(some stuff edited out)
... 2003 sales just isn't picking up..
yeah, and we have all this 2K legacy systems out there, gotta
convince them somehow...
what about that plug and play stuff the boys at the lab picked
apart a few moths back?
(minor technical stuff edited out)
yeah sure, we could leak
On Fri, 12 Aug 2005, Steve Friedl wrote:
> On Sat, Aug 13, 2005 at 04:49:45AM +, Jason Coombs wrote:
> > Anyone presumptuous enough to arbitrarily define technical terms without
> > considerable careful thought and then publish the arbitrary text and call
> > it a 'dictionary' should be shot.
On Sat, Aug 13, 2005 at 04:49:45AM +, Jason Coombs wrote:
> Anyone presumptuous enough to arbitrarily define technical terms without
> considerable careful thought and then publish the arbitrary text and call
> it a 'dictionary' should be shot.
Might it not be a bit more tolerant of other view
J.A. Terranson wrote:
> SANS is a for profit corp.,
> and was run as such even when
> they were playing possum as a
> non-profit.
> They are *not* a "disinterested
> third party" any more than the
> anti-virus firms are - and not
> many people would use *them*
> as an authoritative reference
To dr
On Sat, 13 Aug 2005, Fergie (Paul Ferguson) wrote:
> ...and let me remind you, Mr. Terranson, that the majority
> of information that originates from SANS (primarily from the
> ISC Daily Handlers Diary, and DSHield.org), is far more
> substantive that the juvenile B.S. that goes on in this
> foru
...and let me remind you, Mr. Terranson, that the majority
of information that originates from SANS (primarily from the
ISC Daily Handlers Diary, and DSHield.org), is far more
substantive that the juvenile B.S. that goes on in this
forum most of the time.
But, of course, you knew that already, rig
Yeah, this is a late, late, *late* posting - I opened it last for some
reason. Shoot me.
On Wed, 10 Aug 2005, Erik Kamerling wrote:
> Copied from the SANS Glossary of Terms Used in Security and Intrusion
> Detection.
>
> http://www.sans.org/resources/glossary.php
While I realize that this is n
Jason Coombs wrote:
> So, what's the password?
You mean your mad skillz with Google aren't up to finding what I
located thus in less than two minutes?
Regards,
Nick FitzGerald
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.u
So, what's the password?
-Original Message-
From: CERT Advisory
Date: Fri, 12 Aug 2005 18:16:36
To:cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA05-224A -- VERITAS Backup
Exec Uses Hard-Coded Authentication Credentials
-BEGIN PGP SIGNED MESSAGE-
Hash
Nice work KF.
/str0ke
On 8/12/05, Adam Laurie <[EMAIL PROTECTED]> wrote:
> KF (lists) wrote:
> > Adam Laurie wrote:
> >
> >>
> >> Excuse me? You are skipping over the only important bit of your
> >> "disclosure"!
> >
> >
> > When did I claim this was a "disclosure", this was simply some notes
> >
Adam Laurie wrote:
My apologies - I took the posting to "full-disclosure" too
literally... You are right - background info is also useful for those
that are starting to get into this (rich) field of research...
No worries.
Boat loads of theoretical papers and over used paragraphs from exist
KF (lists) wrote:
Adam Laurie wrote:
Excuse me? You are skipping over the only important bit of your
"disclosure"!
When did I claim this was a "disclosure", this was simply some notes
that I have jotted down while messing around with bluetooth link keys. I
was not "disclosing" and new v
FYI,
a new version is already available and a proposed workaround is described
at the end of the advisory.
Peter
URLs for this document:
ftp://ftp.aerasec.de/pub/advisories/kav4unix/kav4unix-local-root-exploit.txt
(TXT)
(P) & (C) 2005 AERAsec Network Services and Security GmbH
T
Adam Laurie wrote:
Excuse me? You are skipping over the only important bit of your
"disclosure"!
When did I claim this was a "disclosure", this was simply some notes
that I have jotted down while messing around with bluetooth link keys. I
was not "disclosing" and new vulnerabilities, I am
Dear MaMF,
AL> Excuse me? You are skipping over the only important bit of your
AL> "disclosure"! Since getting the key is the only remotely difficult part,
AL> you need to address that or you've got nothing of interest...
Actually he does have something of interest, at least for me. Not
everybod
KF (lists) wrote:
Enjoy...
Theft of Bluetooth Link Keys for Fun and Profit?
kf[at]digitalmunition[dot]com
http://www.digitalmunition.com/TheftOfLinkKey.txt
In essence two thin
Updated to add additional version & exploit details. Reps to Crime Dog
Vulnerable Versions:
Nortel Contivity VPN Client V05_01.100
Patches/Workarounds:
Good question
Exploit:
1. With the Contivity client open click go into "Group
Authentication Options"
2. Select "Challenge Response Token" op
Hi. Sorry for the delay in my response.
Jason/Steven, I'd highly recommend this or other products like it. It's quite affordable and very easy to get running (although they need to create more documentation).
We've been using the new version of nSight for approximately 2 months now and it's been qu
===
Ubuntu Security Notice USN-168-1August 12, 2005
gaim vulnerabilities
CAN-2005-2102, CAN-2005-2103, CAN-2005-2370
===
A security issue affects the following Ubuntu release
> Jason Coombs
> [EMAIL PROTECTED]
>
> "A Trojan is malicious code that gives an attacker future unauthorized access
> to a computer or its data. Nobody with common sense refers to spyware as
> Trojans."
No it's not, a trojan horse is something bad disguised as something
good, and that's all th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 774-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 12th, 2005
On Fri, Aug 12, 2005 at 11:30:56AM +0200, Christian Khark Lauf wrote:
> ... running on the system, it will notify users that they are running
> non-genuine Windows, and will not allow genuine Windows downloads for
> that system. Users of WINE should consult the WINE community for WINE
> updates. .
On Fri, Aug 12, 2005 at 11:30:56AM +0200, Christian Khark Lauf wrote:
> Hello,
>
> Javi Polo wrote:
>
> > On Aug/11/2005, Scott Edwards wrote:
>
> >>That's right, you're thinking no way. Wine [http://www.winehq.org]
> >>not only runs the validation download, but it also produces a proper
> >>va
Hello,
Javi Polo wrote:
> On Aug/11/2005, Scott Edwards wrote:
>>That's right, you're thinking no way. Wine [http://www.winehq.org]
>>not only runs the validation download, but it also produces a proper
>>validation key. I discovered this weeks ago, but didn't see anyone
>>else mention it yet.
SQL Injection Vulnerabilities in MyBB RC 4 (+Security Patch)
Vendor: MyBB Group
Version: MyBulletinBoard 1.00 RC4+ Security Patch
Risk: High if magic_quotes_gpc = Off
URL: http://www.mybboard.com
**
"MyB
Product description: Claroline (http://www.claroline.net) is a free
application based on PHP /MySQL. It's a collaborative learning environment
allowing teachers or education institutions to create and administer courses
through the web.
Vulnerability: Claroline 1.6.1 is vulnerable to multip
On Aug/11/2005, Scott Edwards wrote:
> That's right, you're thinking no way. Wine [http://www.winehq.org]
> not only runs the validation download, but it also produces a proper
> validation key. I discovered this weeks ago, but didn't see anyone
> else mention it yet.
http://forums.bit-tech.net
27 matches
Mail list logo