I had some fun with The Hacker's Choice website and thought some of you
may want to learn from their lack of proper security. THC.org hosts project
files, source code, and many other things. It also includes pictures of
members and CCC friends, some that seem to request anonymity from public.
PatchAdvisor, Inc.
www.patchadvisor.com
= PATCHADVISOR VULNERABILITY ALERT =
= Cisco CallManager CTI Manager Remote Denial Of Service Vulnerability =
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
This is also phrack.org box (and teso and hert etc etc...), seems some
articles for the next phrack release, have been stolen:
regards
On 7/20/05, netsniper [EMAIL PROTECTED] wrote:
I had some fun with The Hacker's Choice website and thought some of you
may want to learn from their lack of
Sorry i forgot another one
On 7/20/05, Joxean Koret [EMAIL PROTECTED] wrote:
This is also phrack.org box (and teso and hert etc etc...), seems some
articles for the next phrack release, have been stolen:
regards
On 7/20/05, netsniper [EMAIL PROTECTED] wrote:
I had some fun with The
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-03/0269.html
lol
staff_rs_at_phrack.org
Date: 03/09/05
a.. Oh my god, he almost got a root shell
___
Full-Disclosure - We believe in it.
Charter:
PeanutHull Local Privilege Escalation Vulnerability
by Sowhat
EN: http://secway.org/advisory/AD20050720EN.txt
CN: http://secway.org/advisory/AD20050720CN.txt
Product Affected:
PeanutHull = 3.0 Beta 5
Overview:
Oray Inc. is the world's biggest DDNS (Dynamic Domain Name Service)
Provider
Folks,
It seems worthless to try to explain over and over again how trivial it is
to perform ICMP-based attacks against TCP. So I have posted on my web site
(http://www.gont.com.ar/tools/icmp-attacks) the same tools that vendors
were supposed to use to audit their systems, and test their
Folks,
Another trivial ICMP-based attack. We'll use the tool icmp-mtu, available
at http://www.gont.com.ar/tools/icmp-attacks
We'll perform the blind performance-degrading attack described in
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html as the Attack
against the Path-MTU
Here it is...what the heck over? Something new or did someone out
there make a boo boo ;)
06:56:58 homebox kernel: New,invalid UDP: IN=eth0 OUT=
MAC=00:04:75:80:dc:08:00:0f:90:27:ef:34:08:00 SRC=61.235.154.92
DST=24.116.x.x LEN=506 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=UDP
SPT=53591 DPT=1027
Here's a snippet of what I have...in total I have 95 of these starting
from April 14th. Only thing I am connected to is:
http://tv.yahoo.com/grid?.force=psetlineupcookie=true
Jul 14 06:19:05 homebox kernel: New,invalid TCP: IN=eth0 OUT=
MAC=00:04:75:80:dc:08:00:0f:90:27:ef:34:08:00
Consider the following scenario:
Your are running a decent network (say a couple of c-net) with a non
anonymous DHCP. It is not possible to have smart switches to each
endpoint. In the last stage the clients are connected to dumb
switches.
Everything is fine until a user shutdown a (DHCP:ed)
Physical security. ;)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Niklas
Sent: Wednesday, July 20, 2005 2:25 PM
To: FD-mailing
Subject: [Full-disclosure] Snatching IP on LAN, how to DoS/block such
machines?
Consider the following scenario:
At 07:25 p.m. 20/07/2005, Darren Reed wrote:
In some mail from Fernando Gont, sie said:
The IPv4 minimum MTU is 68, and not 576. If you blindly send packets
larger
than 68 with the DF bit set, in the case there's an intermmediate with an
MTU lower that 576, the connection will stall.
And
At 07:42 p.m. 20/07/2005, Darren Reed wrote:
Go look in the bugtraq archives for 8 July 2001 and you might find an
email like the one below. THere was a thread on this topic then.
It would be nice if you included a referral or something in your IETF
draft to my original work on this, 4 years
Ok, so you really think this is new...
Go look in the bugtraq archives for 8 July 2001 and you might find an
email like the one below. THere was a thread on this topic then.
It would be nice if you included a referral or something in your IETF
draft to my original work on this, 4 years ago.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA 763-1 [EMAIL PROTECTED]
http://www.debian.org/security/Michael Stone
July 20, 2005
On Tuesday 19 July 2005 21:09, [EMAIL PROTECTED] wrote:
On Mon, 18 Jul 2005 22:05:49 +0200, CIRT.DK Advisory said:
Name: CIRT.DK WebRoot - Bruteforcing tool
Version: 1.7
Author/Developer: Dennis Rand - CIRT.DK
Website: http://www.cirt.dk
Copyright:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 764-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
July 21st, 2005
19 matches
Mail list logo
