Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes
Given Microsoft's already poor reputation regarding security, I'm not sure how it'd be possible for them to degrade their reputation any more I don't believe its as bad as you think since Microsoft adopted a SDLC (prior to circa 2001 was a different story). I also believe a significant portion of the perception is due to vendors running on a Windows operating system. When is the last time you heard someone bashing Adobe, which is currently 'King of the Vulnerability Hill.'? Adobe surpasses Microsoft as favorite hacker’s target (Jul 2009) http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ Adobe predicted as top 2010 hacker target (Dec 2009) http://www.theregister.co.uk/2009/12/29/security_predictions_2010/. You're probably not going to like this, but in 2003, Apache on Linux over took IIS as most defaced (the Server market share between Windows and *nix appears to be about equal - see below). Zone-H Statistics Report, http://www.zone-h.org/news/id/4686 I'm not sticking up for Microsoft. I simply claim the numbers state otherwise. Very few people use Microsoft software because of its security reputation. Presuming 'people' equates to Desktop installations, the numbers I have seen indicate otherwise. When estimated through browser use, Microsoft appears to have about 90%. Personally, I am familiar with two US federal agencies where the desktop is exclusively Microsoft (about 160,000 total hosts combined, unless the US government has downsized since 2006). If you're talking about servers, the numbers indicate that Microsoft is on par with *nix (IDC report) or slightly above *nix (Gartner report). Again, I'm not sticking up for Microsoft. I simply claim the numbers state otherwise. The main reasons for using Microsoft are ease of use and compatibility with other users. Is *nix not trying to do the same? These are two key factors which *must* be fulfilled before *nix can displace Microsoft on the Desktop. IT departments like 'easy to use' - it keeps help desk calls to a minimum. IT departments also like compatibility since they don't have to spend time researching problems, workarounds, and solutions. Given that, I'm not sure that Microsoft's perception will be affected very much in the user community. Agreed. I do question Microsoft's position on *not* patching flaws when discovered or reported in a timely manner. But that's another story, and brings in co-conspirators, such as iDefense and TippingPoint. For example, CVE-2009-2502 was reported to Microsoft in 2007 by a firm which buys bugs to save everyone from 0-days. Microsoft probably knew about the 2502 bug earlier, since the GDI+/JPEG vuln was made public in Microsoft Security Bulletin MS04-028 (I'm making the leap that Microsoft performed additional audits on the GDI+ module when reports started arriving). Yet the bug was not fixed until 2009 (almost 2 years). See http://seclists.org/fulldisclosure/2009/Oct/196. ~JW On Thu, Jan 21, 2010 at 6:34 PM, Rohit Patnaik quanti...@gmail.com wrote: Given Microsoft's already poor reputation regarding security, I'm not sure how it'd be possible for them to degrade their reputation any more. Very few people use Microsoft software because of its security reputation. The main reasons for using Microsoft are ease of use and compatibility with other users. Given that, I'm not sure that Microsoft's perception will be affected very much in the user community. -- Rohit Patnaik On Wed, Jan 20, 2010 at 6:17 PM, ☣ frank^2 fra...@dc949.org wrote: On Wed, Jan 20, 2010 at 10:25 AM, Dan Kaminsky d...@doxpara.com wrote: Seriously. I mean, just look at Linux, Firefox, and OpenOffice. Pristine code, not a single security vulnerability between them :) That's a red herring. His point was the public perception of the software company-- true or not-- would be hindered because Microsoft is all-encompassing. Compared to the world of open-source, the risk is distributed by the sheer virtue of software engineering being distributed amongst thousands of entities. This means that the vulnerabilities are spread across different parties, rather than having all vulnerabilities encompassed by a single party-- in this case, Microsoft. His argument was irrelevant to corporations vs. open-source being more vulnerable than one another-- it was simply a commentary on distributed risk in software engineering. -- Did you and them get your degree from the same university of trolls? I have mistaken nothing for nothing. Fuck you. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PHC is _NOT_ DEAD !!!!
Looks like someone touched a nerve... My impression of PHC is that of a couple of sploit kidsif that's the best they can throw at us. On Fri, Jan 22, 2010 at 12:20 PM, p...@hushmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 my spamfilter is crying now STFU !! y0 fuqin jew !!! Heh. I agree, but only because this month has been a fairly quiet one regarding n3td3v drama. from now on, everything would be darker and deeper On Fri, 22 Jan 2010 03:24:48 +0200 dramacrat yirim...@gmail.com wrote: why you gotta say shit like that my spamfilter is crying now 2010/1/22 Rohit Patnaik quanti...@gmail.com Heh. I agree, but only because this month has been a fairly quiet one regarding n3td3v drama. --Rohit Patnaik On Thu, Jan 21, 2010 at 10:20 AM, Christian Sciberras uuf6...@gmail.comwrote: Vote +1 for message of the month award. On Thu, Jan 21, 2010 at 2:22 PM, p...@hushmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 peep game nigga, peep game, feel us ! - --Phrack High Council -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAktYVRAACgkQPBffzoCVnANW3QP9EMxg0GLjH2DfaH7sAsH/0UsrBQz + yo+ob4Qy8hF373vHTy0GjTxLYPPYuT58xUEwdzO/vnHNJlGkWjbCucnJiQj3hAdXZ/R / fYQP1Kg978//PDBMyTUBRCwIafjELdhHgUl3a7nR7dlRsu8hRx6ebHncw0+HmfW95uh Y VpjBPQ4= =AsaL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAktZiesACgkQPBffzoCVnAPinQQAkeizwPKNujYcvNIr56+EBFTtWFPE AqWH3VmxflT6cmZXbf6Ojj1+zbWn9Tkz3yFlOlnfnEvVQ5HI9UsP1kKCJZmnktPTG01X rXJzqVHc0Llcacc7JNRFSoPogxn07d2ZuwBF/y8X3F6zWTT0NP/L8ouDsLK7hotvI9Bg Ihn7Kmc= =qCEP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iiscan results - a closer look
FYI: Here's a brief analysis of the IISCAN-ops: http://blog.sucuri.net/2010/01/closer-look-at-iiscan.html Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PHC is _NOT_ DEAD !!!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 my spamfilter is crying now STFU !! y0 fuqin jew !!! Heh. I agree, but only because this month has been a fairly quiet one regarding n3td3v drama. from now on, everything would be darker and deeper On Fri, 22 Jan 2010 03:24:48 +0200 dramacrat yirim...@gmail.com wrote: why you gotta say shit like that my spamfilter is crying now 2010/1/22 Rohit Patnaik quanti...@gmail.com Heh. I agree, but only because this month has been a fairly quiet one regarding n3td3v drama. --Rohit Patnaik On Thu, Jan 21, 2010 at 10:20 AM, Christian Sciberras uuf6...@gmail.comwrote: Vote +1 for message of the month award. On Thu, Jan 21, 2010 at 2:22 PM, p...@hushmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 peep game nigga, peep game, feel us ! - --Phrack High Council -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAktYVRAACgkQPBffzoCVnANW3QP9EMxg0GLjH2DfaH7sAsH/0UsrBQz + yo+ob4Qy8hF373vHTy0GjTxLYPPYuT58xUEwdzO/vnHNJlGkWjbCucnJiQj3hAdXZ/R / fYQP1Kg978//PDBMyTUBRCwIafjELdhHgUl3a7nR7dlRsu8hRx6ebHncw0+HmfW95uh Y VpjBPQ4= =AsaL -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAktZiesACgkQPBffzoCVnAPinQQAkeizwPKNujYcvNIr56+EBFTtWFPE AqWH3VmxflT6cmZXbf6Ojj1+zbWn9Tkz3yFlOlnfnEvVQ5HI9UsP1kKCJZmnktPTG01X rXJzqVHc0Llcacc7JNRFSoPogxn07d2ZuwBF/y8X3F6zWTT0NP/L8ouDsLK7hotvI9Bg Ihn7Kmc= =qCEP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-890-3] Python 2.4 vulnerabilities
=== Ubuntu Security Notice USN-890-3 January 22, 2010 python2.4 vulnerabilities CVE-2009-3560, CVE-2009-3720 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4 2.4.3-0ubuntu6.4 python2.4-minimal 2.4.3-0ubuntu6.4 Ubuntu 8.04 LTS: python2.4 2.4.5-1ubuntu4.3 python2.4-minimal 2.4.5-1ubuntu4.3 Ubuntu 8.10: python2.4 2.4.5-5ubuntu1.2 python2.4-minimal 2.4.5-5ubuntu1.2 Ubuntu 9.04: python2.4 2.4.6-1ubuntu3.2.9.04.1 python2.4-minimal 2.4.6-1ubuntu3.2.9.04.1 Ubuntu 9.10: python2.4 2.4.6-1ubuntu3.2.9.10.1 python2.4-minimal 2.4.6-1ubuntu3.2.9.10.1 After a standard system upgrade you need to restart any Python 2.4 applications that use the PyExpat module to effect the necessary changes. Details follow: USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3-0ubuntu6.4.diff.gz Size/MD5: 2664095 5de4651cbd7cde17234d4211ba2411ae http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3-0ubuntu6.4.dsc Size/MD5: 1231 531ed5726641e53070416713ae73fc13 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3.orig.tar.gz Size/MD5: 9328584 fd9dd825b8c680fa04c2fc2c957964b1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/idle-python2.4_2.4.3-0ubuntu6.4_all.deb Size/MD5: 243560 46eb30d3ba78d65a24942d45399ab253 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-doc_2.4.3-0ubuntu6.4_all.deb Size/MD5: 3358290 ddd3fe197e3e098f60440048d47eb887 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-examples_2.4.3-0ubuntu6.4_all.deb Size/MD5: 587756 2066487eb0f6b0c2928fc992162a77af amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dbg_2.4.3-0ubuntu6.4_amd64.deb Size/MD5: 5570950 10762ebd4d1da8b3f5c154b0331e72ab http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dev_2.4.3-0ubuntu6.4_amd64.deb Size/MD5: 1635738 bb3f078081d50c309edd48f768b3c731 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-gdbm_2.4.3-0ubuntu6.4_amd64.deb Size/MD5:30414 67faa5e501c7f3dc9a3963f7048df087 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-minimal_2.4.3-0ubuntu6.4_amd64.deb Size/MD5: 794578 9f54103d56a5f8df99c802846452c047 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-tk_2.4.3-0ubuntu6.4_amd64.deb Size/MD5: 114202 49798f581bc3d754a6f1f70100a4fd43 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4_2.4.3-0ubuntu6.4_amd64.deb Size/MD5: 2862842 a734f567c48c97db1a9edaab2293cd36 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dbg_2.4.3-0ubuntu6.4_i386.deb Size/MD5: 4832926 e3b2968fe756fe6afb9c71392420b906 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-dev_2.4.3-0ubuntu6.4_i386.deb Size/MD5: 1466698 c8a5dbb232fdc29bc527f46729e3f68b http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-gdbm_2.4.3-0ubuntu6.4_i386.deb Size/MD5:29704 9006cb06f2fdf32ce673583b1908e789 http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-minimal_2.4.3-0ubuntu6.4_i386.deb Size/MD5: 703714 fc3f12993b059cb8bfd324a15fdf16eb http://security.ubuntu.com/ubuntu/pool/main/p/python2.4/python2.4-tk_2.4.3-0ubuntu6.4_i386.deb Size/MD5: 110502 07647877c6b7c58848e7055936c8
[Full-disclosure] Silverstripe = v2.3.4: two XSS vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Silverstripe CMS, http://silverstripe.org/, version 2.3.4 and lower (and its unreleased 2.4 branch), is vulnerable to two Cross Site Scripting issues. 1. The comment posting mechanism of Silverstripe ('PostCommentForm') fails to properly sanitize the 'CommenterURL' parameter. This allows for persistent injection of HTML or javascript code within existing HTML tags. 2. The forum module is vulnerable to a reflective XSS issue caused by the search script failing to properly sanitize input to the 'Search' parameter. When invoking this URL: SILVERSTRIPESITE/forums/search/?Search=%22%20onmouseover=%22javascript:alert%280%29;%22 trying to reorder the search results will trigger execution of the injected javascript code. According to its quickly responding developers, Silverstripe version 2.3.5 fixes both issues: http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456 Relevant SCM changesets: http://open.silverstripe.org/changeset/97034 http://open.silverstripe.org/changeset/97070 http://open.silverstripe.org/changeset/97073 http://open.silverstripe.org/changeset/97074 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEAREKAAYFAktZ9qEACgkQn6GkvSd/BgzVmACfaNiygTiaMy59QygEu0xeZ93S KzsAoIIQA7krAVdNycjXdh7EaIMUiVk+ =9I4y -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Netragard's Exploit Acquisition Program -- We're back at it again.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We've brought back our Exploit Acquisition Program. For those interested in selling research, have a read. http://snosoft.blogspot.com/2010/01/resurrection-of-eap.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAktaJfIACgkQQwbn1P9Iaa3GYwCcCbgeInSodccat5AKd66NvDqr YrAAoKGjdArdZA3qX6tuyUTZFAdo24kB =+X7r -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CVE-2010-0249 in the wild
Hi to all, i have just updated the list of URL that spreading stuff through cve-2010-0249. If you are interested check: http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html -- http://extraexploit.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CVE-2010-0249 in the wild
And one has to wonder what exactly it means if anything that some of the exploits involved are dropping malware that installs and manipulates your web browsing experience to be geared towards Sogou.com, a distasteful Google knock off in China. More than that though they even install Sogou Explorer which appears to be a Google Chrome like, but yet again clunky, knock off. So is it attackers that just happen to really love Sogou and want to share it with the world? Criminals doing it to make money off of Sogou browser install referral programs? (If they have such a thing.) Chinese company looking to expand its market share through hacking? And if so is there government support for such a program? And if so again then how does Baidu feel about that? Or something else entirely making this a completely moot point to begin with? Inquiring minds want to know... It is funny to me the hax0r cool biological warfare (since people love to compare the two, bleh.) aspect of these attacks originating, supposedly, from a country whose population is more susceptible to compromise than that of the target. That is of course at least more easily susceptible given the prevalence and reliability of IE 6 exploits vs. other IE versions. With China having an estimated 60%[1] of browsers on IE6 vs. 12% in the U.S. Not to imply further as to a country being the culprit. In that vein though you do have to find the irony that unlike physical warfare, where a dropped bomb is a dead bomb, here in cyberspace you can drop a bomb that can then be tossed back at you more effectively than your original. Signed, Marc Maiffret Chief Security Architect FireEye, Inc. http://www.FireEye.com [1] - http://gs.statcounter.com/#browser_version-CN-daily-20080701-20100119-bar On Fri, Jan 22, 2010 at 2:41 PM, exploit dev extraexpl...@gmail.com wrote: Hi to all, i have just updated the list of URL that spreading stuff through cve-2010-0249. If you are interested check: http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html -- http://extraexploit.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CVE-2010-0249 in the wild
It is funny to me the hax0r cool biological warfare (since people love to compare the two, bleh.) aspect of these attacks originating, supposedly, from a country whose population is more susceptible to compromise than that of the target. I totally agree with you. Just think that some hosts neighbors to domains found (related to cve-2010-0249), from what I saw, exploits vulnerabilities through ActiveX Applications (toolbar, IM, media player) that are designed in China for the Chinese. -- http://extraexploit.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/