[Full-disclosure] [ MDVSA-2013:300 ] asterisk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:300 http://www.mandriva.com/en/support/security/ ___ Package : asterisk Date: December 22, 2013 Affected: Business Server 1.0 ___ Problem Description: A vulnerability has been discovered and corrected in asterisk: Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100). The updated packages has been upgraded to the 11.7.0 version which resolves various upstream bugs and is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100 https://issues.asterisk.org/jira/browse/ASTERISK-22590 http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html ___ Updated Packages: Mandriva Business Server 1/X86_64: e24b714a039387ce246a75cb86f9a5aa mbs1/x86_64/asterisk-11.7.0-1.mbs1.x86_64.rpm af4da5a36e630210f2483ae3c46db9b4 mbs1/x86_64/asterisk-addons-11.7.0-1.mbs1.x86_64.rpm 85e539430165237292a64e104c0dcaff mbs1/x86_64/asterisk-devel-11.7.0-1.mbs1.x86_64.rpm 5c539a9ecc40ce581a6e052498a4e17b mbs1/x86_64/asterisk-firmware-11.7.0-1.mbs1.x86_64.rpm 2620a9775c3f4a81856e5209cb92415f mbs1/x86_64/asterisk-gui-11.7.0-1.mbs1.x86_64.rpm 0fb5cb906884a9a4948dacdc4f2e3728 mbs1/x86_64/asterisk-plugins-alsa-11.7.0-1.mbs1.x86_64.rpm 660123db21c5819ebba6fe52c6433732 mbs1/x86_64/asterisk-plugins-calendar-11.7.0-1.mbs1.x86_64.rpm dc78596485a8baca38ccb62b8d5f3d30 mbs1/x86_64/asterisk-plugins-cel-11.7.0-1.mbs1.x86_64.rpm 97323d1bf191e4eb1f1a619330f4a384 mbs1/x86_64/asterisk-plugins-corosync-11.7.0-1.mbs1.x86_64.rpm d0c1b630a526930b597c5ebbea838e0f mbs1/x86_64/asterisk-plugins-curl-11.7.0-1.mbs1.x86_64.rpm 0585275b570504e13448ddec41637749 mbs1/x86_64/asterisk-plugins-dahdi-11.7.0-1.mbs1.x86_64.rpm 8b16ca9b3a9467931ee55ceb7eb87e0c mbs1/x86_64/asterisk-plugins-fax-11.7.0-1.mbs1.x86_64.rpm dc9cea95cdcb0bccb638e44c80db9615 mbs1/x86_64/asterisk-plugins-festival-11.7.0-1.mbs1.x86_64.rpm aa0746b011a0b9c607512fd024470e9d mbs1/x86_64/asterisk-plugins-ices-11.7.0-1.mbs1.x86_64.rpm 66c1d1d7c7f050534b14d4a00cb9be27 mbs1/x86_64/asterisk-plugins-jabber-11.7.0-1.mbs1.x86_64.rpm bdb76cae7c31b3c747924afaaa4be9ab mbs1/x86_64/asterisk-plugins-jack-11.7.0-1.mbs1.x86_64.rpm 64b0a39eab31e855f7c3e232815b6970 mbs1/x86_64/asterisk-plugins-ldap-11.7.0-1.mbs1.x86_64.rpm 953d08b45ada744d1a745a1076b784cf mbs1/x86_64/asterisk-plugins-lua-11.7.0-1.mbs1.x86_64.rpm 5de657bd7924ba1cb92ff83c1f08c60e mbs1/x86_64/asterisk-plugins-minivm-11.7.0-1.mbs1.x86_64.rpm 9d8167b8c997f1d9612d3f255a03e3f5 mbs1/x86_64/asterisk-plugins-mobile-11.7.0-1.mbs1.x86_64.rpm fb0f914bf7bf17807d625cee9acef023 mbs1/x86_64/asterisk-plugins-mp3-11.7.0-1.mbs1.x86_64.rpm 0860304b68c9419a3f12e0cda3cdaa75 mbs1/x86_64/asterisk-plugins-mysql-11.7.0-1.mbs1.x86_64.rpm aff65445ffe4308b3c0a7c4ba8fb8ae2 mbs1/x86_64/asterisk-plugins-ooh323-11.7.0-1.mbs1.x86_64.rpm be6753c6e166c8bbc4ea18a57cd53170 mbs1/x86_64/asterisk-plugins-osp-11.7.0-1.mbs1.x86_64.rpm 3e143d7cfb7e13130e65b4e574f503d8 mbs1/x86_64/asterisk-plugins-oss-11.7.0-1.mbs1.x86_64.rpm 1c931954172d4501ed4088d2f446dcbd mbs1/x86_64/asterisk-plugins-pgsql-11.7.0-1.mbs1.x86_64.rpm b1717277db6c460ecef21c420b37b300 mbs1/x86_64/asterisk-plugins-pktccops-11.7.0-1.mbs1.x86_64.rpm d77487524f4c97de9045ec95ad12ab6e mbs1/x86_64/asterisk-plugins-portaudio-11.7.0-1.mbs1.x86_64.rpm 71e27adc458413c7702d6818898fe5e7 mbs1/x86_64/asterisk-plugins-radius-11.7.0-1.mbs1.x86_64.rpm 3dbccf9557495d4348ae3505d97b38be mbs1/x86_64/asterisk-plugins-saycountpl-11.7.0-1.mbs1.x86_64.rpm 3b89b8637aec14894a58bef4cd689567 mbs1/x86_64/asterisk-plugins-skinny-11.7.0-1.mbs1.x86_64.rpm 50d45e856e41c6ecff783b93a4287eda mbs1/x86_64/asterisk-plugins-snmp-11.7.0-1.mbs1.x86_64.rpm ad92c508abd692fbd99f7fa5aaabecc2 mbs1/x86_64/asterisk-plugins-speex-11.7.0-1.mbs1.x86_64.rpm 3f6c510e2b249132de1e6c0f28b8aa68 mbs1/x86_64/asterisk-plugins-sqlite-11.7.0-1.mbs1.x86_64.rpm 8668cd7c3ab9fee553a00a3214612ea8 mbs1/x86_64/asterisk-plugins-tds-11.7.0-1.mbs1.x86_64.rpm 993a93fcdf4e50e09496c7043a67569a mbs1/x86_64/asterisk-plugins-unistim-11.7.0-1.mbs1.x86_64.rpm e5af9c493e06ed9109db7d7d6a99cf57
[Full-disclosure] [ MDVSA-2013:301 ] nss
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:301 http://www.mandriva.com/en/support/security/ ___ Package : nss Date: December 23, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in mozilla NSS: Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozillas root store, was loaded into a man-in-the-middle (MITM) traffic management device. This certificate was issued by Agence nationale de la scurit des systmes d#039;information (ANSSI), an agency of the French government and a certificate authority in Mozilla#039;s root program. A subordinate certificate authority of ANSSI mis-issued an intermediate certificate that they installed on a network monitoring device, which enabled the device to act as a MITM proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The issue was not specific to Firefox but there was evidence that one of the certificates was used for MITM traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking trust in the intermediate used by the sub-CA to issue the certificate for the MITM device. The NSS packages has been upgraded to the 3.15.3.1 version which is unaffected by this security flaw. Additionally the rootcerts packages has been upgraded with the latest certdata.txt file as of 2013/12/04 from mozilla. ___ References: http://www.mozilla.org/security/announce/2013/mfsa2013-117.html https://hg.mozilla.org/projects/nss/rev/5a7944776645 https://rhn.redhat.com/errata/RHSA-2013-1861.html ___ Updated Packages: Mandriva Enterprise Server 5: f64b57e8e1489aca8e36940926d01be2 mes5/i586/libnss3-3.15.3.1-0.1mdvmes5.2.i586.rpm 8ad27ca61cb54273b86a7dcb6080dfd6 mes5/i586/libnss-devel-3.15.3.1-0.1mdvmes5.2.i586.rpm 6f58ffd2e2331a898935f25413bfe916 mes5/i586/libnss-static-devel-3.15.3.1-0.1mdvmes5.2.i586.rpm 3a241e12285e4c8355805d51581d16e1 mes5/i586/nss-3.15.3.1-0.1mdvmes5.2.i586.rpm 8ac2221850ef5f20cde3a2b893c7d415 mes5/i586/nss-doc-3.15.3.1-0.1mdvmes5.2.i586.rpm 919316850cd1791b3af8058e9a3f1013 mes5/i586/rootcerts-20131204.00-1mdvmes5.2.i586.rpm ce7c9326b10d3d61bf9a10629efe781b mes5/i586/rootcerts-java-20131204.00-1mdvmes5.2.i586.rpm 49d603f56a6376a7f54360c5022ea2d4 mes5/SRPMS/nss-3.15.3.1-0.1mdvmes5.2.src.rpm 77d42ea8c90d1f81b55a88ee502fdf79 mes5/SRPMS/rootcerts-20131204.00-1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 91860057c57d803d570159296548e11f mes5/x86_64/lib64nss3-3.15.3.1-0.1mdvmes5.2.x86_64.rpm e524aa9f172641dbd1fde18f01665787 mes5/x86_64/lib64nss-devel-3.15.3.1-0.1mdvmes5.2.x86_64.rpm 5dacbc6bdc381431a1a015264bdd6961 mes5/x86_64/lib64nss-static-devel-3.15.3.1-0.1mdvmes5.2.x86_64.rpm 6a412c4b8ad4966b3f6b35981a0ac4e4 mes5/x86_64/nss-3.15.3.1-0.1mdvmes5.2.x86_64.rpm 75e04656ba7919620090aeafd2ad3104 mes5/x86_64/nss-doc-3.15.3.1-0.1mdvmes5.2.x86_64.rpm d8abc1f91538731821b85aad818d4f8e mes5/x86_64/rootcerts-20131204.00-1mdvmes5.2.x86_64.rpm d96e3bb5260bb16a53cb980991b82b5e mes5/x86_64/rootcerts-java-20131204.00-1mdvmes5.2.x86_64.rpm 49d603f56a6376a7f54360c5022ea2d4 mes5/SRPMS/nss-3.15.3.1-0.1mdvmes5.2.src.rpm 77d42ea8c90d1f81b55a88ee502fdf79 mes5/SRPMS/rootcerts-20131204.00-1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 19f335950595f14418deef279a372e25 mbs1/x86_64/lib64nss3-3.15.3.1-1.1.mbs1.x86_64.rpm 3b2d0fa0cbba2c17887b89810f448624 mbs1/x86_64/lib64nss-devel-3.15.3.1-1.1.mbs1.x86_64.rpm ba6ed68908e1e6229aef25e9a3c90369 mbs1/x86_64/lib64nss-static-devel-3.15.3.1-1.1.mbs1.x86_64.rpm b4fa8082d49bbaa0473e17f1015e3c3b mbs1/x86_64/nss-3.15.3.1-1.1.mbs1.x86_64.rpm 49161488853273bce95258f88317a82a mbs1/x86_64/nss-doc-3.15.3.1-1.1.mbs1.noarch.rpm 64752a3a71fc8eea81c00234618f98a2 mbs1/x86_64/rootcerts-20131204.00-1.mbs1.x86_64.rpm 421f2f7141eee8d0756ea53fa08f152a mbs1/x86_64/rootcerts-java-20131204.00-1.mbs1.x86_64.rpm 19f967fe9bd21cd801198fc81a483f0a mbs1/SRPMS/nss-3.15.3.1-1.1.mbs1.src.rpm d43de2a119c08f9e9fbb14890e538de9 mbs1/SRPMS/rootcerts-20131204.00-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the
[Full-disclosure] Security by destruction
Hi I would like to know if you guys have links/background about a security by destruction principle? This question follows the behavior observed recently by a bank (I won't reveal tHiS Big bank name), multiple times (including but not limited to my case) where they simply block, retain and destroy/reissue (of course with customer charges) without clear or efficient notification/check a credit card when used abroad or for international transfer. I still didn't read small lines in my contract, But wonder if some of you had observed similar approaches to ensure the security of customers/consumers? Thanks Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in Dewplayer
Hello list! I want to inform you about vulnerabilities in Dewplayer. These are Content Spoofing and Cross-Site Scripting vulnerabilities. There are near 422 000 web sites with dewplayer.swf in Google's index. And it's just one file name and there are other file names of this player (such as dewplayer-en.swf and others). - Affected products: - Vulnerable are Dewplayer 2.2.2 and previous versions. - Affected vendors: - Alsacreations http://www.alsacreations.fr -- Details: -- Content Spoofing (Content Injection) (WASC-12): http://site/dewplayer.swf?mp3=1.mp3 http://site/dewplayer.swf?file=1.mp3 http://site/dewplayer.swf?sound=1.mp3 http://site/dewplayer.swf?son=1.mp3 This is for old versions of the player. In versions Dewplayer 2.x there is only mp3 from these 4 variants. Content Spoofing (Content Injection) (WASC-12): http://site/dewplayer.swf?xml=1.xml 1.xml playlist version=1 trackList track locationhttp://site/1.mp3/location creator/ album/ titleMusic/title annotation/ duration/ image/ info/ link/ /track /trackList /playlist 2.xml (with image) playlist version=1 trackList track locationhttp://site/1.mp3/location creator/ album/ titleMusic/title annotation/ duration/ imagehttp://site/1.jpg/image info/ link/ /track /trackList /playlist XSS (WASC-08): Only vinyl version of Dewplayer are vulnerable to Cross-Site Scripting. http://site/dewplayer-vinyl.swf?xml=xss.xml http://site/dewplayer-vinyl-en.swf?xml=xss.xml xss.xml playlist version=1 trackList track locationjavascript:alert(document.cookie)/location titleXSS/title /track /trackList /playlist http://site/dewplayer-vinyl.swf?xml=xss2.xml http://site/dewplayer-vinyl-en.swf?xml=xss2.xml xss2.xml playlist version=1 trackList track location1.mp3/location titleXSS/title linkjavascript:alert(document.cookie)/link /track /trackList /playlist Timeline: 2013.10.25 - announced at my site. 2013.10.26 - informed developers. 2013.12.19 - disclosed at my site (http://websecurity.com.ua/6831/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Merry Christmas and all the best in the new year
Merry Christmas and all the best in the new year Cheers, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: NS1 ssh bad attempts
Looks like someone hosed the input field in a scanning/brute-force app and it passed the error as an input valuewonder if the second 003 was cut off as 0034 is ASCII . On 12/21/2013 at 4:01 AM, Gary Baribault wrote:Drunk typing or an attempt using a vuln? Anyone seen this? It's an attempted login to SSH in a fully patched CentOS server. I'm on the road for a few hours, any questions will be answered this aft. Gary B Original Message Subject: NS1 ssh bad attempts Date: Sat, 21 Dec 2013 03:16:39 -0500 From: r...@smtp.baribault.net (root) To: g...@smtp.baribault.net Dec 20 19:57:48 garybaribaultnet sshd[6084]: Invalid user 03402error!0203 from 64.147.222.2 Dec 20 19:57:48 garybaribaultnet sshd[6085]: input_userauth_request: invalid user 03402error!0203 Dec 20 19:57:51 garybaribaultnet sshd[6084]: Failed password for invalid user 03402error!0203 from 64.147.222.2 port 50259 ssh2 Dec 20 03:42:01 garybaribaultnet sshd[25317]: refused connect from 216.87.173.50 (216.87.173.50) Dec 20 05:35:17 garybaribaultnet sshd[26506]: refused connect from 198.13.101.247 (198.13.101.247) Dec 20 13:19:41 garybaribaultnet sshd[32622]: refused connect from 222.186.57.230 (222.186.57.230) Dec 20 13:42:01 garybaribaultnet sshd[540]: refused connect from 199.71.214.66 (199.71.214.66) Dec 20 13:59:16 garybaribaultnet sshd[761]: refused connect from 222.186.15.121 (222.186.15.121) Dec 20 16:00:28 garybaribaultnet sshd[2834]: refused connect from 202.119.236.121 (202.119.236.121) Dec 20 16:58:45 garybaribaultnet sshd[3725]: refused connect from 222.189.239.75 (222.189.239.75) Dec 20 20:43:21 garybaribaultnet sshd[6557]: refused connect from 61.142.106.34 (61.142.106.34) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CVSphoto.com Stores Passwords Unhashed
I don't have the human bandwidth to deal with yelling at CVS for this right now, but figured I'd make a ML post about it if someone wants to do so. The email I got is here: http://i.imgur.com/bII9iGw.png Please feel free to try creating an account yourself and forgetting your password. -a ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2826-1] denyhosts security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2826-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 22, 2013 http://www.debian.org/security/faq - - Package: denyhosts Vulnerability : Remote denial of ssh service Problem type : remote Debian-specific: no CVE ID : CVE-2013-6890 Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6-7+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 2.6-10+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 2.6-10.1. For the unstable distribution (sid), this problem has been fixed in version 2.6-10.1. We recommend that you upgrade your denyhosts packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSty67AAoJEG3bU/KmdcClLHsH/08JpuJ82Zx+bIkahPHMDCgt KwIV0s8ZXWamBSbUflfsxY0KfhozWzzlIqqNfCE7M7VG4TNkctnSSBZdpqDKGypn eYuX/H3dPovLh4Srcx7TF3H9TW2/zv4uddn6xQYsWrKmhwDLcfZ/lR78TKZhnDZI 4fDP0hJ6qWdqE4kP+Qxt3hHxx1SYNJBm+tMaSJANlSaOjE5VPTmTlxf3b5u4bXez jbK73IGXitfDAjvyMePpPJSKrZ6juJTYU+/sOVV0yMJfik1cSJU5VwHAZjtQIk2g QqJFvVfWfqYR6wZIWUvONZI+5x0NvvFBXmjqyTbLb+5JzqKv2UwyVd19KEHvgjM= =GFt6 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2827-1] libcommons-fileupload-java security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2827-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 24, 2013 http://www.debian.org/security/faq - - Package: libcommons-fileupload-java Vulnerability : arbitrary file upload via deserialization Problem type : local (remote) Debian-specific: no CVE ID : CVE-2013-2186 Debian Bug : 726601 It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. For the oldstable distribution (squeeze), this problem has been fixed in version 1.2.2-1+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 1.2.2-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.3-2.1. For the unstable distribution (sid), this problem has been fixed in version 1.3-2.1. We recommend that you upgrade your libcommons-fileupload-java packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSuR2NAAoJEAVMuPMTQ89E6s0P/1gU0HVBSy+C3Tvr0KejOcEx H0wKOV1JuVbS2b3fKvX4xtgRU2RlZQeIvdH8qUs56ireymC8p0al1DtWQbNRLjZP dyVFq3h4IGh/bNtvG8n5yppqcO9amwbaDMDwan3208ZIfAE+AULj+JBGXYSpE75z XppPhATYPZ8zkG23GkufQ4/+vKivT3iLgoQ2YfO/aSU5Ondp0pUB+RP3GlOhXskl y6cAQZDOEqcTJslJML7WwnVp4/WGxHyvoD0RRrocdy4fzzf+pWw62T4foogVwz/6 UyX2WEcZO78jGbU5+vlKc8D3N8mv6ZRNSW6GZOslND8XSCJlWBbHWTWq0f6TgTM7 eYCMKpSzASrSbFXmZmnMsQfcX6tbsngF6DA3ZK1bT5LIHCo0BAJsR2fI3oWXOn8V H3rh/L6JOzviVBrp4MkRYDiafg8gpvCIRB8OhuSsIWt++ZmMvVFLRXuVb/sltNhH ee51WoZ0hRzSGxhs/M8Uob7X+wF/vc/FMp/QLIWlSy1CTa5GpDncRp5zebXXeXh2 7iezihfmm9fXx6Rlre3BAkCZuKbYosMZ4fjuR6W2wVHFbIGmaOMKD3oXhmmYbxky qR1S4yEqsV3dPNLBfCPLlOu8ZvzIBr1A8guWKoAdZSqe8ziUF4RFhGGCFboBWqvL uDDYBO1IxsANMl3+Xhbw =PBof -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/