color based on these inputs protect people? > >> > >> > > > > Once all desktops have an icon or widget (say at the right hand > > corner) with the color, and this is consistently seen everywhere, the > > users will start associating with their online security. they will be > > reminded that they have to be careful with the data they share. > > > > This, if implemented correctly will be a boon to security industry, > > where the weakest kinks currently are 'n00b' users. > > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
Mike C wrote: > On Mon, Dec 1, 2008 at 5:27 PM, rholgstad <[EMAIL PROTECTED]> wrote: > >> and how does making a color based on these inputs protect people? >> >> > > Once all desktops have an icon or widget (say at the right hand > corner) with the color, and this is consistently seen everywhere, the > users will start associating with their online security. they will be > reminded that they have to be careful with the data they share. > > This, if implemented correctly will be a boon to security industry, > where the weakest kinks currently are 'n00b' users. > > you are joking right? So some widget is going to stop the next SMB remote or IE client side and protect the 'n00b' users? Please explain how this works. Also please explain how "they will be reminded that they have to be careful with the data they share. " has anything to do with protecting a users machine from being compromised. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-683-1] Imlib2 vulnerability
=== Ubuntu Security Notice USN-683-1 December 02, 2008 imlib2 vulnerability CVE-2008-5187 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libimlib2 1.2.1-2ubuntu0.3 Ubuntu 7.10: libimlib2 1.3.0.0debian1-4ubuntu0.1 Ubuntu 8.04 LTS: libimlib2 1.4.0-1ubuntu1.1 Ubuntu 8.10: libimlib2 1.4.0-1.1ubuntu1.1 After a standard system upgrade you need to restart any applications that use Imlib2 to effect the necessary changes. Details follow: It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.diff.gz Size/MD5: 111655 1db5e38ae075ba7879e2379de336fa60 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.3.dsc Size/MD5: 753 d207af283f3356525dd8bf1863b18dde http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_amd64.deb Size/MD5: 352032 ca8a615db5f3fe5f9d9e7be5bc6e5251 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_amd64.deb Size/MD5: 214630 575972ea6305a67fb7dba4a9767bd738 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_i386.deb Size/MD5: 302506 558d3ca8288047f906d0abe64cacff0a http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_i386.deb Size/MD5: 193346 8814a94983cb3dc69c8751f8ffb0c0a7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_powerpc.deb Size/MD5: 341950 42cd29c55636cf54b595d40a1d8da334 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_powerpc.deb Size/MD5: 212852 aebcc16c8a0f26d97ff9b8853bc96344 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.3_sparc.deb Size/MD5: 318490 f96156937b2ac3fddfef13feab5c317b http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.3_sparc.deb Size/MD5: 194030 74b17b7473671d6bce17168e3a93892e Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.diff.gz Size/MD5:13311 8aace634a15651f892a707288bb06d80 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1-4ubuntu0.1.dsc Size/MD5: 873 b0131ffc8e50111ef870a805d74b5603 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz Size/MD5: 617750 7f389463afdb09310fa61e5036714bb3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_amd64.deb Size/MD5: 365864 03137784605c2957899f2e3ea98c7abb http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_amd64.deb Size/MD5: 213966 04d1d6d16c95ef15d400b69f946ef465 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_i386.deb Size/MD5: 334386 8964c1cf0d89fce685e45c275fe9b398 http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_i386.deb Size/MD5: 205672 7eda0e69c39446878a3604fcfa2bd100 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_lpia.deb Size/MD5: 341396 c566cf2c1190d50307518180ecbaf1f8 http://ports.ubuntu.com/pool/main/i/imlib2/libimlib2_1.3.0.0debian1-4ubuntu0.1_lpia.deb Size/MD5: 209212 cbdccce66f76e6811562e07c69b1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4ubuntu0.1_powerpc.deb Size/MD5: 362434 7174f6ee1792
Re: [Full-disclosure] Security industry software license
2008/12/2, j-f sentier <[EMAIL PROTECTED]>: > > Mike C, Andrew wallace, n3td3v (which are the same person), would you > please get the fuck out of this FD list ? > No one want to hear your bull-shit anymore around here. > > > > > > > > > > > 2008/12/2, Mike C <[EMAIL PROTECTED]>: >> >> On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson <[EMAIL PROTECTED]> wrote: >> > I agree - the biggest BS term in existence is the term >> "Cyberterror". If my >> > web server crashes, is it the result of a Jihadist? Do I care? >> >> >> Yes! The kind of exploiter decides the kind of evil thing that would >> be done from a zombie machine. You wouldnt want your PC to be a part >> of an enemy state's arsenal, or an extremist religious organization >> now, would you? >> >> >> -- >> MC >> Security Researcher >> Lead, Project Chroma >> http://sites.google.com/site/projectchromaproject/ >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Sat, 29 Nov 2008 18:17:22 GMT, "andrew.wallace" said: > I think we should push for this so that attack platforms that are > designed for penetration testers aren't used by the bad guys. Another good article noted by Bruce Schneier: http://www.schneier.com/blog/archives/2008/11/the_ill_effects_1.html "The experts said no one has actually done any research on SIM card cloning because the activity is illegal in the country." pgpOezj83u1Bz.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
i was going 2 leave the list, and still would like 2. however, i c that u r back 2 using ur alias instead of ur real name again, posting articles which u didn't write, and generally just going back to ur old ways. i left u alone for what? two days? wow. On Mon, Dec 1, 2008 at 3:52 PM, n3td3v <[EMAIL PROTECTED]> wrote: > Maybe he thinks the same as you and is making fun of the Department of > Homeland Security, SANS Internet Storm Center etc. > > On Mon, Dec 1, 2008 at 4:27 PM, rholgstad <[EMAIL PROTECTED]> wrote: >> and how does making a color based on these inputs protect people? >> >> Mike C wrote: >>> On Mon, Dec 1, 2008 at 4:21 AM, vulcanius <[EMAIL PROTECTED]> wrote: >>> By the way, I also noticed that the new site for your project has the current threat level as yellow. Is it safe to assume that you've already got your metric systems in place and running? >>> >>> Yes, >>> >>> We do have a working framework for color code generation. The inputs >>> to this function include >>> >>> *exploits released in the past week >>> - The severity of the exploit >>> - The application it was in >>> - The language >>> - estimated users of the software >>> >>> *The previous week's color >>> >>> *Localized nature of exploits. >>> >>> We cannot comment more on this until it is refined and standardized. >>> If you are (or know) an antivirus vendor, please contact me offline to >>> move ahead. >>> >>> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
does it matter who ur system is hacked by? no. ur system is had either way. it doesnt belong 2 u. On Tue, Dec 2, 2008 at 3:42 AM, Mike C <[EMAIL PROTECTED]> wrote: > On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson <[EMAIL PROTECTED]> wrote: >> I agree - the biggest BS term in existence is the term "Cyberterror". If my >> web server crashes, is it the result of a Jihadist? Do I care? > > Yes! The kind of exploiter decides the kind of evil thing that would > be done from a zombie machine. You wouldnt want your PC to be a part > of an enemy state's arsenal, or an extremist religious organization > now, would you? > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] More proof that Microsoft products are probably backdoored
u arent getting it. it has nothing 2 do w/ backdoors. they r talking about actual backdoors in the code. so that anyone who knows the backdoor can acess any windows system regarless. they r saying that microsoft has coded backdoors into the system so that the govt can get into any system, patched or not. pay attention. On Mon, Dec 1, 2008 at 6:32 PM, n3td3v <[EMAIL PROTECTED]> wrote: > Which court order? Post a link. > > On Mon, Dec 1, 2008 at 11:27 PM, Aaron Gray <[EMAIL PROTECTED]> wrote: >> Probably not with a court order. >> >> On Mon, Dec 1, 2008 at 10:51 PM, n3td3v <[EMAIL PROTECTED]> wrote: >>> >>> If they use zero-day exploits then thats illegal. >>> >>> Secondly, are they using zero-day exploits post on public mailing >>> lists or using their own home grown exploits that the bad guys and >>> potentially the vendor doesn't know about? >>> >>> On Mon, Dec 1, 2008 at 10:44 PM, Aaron Gray <[EMAIL PROTECTED]> wrote: >>> > "proof", did you read the article ? >>> > They are after your bad guys and probably using zero day exploits !? >>> > On Mon, Dec 1, 2008 at 9:13 PM, n3td3v <[EMAIL PROTECTED]> wrote: >>> >> >>> >> http://news.bbc.co.uk/1/hi/technology/7758127.stm >>> > >> >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
all of this is already being done elsewhere. even with desktop apps for color display. do sumthing original please? On Tue, Dec 2, 2008 at 5:57 AM, Andrew Farmer <[EMAIL PROTECTED]> wrote: > On 02 Dec 08, at 00:39, Mike C wrote: >> Once all desktops have an icon or widget (say at the right hand >> corner) with the color, and this is consistently seen everywhere, the >> users will start associating with their online security. they will be >> reminded that they have to be careful with the data they share. > > Perhaps you can also make a spy show up on the user's screen every > half hour to warn them that their communications may be monitored, > and allow them to report suspicious web sites to the appropriate > authorities. > > http://www.telegraph.co.uk/news/worldnews/1561740/index.html > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Lazy bum approach to security
i agree. people need 2 b more proactive, instead of reactive. On Sat, Nov 29, 2008 at 1:16 PM, andrew. wallace <[EMAIL PROTECTED]> wrote: > On Wed, Nov 26, 2008 at 5:49 PM, Mike C <[EMAIL PROTECTED]> wrote: >> I'm sure theres no reason to doubt that. The fact remains full-disclosure is >> where it all happens. > > You're taking yourself into a false sense of security there. If you > sit on a mailing list like full-disclosure and expect everything to be > brought to you on a plate you are mistaken. You can't take the lazy > bum approach to security and say, everything I need to know is on > full-disclosure. From my experience the majority of stuff goes on in > the underground communities, full-disclosure is only essentially an > announcement list, the rest is going on in individual communities. > What you need to do is get yourself dug into the underground > communities, you need to get yourself informants and build > relationships with members of communities, you _really_ can't sit on > full-disclosure and expect every security community and hacker > community to bring everything to you. I'm not talking about the n3td3v > group here because luckily I forward the key stuff to full-disclosure > for the lazy bums who can't be bothered to engaged in individual > communities and their members. Let me say though, the real > intelligence isn't on full-disclosure its elsewhere. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Iran executes IT expert who spied for Israel
Shut up punk, FD is NOT a news relay Got a mailing list ? Get some play there and fuck off 2008/12/1, n3td3v <[EMAIL PROTECTED]>: > > -- Forwarded message -- > From: n3td3v <[EMAIL PROTECTED]> > Date: Mon, Dec 1, 2008 at 10:23 PM > Subject: Iran executes IT expert who spied for Israel > To: n3td3v <[EMAIL PROTECTED]> > > > "A COMPUTER expert has been executed in Iran after he confessed to > working for Mossad, the Israeli intelligence service. This provides a > rare insight into the intense espionage activity inside the Islamic > republic." > > http://www.timesonline.co.uk/tol/news/world/middle_east/article5258057.ece > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1676-1] New flamethrower packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1676-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier December 01, 2008 http://www.debian.org/security/faq - Package: flamethrower (0.1.8-1+etch1) Vulnerability : insecure temp file generation Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-5141 Debian Bug : 506350 Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack. For the stable distribution (etch), this problem has been fixed in version 0.1.8-1+etch1. For the unstable distribution (sid), this problem has been fixed in version 0.1.8-2. We recommend that you upgrade your flamethrower package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.diff.gz Size/MD5 checksum: 3138 f6263743cb41f4f75ab9f4dbc76a71a5 http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8.orig.tar.gz Size/MD5 checksum:23485 04e1b6c5b4e72879e8aa69fcccb0491f http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.dsc Size/MD5 checksum: 598 4a880e477706f57bcfb806eb46a81922 Architecture independent packages: http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1_all.deb Size/MD5 checksum:16880 fbc0c1b237503a9d88521b444e4319e0 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJNGi7huANDBmkLRkRAtmHAJ46ID1fo23mpT0LaR+58dF75sgdaACgk1R2 I73MleBHGf32hPSwMhRRQbY= =qNZs -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
On 02 Dec 08, at 00:39, Mike C wrote: > Once all desktops have an icon or widget (say at the right hand > corner) with the color, and this is consistently seen everywhere, the > users will start associating with their online security. they will be > reminded that they have to be careful with the data they share. Perhaps you can also make a spy show up on the user's screen every half hour to warn them that their communications may be monitored, and allow them to report suspicious web sites to the appropriate authorities. http://www.telegraph.co.uk/news/worldnews/1561740/index.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
Please tell me there is sarcasm there? The exploiter can either use the exploited machine to make money, which makes him indistinguisable from every other punk on the net, or they access it simply to destroy it; which makes them a malicious punk. Either way, I am not terrorized, and Ramzi al-binwhatever ain't gonna make it to paradise or get his 72 myspace virgins (or second life, or whatever). The Jihadists have no use for the levels of intelligence gathering networks that the Russian empire has. What the heck to Jihadists care who the chain of command is - they lack the military discipline to think that far ahead. - Original Message - From: "Mike C" <[EMAIL PROTECTED]> To: "Joel Helgeson" <[EMAIL PROTECTED]> Cc: "Some Guy Posting To Full Disclosure" <[EMAIL PROTECTED]>; Sent: Tuesday, December 02, 2008 2:42 AM Subject: Re: [Full-disclosure] Security industry software license > On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson <[EMAIL PROTECTED]> wrote: >> I agree - the biggest BS term in existence is the term "Cyberterror". If >> my >> web server crashes, is it the result of a Jihadist? Do I care? > > Yes! The kind of exploiter decides the kind of evil thing that would > be done from a zombie machine. You wouldnt want your PC to be a part > of an enemy state's arsenal, or an extremist religious organization > now, would you? > > -- > MC > Security Researcher > Lead, Project Chroma > http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security industry software license
On Mon, Dec 1, 2008 at 7:50 PM, Joel Helgeson <[EMAIL PROTECTED]> wrote: > I agree - the biggest BS term in existence is the term "Cyberterror". If my > web server crashes, is it the result of a Jihadist? Do I care? Yes! The kind of exploiter decides the kind of evil thing that would be done from a zombie machine. You wouldnt want your PC to be a part of an enemy state's arsenal, or an extremist religious organization now, would you? -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
On Mon, Dec 1, 2008 at 5:27 PM, rholgstad <[EMAIL PROTECTED]> wrote: > and how does making a color based on these inputs protect people? > Once all desktops have an icon or widget (say at the right hand corner) with the color, and this is consistently seen everywhere, the users will start associating with their online security. they will be reminded that they have to be careful with the data they share. This, if implemented correctly will be a boon to security industry, where the weakest kinks currently are 'n00b' users. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
