Denial-Of-Service holes in JDK 1.4.1_01

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Denial-Of-Service holes in JDK 1.4.1_01 Security Alert by Marc Schoenefeld (html version at http://www.illegalaccess.org) Several Java distributions (like the popular JDK 1.4.1 JRE from Sun) have been found to contain several locally Denial of

Re: @(#)Mordred Labs advisory - Texis sensitive information leak

Confirmed. Time to configure your web application proxies to block the naughty strings. Doing a google search for texis.exe turns up some interesting sites, all of which respond to ?-dump and ?-version. The information provided is significant including local ip and forwarding IP (so you can

@(#)Mordred Security Labs - RSA ClearTrust Cross Site Scripting issues

-BEGIN PGP SIGNED MESSAGE- //@(#) Mordred Security Labs advisory Release date: March 14, 2003 Name: RSA ClearTrust Cross Site Scripting issues Risk: low Author: Sir Mordred ([EMAIL PROTECTED], http://mslabs.iwebland.com) I. Description: The RSA ClearTrust is a Web access management

PROBLEMS WITH WINDOWS SHORTCUTS

PROBLEMS WITH WINDOWS SHORTCUTS == Topic: Problems with Windows Shortcuts Tested With: Windows 98, Windows 2000 Server Author: S.G.Masood ([EMAIL PROTECTED])

[SECURITY] [DSA-262-1] samba security fix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-262-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman March 15, 2003 -

qpopper timing analysis on to determine if a username exists on a system

Hello, during development of a pop3 tool I found an issue that makes it possible for any user to check the validity of a user on a target system. If a user is valid and an invalid password has been supplied, then the system waits ~10 seconds until it sends a disconnect message and disconnect.

A response to Bruce Schneier on MS patch management and Sapphire

-Original Message- From: Jason Coombs [mailto:[EMAIL PROTECTED] Sent: Sunday, February 16, 2003 10:31 AM To: Bruce Schneier Subject: RE: CRYPTO-GRAM, February 15, 2003 Aloha, Bruce. This is in response to your Crypto-Gram discussion of the Sapphire/SQL Slammer worm that struck

Re: response to tax software not encrypting tax info

Hello! The problem with the unencrypted files is not new. In 2000 we made a test of common financial office programs, including MS Money, Quicken, Lexware, Quickbooks etc. -- in most cases, we were able to disable a password protection by just changing one byte in the (mostly unencrypted)

Remote Exploit in Business::OnlinePayment::WorldPay::Junior

Business::OnlinePayment::WorldPay::Junior is a perl module providing a backend for perl scripts to manage credit/debit card payments through the WorldPay Select Junior service. I am the author of the module. There is a bug in all version of Business::OnlinePayment::WorldPay::Junior prior to

Re: @(#)Mordred Labs advisory - Texis sensitive information leak

//@(#) Mordred Security Labs advisory Release date: March 15, 2003 Name: Texis sensitive information leak Versions affected: all versions Risk: average Author: Sir Mordred ([EMAIL PROTECTED], http://mslabs.iwebland.com) III. Exploit: http://victim.com/texis.exe/?-version

Re: [EC-SA-01.2003] Windows XP welcome screen exposes the names of all the members of the local administrators group

Hello Andrew, 1. Thanks a lot for your note about the way to remove users from the welcome screen. I am sorry I was not aware of this workaround when the advisory was published. It is a shame MS don't add this procedure to its KB (as far as I searched there). I have tested this and, as

Re: Unknown trust error when downloading ocget.dll

I've been battling this for a couple of days now too ... I have one thing to add to what Ken said, and that is ... If you turn on the Prompt for Unsigned ActiveX Controls, then I've found that you get a prompt to install and run http://codecs.microsoft.com/objects/ocget.dll Which clearly is a