-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1040-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
April 24th, 2006
On Sun, Apr 23, 2006 at 01:48:45AM -0700, Andrew A wrote:
Tor does not give an x-forward-for.
some isps make transparent proxying mainly via squid.
probably an exit node in such an isp may give proxy headers.
--
where do you want bill gates to go today?
EOM
junk
On Sun, 23 Apr 2006, Paul Nickerson wrote:
I don't approve of your disclosure practices, Mr. Zalewski
Then follow your own, Paul.
/mz
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Dear Georgi Guninski,
There are multiple ways to detect proxy without x-forwarded-for header.
Just few:
Application level:
1. Changed HTTP protocol. Some browsers, including IE, use HTTP 1.1
with direct connection and HTTP 1.0 for proxy.
2. Changed request headers in browser (example is
===
Ubuntu Security Notice USN-272-1 April 24, 2006
cyrus-sasl2 vulnerability
CVE-2006-1721
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
I don't know how it works at other universities but an email to the
president of the university normally gets the appropriate attention. Or
give the president's office a call. They would take this very seriously.
I can't believe it is this difficult to report such a vulnerable situation.
On
On Sun, 2006-04-23 at 18:45 -0500, Paul Schmehl wrote:
Depending upon which Dean you're referring to, this could little to no good
at all. The Dean might even think there's nothing wrong with SSNs being
exposed.
In that case you could cite some *very* recent precedent on the matter:
Apple Mac OS X Safari 2.0.3 Vulnerability
=
Release Date:
April 23th, 2006
Vendor:
Apple Computer Inc.
Tested on:
iBook G4 1.2 GHz with Mac OS X 10.4.5 (Build 8H14) + all Updates from
Apple except 10.4.6 Update
iBook G4 1.33 GHz with Mac OS X 10.4.6
CrYpTiC MauleR wrote:
Already 2 school breaches on the news this week and my school will soon be
added to the ever growing list, is this a trend? I mean how hard is it to
protect some data. Allocate all the sensitive data on a select few servers and
harden the hell out of them. Do these
Where do you think all these Bot-nets are coming from? They can't all
be businesses. Some of the biggest bot-nets out there are made of
schools.
per-capita, you'll find more at Comcast, et.al. -- but you just happen
to notice one from a school since we have loads of bandwidth and few
The ball is now moving so wont be long before school has to come out about it
and the problems are fixed. Frustrating its taking so long, but eh so far no
one AFAIK is exploting it or maybe I'm wrong, but better for it to be 1 person
out there than having whole world know and try it out
On a serious note: personal experience has led me to believe many people in
charge lack the fundemental knowledge on information security. Also, many of
them probably think if the problem is ignored it will go away or it will be
dealt with accordingly. There are so many implications in dealing
Already 2 school breaches on the news this week and my
school will soon be added to the ever growing list, is
this a trend? I mean how hard is it to protect some data.
Allocate all the sensitive data on a select few servers
and harden the hell out of them. Do these schools have
info
Perhaps not surprisingly, there appears to be a vulnerability in
how
Microsoft Internet Explorer handles (or fails to handle) certain
combinations of nested OBJECT tags. This was tested with MSIE
6.0.2900.2180.xpsp.040806-1825 and mshtml.dll 6.00.2900.2873
xpsp_sp2_gdr.060322-1613.
At
I am asking questions not trying to get attention as you falsely seem to
perceive. It seems as if you are the one trying to flame and gather attention.
Unless you can answer any of my questions please don't direct any posts at me,
its of not beneficial use to me or anyone else. Also no, I do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:074
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/
Yay!!! The school finally called back and I got to talk to the guy in charge of
maintaining the site. Him and his colleagues have fixed the hole and will also
be auditing the site and checking to see if any breaches have occurred. I will
not disclose the school's name yet until that is taken
I also remember LSD pesters Microsoft and they were rapidly sold out.
I knew those guys were on something when they created Windows!!! They
had Dealers sell out of LSD ROFLMAO
Sol.
___
Full-Disclosure - We believe in it.
Charter:
Vendor:
Google Inc (GOOG)
Service:
Groups
Description:
Google has an archive of Usenet since 1981 on its network. However,
Google decided to build a new Groups interface known as Google Groups
2 or GG2 for short.
Issue:
This is a test group.
n3td3v broke this group by exploiting the way
___
Rapid7, LLC Security Advisory
___
Rapid7 Advisory R7-0021
Symantec Scan Engine Authentication Fundamental Design Error
Published:
___
Rapid7, LLC Security Advisory
___
Rapid7 Advisory R7-0022
Symantec Scan Engine Known Immutable DSA Private Key
Published: April 21,
CrYpTiC MauleR wrote:
Yay!!! The school finally called back and I got to talk to the guy in
charge of maintaining the site. Him and his colleagues have fixed the hole
and will also be auditing the site and checking to see if any breaches have
occurred. I will not disclose the school's
On Mon, 24 Apr 2006 15:34:01 CDT, CrYpTiC MauleR said:
Already 2 school breaches on the news this week and my school will soon be
added to the ever growing list, is this a trend?
What makes you think that things are any better in the governmental or
commercial
sectors?
pgpm392WtlWeB.pgp
It appears the world can now switch to the new Yahoo Mail Beta by
visiting http://uk.f330.mail.yahoo.com/dc/beta_welcome
The new AJAX interface is ment to be restricted, but this link shows
how easy it is for anyone and everyone to switch over to the new Yahoo
Mail Beta. I haven't seen anyone post
28 matches
Mail list logo