-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1070-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 21th, 2006
Oh my god, this is classic. A bunch of gray-hats arguing about physics.
Man, FD needs its own talk show or something.
Oh, and you spelled fuck wrong :)
donnydark wrote:
Hello Steve,
This whole discussion does not belong on this mailing list. HOWEVER,
you are so fvcking stupid it hurts:
On Sunday 21 May 2006 00:57, [EMAIL PROTECTED] wrote:
What is with the constant blank replies from this guy? Is he a
chink who doesn't know how to use email?
His replies are not blank, your mail client possibly has a bug in it which
does not show the first line of some signed emails.
Shouts to blackzero, alex, wY!, revoguard, bogus, wtfomg and all those
yankees
LOVE TO LISA :-)
genuine advisory by kcope/zeroday discovered by kcope!!! kingcope[at]gmx.net
public disclosure 21. May 2006
vendor was not notified (mail quota exceeded) fuck it
let's get to business
On Sat, 20 May 2006, donnydark wrote:
Hello Steve,
This whole discussion does not belong on this mailing list. HOWEVER,
you are so fvcking stupid it hurts:
Furthermore, you have a logical fallacy in your argument, because you
are insisting that a controlled demolition collapse would be
Microsoft Explorer (iexplore.exe) calls CreateProcess() with
lpApplicationName = NULL. Instead, the lpCommandLine variable is used.
Unfortunateally, if the lpCommandLine variable is not quoted properly, the
function will attempt to loadexecute multiple other applications in
the following fashion:
Five Ways to Screw Up SSL
SSL is a wonderful protocol, but it is frequently used
badly. This note is intended to point out some of the more
common errors made by applications using SSL.
This checklist should be useful for application developers,
system administrators, and the occasional
That's a well known issue and is documented at http://msdn.microsoft.com/library/default.asp?url=""
Andres tarasco2006/5/21, Charles Morris [EMAIL PROTECTED]:
Microsoft Explorer (iexplore.exe) calls CreateProcess() withlpApplicationName = NULL. Instead, the lpCommandLine variable is
On Sun, 21 May 2006, Ginsu Rabbit wrote:
You claim that this is a practical checklist for five very common problems
with SSL deployments... but to me, they seem to be arbitrarily chosen,
partly inaccurate (see #3), and otherwise very much random.
SSL Mistake #1 - Trusting too many Certificate
--On May 20, 2006 10:10:29 PM -0700 donnydark [EMAIL PROTECTED] wrote:
The next time you have a zeroday remote, don't you dare publish it
instead use it against this murderous asssucking piece of sh1t
government, which MURDERED thousands of US citizens with bullsh1t
smoke and mirrors, just to
I understand that this issue is known, however different applications run CreateProcess in different ways,
some use the lpApplicationName variable and some use lpCommandLine properly. My point is however that
the explorer program itself does not do this properly, and that anyone using explorer
___
XAMPP - Multiple Priviledge Escalation and Rogue Autostart
___
Ref : TZO-072006-Xampp
Author : Thierry Zoller
WWW :
My point is however that
the explorer program itself does not do this properly, and that anyone using explorer or Internet explorer,
is vulnerable to attack from the web through at least telnet:// links.
Well you are assuming that the user already has a backdoor application named c:\telnet.exe
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Dear Andres Tarasco,
I can see only one real attack scenario, unprivileged access to a Windows with FAT file system or incorrect acls
that allows you to store c:\telnet.exe file. Anyway under that scenario , you should be able to trigger better attacks ;-)
Windows 2000 per default allows
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200605-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1069-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze, Dann Frazier
May 20th, 2006
I have released PBNJ 1.14 ( http://pbnj.sf.net )
PBNJ is a tool for running Nmap scans and diff'ing the results.
It is included in Backtrack http://www.remote-exploit.org/index.php/BackTrack
CHANGLOG for 1.14
* fixed bug that crashed PBNJ after scanning a machine with no ports
I traslly think we do. I mean what I was getting at, and this was so off
topic as to be out there, was the whole feeling one gets these days of
being in a Sally Cruishank, whose name I could never spell correctly,
video where at the end something really spooky does happen to someone. I
Charles Morris [EMAIL PROTECTED] wrote:
... iexplore.exe calls CreateProcess() [insecurely]. ...
Microsoft was notified, they told me it was a non issue ...
References I have to similar behaviour:
Useless tidbit [MS AntiSpyware, program.exe trick]
Michal Zalewski [EMAIL PROTECTED] wrote:
You claim that this is a practical checklist for five very common problems
with SSL deployments... but to me, they seem to be arbitrarily chosen,
partly inaccurate (see #3), and otherwise very much random.
Inaccurate? Not to my knowledge. Incomplete,
Large motel/hotel chain I recently acquired wants to sue previous company
who did their I.T. work for them as a customer's wifi connected machine
infected their network and caused loss of booking data thus money.
My question then is - if you have done the utmost to lock down your customer
but
yahoo hackers unite. yahoo is slowly but surely being taken over by a
bad element of yahoo employee. these employees are hired by each other
and fast tracked into sunnyvale. people say folks are vetted before
they are employed, although you can never have a check for social
background, the only
Hello Mi5, Mi6, Symantec
I have information regarding Yahoo
Reference:
http://groups.google.com/group/n3td3v/browse_thread/thread/7b60d3fbd0eb9a77/7d1f85fbe122fb29#7d1f85fbe122fb29
I used to be his friend but now he fell out with me, so I want to tell
everyone about him, because he's a yahoo
= Skype - URI Handler Command Switch Parsing
=
= Vendor Website:
= http://www.skype.com
=
= Affected Version:
= Skype for Windows:
= All releases prior to and including 2.0.*.104
= Release 2.5.*.0 to and including
On 5/21/06, Greg [EMAIL PROTECTED] wrote:
Large motel/hotel chain I recently acquired wants to sue previous company
who did their I.T. work for them as a customer's wifi connected machine
infected their network and caused loss of booking data thus money.
Good thing I see you are in Australia,
--On May 22, 2006 8:05:47 AM +1000 Greg
[EMAIL PROTECTED] wrote:
Large motel/hotel chain I recently acquired wants to sue previous company
who did their I.T. work for them as a customer's wifi connected machine
infected their network and caused loss of booking data thus money.
My question
On 5/21/06, Ginsu Rabbit [EMAIL PROTECTED] wrote:
Stuff
The only thing that matters about SSL is the fact that it encrypts the
data. You can reduce your checklist to:
-
1: Make sure you use a good cipher |
I'm sick of lying for yahoo employees
I've gone on for 7 years lying for them
I want to tell the police everything I know
Someone off list tell me how to report this guy
The n3td3v group was a joint effort of yahoo and google employees
I want to hand them in now
Regards,
n3td3v
I fell out
yep, fd definately needs it's own tv show.
i'd watch it ...
On 5/22/06, n3td3v [EMAIL PROTECTED] wrote:
I'm sick of lying for yahoo employees
I've gone on for 7 years lying for them
I want to tell the police everything I know
Someone off list tell me how to report this guy
The n3td3v
On 5/22/06, Michael Silk [EMAIL PROTECTED] wrote:
yep, fd definately needs it's own tv show.
i'd watch it ...
You think this is a joke? n3td3v was never a joke, but everyone on fd
treated it like one. We're the biggest group around of rogue employees
at major internet companies aka
Dear Dude VanWinkle,
DV Why would it matter who signed it? As long as the data is encrypted as
DV it travels over the internet, I am happy.
Why would it matter who signed it? I am happy to handle the ssl
handshake mitm for you. All your encrypted data is belong to me.
--
http://secdev.zoller.lu
They were carried out by Yahoo employees, this happened a few years ago now
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
They were carried out by Yahoo employees, this happened a few years ago
now
I'd go to my local police station with this too, but they'd ask me what the
fuck is an Akamai and why am I waking them for it.
___
Full-Disclosure - We believe in it.
For you own safety, you should ensure that they take you into witness
protection... and when you have your new personality, be careful NOT TO
POST TO ANY SECURITY LISTS!
This is not a game anymore.
Good luck!
n3td3v wrote:
I'm sick of lying for yahoo employees
I've gone on for 7 years lying
35 matches
Mail list logo