May I be so rude as to ask who the hell cares about this subject. -
This is a full-disclosure list to discuss exploits, techniques. tricks
and share the odd ~/ dump, not a play politics about definitions
list and quite frankly, I don't want to a) get this crap in my inbox
b) read this crap in my
Hey Jason, you really have to make up your mind about whether the old definition is archaic and thus obsolete, or if we should be using the original definition from Homer. You can't keep flopping back and forth like you're running for a major political office.
A trojan is well-understood (by
Given the speed at which viruses can spread, daily (or more frequent)
pattern updates are a must.
As the virus attack vector is still mainly via email, you need to
rigorously scan all incoming emails at the perimeter (and block all
executables via email). We use MailScanner
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear list reader,
this morning I found to my complete surprise the following email in my inbox,
which sheds some light from a different angle on the whole ISS and Cisco
story:
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
FX,
I heard you have
Hi Laurent, hi iDEFENSE!
iDEFENSE Labs [2005-08-09 12:24 -0400]:
Shown as follows, the $url parameter contains unfiltered user-supplied
data that is used in a call to the Perl routine eval() on lines 4841
and 4842 of awstats.pl (version 6.4):
my
This experiment resulted in identifying a potential remote code
execution path in Microsoft Internet Explorer, plus some other bugs, and
should be a good starting point for further testing of other browsers or
similar programs.
Just for the reference, this is confirmed to be fixed by the
On 8/11/05, cranium pain [EMAIL PROTECTED] wrote:
May I be so rude as to ask who the hell cares about this subject.
Why ask if you are going to anyway? No, it's not polite to do so, as
it's presumtous, and thats worse.
This is a full-disclosure list to discuss exploits, techniques. tricks
and
Jason Coombs to Donald J. Ankney:
Your definition is just a subset of the standard, broader one.
Indeed, that is the case.
Had Jason spent a few seconds looking into the real history of the use
of the word, its current expert use and its slippery, moving from
year to year, common usage he
===
Ubuntu Security Notice USN-164-1August 11, 2005
netpbm-free vulnerability
CAN-2005-2471
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
How many of you are lawyers
back to what seemed to be the original point:
Data on a drive is just data, unless you can prove how it was created. And
generally the data in question can't prove itself, external factors have to be
considered.
--
*
Brian L.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sheesh, it's not rocket science, and some of you seem to think you
are historical linguists instead of security professionals.
Trojan Horse = Delivery Method
Greeks = Malacious Payload
The Trojen Horse could have contained plague-infected rats and
===
Ubuntu Security Notice USN-166-1August 11, 2005
evolution vulnerabilities
http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035922.html
CAN-2005-0806
===
A
===
Ubuntu Security Notice USN-165-1August 11, 2005
heartbeat vulnerability
CAN-2005-2231
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
On Wed, 10 Aug 2005, J.A. Terranson wrote:
Mr Mirabilis yesterday said he had received more than 100 inquiries
from motorists anxious to use the same defence. People have shown it
[the algorithm] has been hacked and it's open to viruses.
MD5 has viruses?!?!
7122cdcf85cef9500687fb0e5e08faa2
Now we have to worry with collisions and viruses while we speed ; )
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James
Longstreet
Sent: Thursday, August 11, 2005 9:32 AM
To: J.A. Terranson
Cc: Full-Disclosure
Subject: Re: [Full-disclosure] Motorist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:mozilla,MozillaFirefox,epiphany,galeon
Announcement ID:
FX wrote:
I leave the ethical aspects of this request by ISS for the consideration
of the inclined reader.
They have to collect exploits to write shell code for their IDS
products, otherwise they can't create signatures. I recall a similar
request and it included this piece of information.
[EMAIL PROTECTED]:~$
who runs the site?
I want access
You need to hack into it, obviously.
Wont have to hack just type your password and you are inside - now was that
difficult... ?
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
whitehat* shite ..., so please be so kind as to have a cup of shut the
fuck up.
I second it please discuss this offlist and don't put me or the list on CC
begin 666 smime.p7s
M,( 2J2(;W#0$'`J ,( `0$QS )[EMAIL PROTECTED]@,@4`,( 2J2(;W#0$'
M`0``H(()?3`P4P@@)NH ,`0(`P]$# [EMAIL
stopped opening any attachments they get that they don't know who they are
form and so on. As we all know the end user is the z factor in the whole
situation of choosing a good security product.
Norton is pretty good enough but I have installed clamav on winxp machines
It has a outlook plugin
Martin,
Apologies for the confusion, and thank you for bringing this to our
attention. The version information was slightly off in our original
advisory. The vulnerability does affect AWStats 6.4 and prior, and the flaw
has been addressed in AWStats 6.5.
The patch was introduced inadvertantly
* Matthew Murphy:
Let me just define responsible disclosure first of all, so as to
dissociate myself from the lunatic lawyers of certain corporations
(Cisco, HP, ISS, et al) who define responsible disclosure as
non-disclosure. The generally accepted definition of responsible
disclosure
Florian Weimer wrote:
The implicit message that other
disclosure processes were
irresponsible was invaluable.
Invaluable; adjective
'Valuable beyond estimation. Priceless.'
http://www.m-w.com/cgi-bin/dictionary?book=Dictionaryva=invaluable
You've got that right. It has proved invaluable to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 773-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 11th, 2005
Summary:
Privilege escalation in Network Associates ePolicy Orchestrator Agent
3.5.0 (patch 3) (http://www.nai.com/)
Details:
The ePolicy Orchestrator Agent web server (which runs on TCP port 8081
by default and serves the McAfee Agent Activity Log) can be used to
view files that exist on the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: xpdf
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: kdegraphics
Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: gpdf
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Update Advisory
___
Package name: cups
Advisory ID:
/*
Windows 2000 universal exploit for MS05-039
-\x6d\x35\x6c\x30\x6e\x6e\x79-
*/
#define WIN32_LEAN_AND_MEAN
#include windows.h
#include winnetwk.h
#include winsock.h
#include Rpc.h
#include wchar.h
#include stdio.h
#include stdlib.h
#pragma comment(lib, mpr)
#pragma comment(lib, Rpcrt4)
BYTE
Enjoy...
Theft of Bluetooth Link Keys for Fun and
Profit?
kf[at]digitalmunition[dot]com
http://www.digitalmunition.com/TheftOfLinkKey.txt
In essence two things are required to attack a
On Wed, 10 Aug 2005, Jason Coombs wrote:
Chuck Fullerton wrote:
A Trojan horse is a program that appears to have some useful or benign
purpose, but really masks some hidden malicious functionality.
A Backdoor is a program that allows attackers to bypass normal security
controls on a
Jason Coombs to J.A. Terranson:
The simple fact of the matter is that
what matters *IS* the definition,
and you full well know it. What
happened here is you slipped and
fell, and rather than admitting it
you're crying foul - shame on you!
I didn't disagree that the broader
The line of code detailed at
http://www.boingboing.net/2005/07/28/microsoft_genuine_ad.html
still works.
/rave
Catch ya
_
one step at a time...
Do you Yahoo!?
Messenger 7.0 beta: Free worldwide PC to PC
That's right, you're thinking no way. Wine [http://www.winehq.org]
not only runs the validation download, but it also produces a proper
validation key. I discovered this weeks ago, but didn't see anyone
else mention it yet.
Is this an implicit statement of Microsoft for wine? ;)
Enjoy.
Scott
35 matches
Mail list logo