[Full-disclosure] Proxy Aware trojans/ payloads

I'm working on implementing rootkitting/ trojans/ Browser exploits into my Phishing attacks... I have noticed how easy it is to get users to give up credentials but sometimes this only provides access to OWA for example...( if that is the only resource available ) The network I'm looking at no

[Full-disclosure] [ GLSA 200606-01 ] Opera: Buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200606-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[Full-disclosure] why do I get this mail

Why am I (reply-to: [EMAIL PROTECTED] rather than the lists generally) getting hushmail ads via this list: On Mon, 2006-03-13 at 21:26 -0800, [EMAIL PROTECTED] wrote: > It is possible to make [dave] aitel suck cocks for little to no > > money. > > > I attempt replicate vulnerability but condit

Re: [Full-disclosure] Advisory - D-Link Access Point

On 06 Jun 06, at 18:10, news wrote: INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORYhttp:// www.intruders.com.br/http://www.intruders.org.br/ADVISORY/0206 - D- Link Wireless Access-Point (DWL-2100ap)PRIORITY: HIGHI - INTRUDERS:Intruders Tiger Team Security is a project entai

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

On 6/6/06, John Sprocket wrote: hehe. look at it metaphorically (like guest inside establishment) you're head of security at a casino you monitor a specific area full of people/users. you have your normal people you can see and possibly identify if you so care. there's a group of people that wal

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

John Sprocket wrote: hehe. look at it metaphorically (like guest inside establishment) you're head of security at a casino you monitor a specific area full of people/users. you have your normal people you can see and possibly identify if you so care. there's a group of people that walk in and ar

[Full-disclosure] Advisory - D-Link Access Point

INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORYhttp://www.intruders.com.br/http://www.intruders.org.br/ADVISORY/0206 - D-Link Wireless Access-Point (DWL-2100ap)PRIORITY: HIGHI - INTRUDERS:Intruders Tiger Team Security is a project entailed with Security Open Source (http://www.s

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

hehe. look at it metaphorically (like guest inside establishment)you're head of security at a casino you monitor a specific area full of people/users.you have your normal people you can see and possibly identify if you so care. there's a group of people that walk in and are wearing clothing that is

[Full-disclosure] [HV-LOW] Microsoft NetMeeting memory corruption (Brief)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Microsoft NetMeeting memory corruption (Brief) Classification: === Level: [LOW]-med-high-crit ID: HEXVIEW*2006*06*06*01 URL: http://www.hexview.com/docs/20060606-1.txt Overview: = Microsoft NetMeeting is an application that

[Full-disclosure] [FLSA-2006:190941] Updated ipsec-tools package fixes security issue

- Fedora Legacy Update Advisory Synopsis: Updated ipsec-tools package fixes security issue Advisory ID: FLSA:190941 Issue date:2006-06-06 Product: Fedora Core Keywords: Bugf

[Full-disclosure] [FLSA-2006:190884] Updated squirrelmail package fixes security issues

- Fedora Legacy Update Advisory Synopsis: Updated squirrelmail package fixes security issues Advisory ID: FLSA:190884 Issue date:2006-06-06 Product: Red Hat Linux, Fedora Core Keywor

[Full-disclosure] [FLSA-2006:190777] Updated X.org packages fix security issue

- Fedora Legacy Update Advisory Synopsis: Updated X.org packages fix security issue Advisory ID: FLSA:190777 Issue date:2006-06-06 Product: Fedora Core Keywords: Bugfix CVE

[Full-disclosure] [FLSA-2006:189137-2] Updated firefox package fixes security issues

- Fedora Legacy Update Advisory Synopsis: Updated firefox package fixes security issues Advisory ID:FLSA:189137-2 Issue date: 2006-06-06 Product:Fedora Core Keywords: Bugfix, Security CVE

[Full-disclosure] [FLSA-2006:189137-1] Updated mozilla packages fix security issues

- Fedora Legacy Update Advisory Synopsis: Updated mozilla packages fix security issues Advisory ID:FLSA:189137-1 Issue date: 2006-06-06 Product:Red Hat Linux, Fedora Core Keywords: Bugfix

[Full-disclosure] SANS on-duty 'cock handlers'

n3td3v: Those SANS on duty handlers are funny tho   n3td3v: They write up little paragraphs on the SANS org website based on whats on the 'mailing lists'   Lemos: Do you like SANS   n3td3v: No they suck ass   Lemos: Whos your fav cock handler   n3td3v: Its got to be Seltzer   Lemos: Why?   n3td3v:

[Full-disclosure] WH'06 Call for papers

# # Call for papers - White Hack 06 # La Campana - Spain # Date: 18, 19 & 20 - August 06 # mail: info_at_whitehack.com # Call for papers # II White Hack 2006 - CALL FOR PAPERS Security congress "White Hack" will

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

On Tue, 06 Jun 2006 10:34:18 EDT, John Sprocket said: > being ./hacked-with-latest-php-bug. in my opinion, i feel it's this user is > visiting a host > anonymously. meaning he's got something to hide. Or maybe he just thinks that it's none of your damned business who he is, and is taking a stand o

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

well, let's look at it like this. in my opinion it seems moreso not being in fear of bugs andbeing ./hacked-with-latest-php-bug. in my opinion, i feel it's this user is visiting a hostanonymously. meaning he's got something to hide. if someone is a guest inside my establishment and they have someth

Re: [Full-disclosure] Wireless access points

They aren't always accurate. Our load balancer gets ID'd as a D-Link WAP every time it's scanned. The idiots call us and tell us we have a WAP in our network every month. Same scan tool, same idiots, same IP. The scanners are a great tool, but you need to use them intelligently and take it all with

Re: [Full-disclosure] Is your security 6/6/6 ready?

Quote=n3td3v Two days to go until the big day, but is your security 6/6/6 ready? So more scaremongering? Its stuff like this that makes management run around daft, when really - what is the threat? We're no more or less secure than we were on 4/6/6 so whats the difference? Maybe some people sp

Re[2]: [Full-disclosure] n3td3v bashers on FD

> I found that word on the dictionary: schizophrenia > Ok, guys. Don't hide his pills again, right? > n3td3v escribio: >> We're the biggest security group around, theres nothing you can say to >> change that. We are professionals who work at the major dot-coms and >> earn all the money, you peopl

Re: [Full-disclosure] n3td3v bashers on FD

I found that word on the dictionary: schizophrenia Ok, guys. Don't hide his pills again, right? n3td3v escribió: > We're the biggest security group around, theres nothing you can say to > change that. We are professionals who work at the major dot-coms and > earn all the money, you people are jus

Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.

There is one simple (from management's point of view) way to solve this issue. DEFAULT DENY and monitor everything else. That way whenever someone uses a legitimate path for something not legit, it will be caught. Why do you think they posted guards at the gates of old castles? Create the

[Full-disclosure] [SECURITY] [DSA 1090-1] New spamassassin packages fix remote command execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 1090-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze June 6th, 2006

RE: [Full-disclosure] Google blocked in China?

The Google API release conincided nicely with China's censorship. You can work it out ;) Thanks Google! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tonnerre Lombard Sent: 06 June 2006 08:28 To: Alice Bryson Cc: full-disclosure@lists.grok.org.uk Subjec

Re: [Full-disclosure] scanning

Illegal or not may depend on local law. but vulnerability scan is dangerous, it has some protential DoS possibility, even if the scanner is configured as a safety-scan. So, make sure you will not be catched. 2006/6/2, Nightfall Nightfall <[EMAIL PROTECTED]>: Is it illegal if I perform a vulnerab

Re: [Full-disclosure] Google blocked in China?

Salut, On Tue, 2006-06-06 at 15:20 +0800, Alice Bryson wrote: > http://www.Google.com can not access these days in China? Is > google's problem or other thing? Is there anyone know why? Google.com has always been blocked in the chinese address range. There is however a special website of Goo

[Full-disclosure] Google blocked in China?

hi http://www.Google.com can not access these days in China? Is google's problem or other thing? Is there anyone know why? -- Homepage: http://www.lwang.org mailto:[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok

[Full-disclosure] Re: Multiple Vendor NTFS Data Stream Malware Stealth Technique

Hi, besides the fact that it is always a good idea to notify vendors which might be affected *in advance* before releasing information like this, it's indeed nothing new. You can find a more comprehensive review of AV products here: This list shou