Hey guys, wanted to let you know that we have released a free
vulnerability assessment tool for the critical, and potentially
wormable, MS06-040 vulnerability. This free tool can be used to scan
networks for any potentially vulnerable machines. This tool does not
require administrator access to mac
On 8/10/06, NTR <[EMAIL PROTECTED]> wrote:
Hi All,
I am trying analyze NNTP traffic and i have created a profile for NNTP
protocol. It's a kind of NNTP protocol anomaly detection.
I have also observed some time Yahoo Instant Messenger uses NNTP
port. Though it is using NNTP port the format is
[It seems to me that this may be a global, not UK-specific
vulnerability which probably affects all of the world's 1 billion
mobile phones (just a guess) on each of the world's carriers. My
question is, what are the vendors doing about it? The usefulness of
their technology is undermined if it can
Hi All,
I am trying analyze NNTP traffic and i have created a profile for NNTP
protocol. It's a kind of NNTP protocol anomaly detection.
I have also observed some time Yahoo Instant Messenger uses NNTP
port. Though it is using NNTP port the format is quite different
from NNTP protocol. It is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1149-1[EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 10th, 2006
Hello,
I am wondering if someone can point me in the right direction. We are
currently evaluating our bandwidth policy and are finding the need to
dig deeper in our network traffic to find out what the current bandwidth
is being used for.
We have used different tools in the past, NTOP for e
On Wed, 09 Aug 2006 13:45:08 CDT, Matt Davis said:
> Thanks. What threw me for a loop was that I consider CANVAS et. al.
> to be security tools... not hacker tools.
Same thing. Just wear a different color hat when you hit 'enter'.
pgpMnkUdmxJGx.pgp
Description: PGP signature
_
That "one other tool" would be Core IMPACT (I guess it's ok to talk about
commercial security tools on this list, right?)
Anyway, we made our MS06-040 exploit available to all of our customers
within a few hours of the patch release. It is not a PoC but a
commercial-grade exploit that has been doc
(This was sent in reponse to a mass email sent out by Joe - even though me
and him have had nothing to do with each other for a *long*, LONG, time.
---
Joe -
If you check your records, you'll see that I contributed to y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Sec!
On Wed, 9 Aug 2006, Sec Bas wrote:
> I was thinking about doing this with Dynamic
> DNS and using rsync to replicate changes.
Dynamic DNS will not provide the response you are looking for. Many
browsers cache DNS for 30 mins or more regardl
Hi
I'm setting up a redundant server. Both servers are connected to the
Internet in different data centers. My needs are to have one of the
servers mirroring the another one, with traffic going to one of them,
and, when the active server goes down, traffic should be temporarly
sent to the other s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1148-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
August 9th, 2006
###
Luigi Auriemma
Application: OpenMPT (aka MODPlug Tracker)
http://modplug.sourceforge.net
http://www.modplug.com
libmodplug
http://mo
Denial Of Service on Chat Magma Latinchat
http://www.latinchat.com
Researcher: Vicente Perez
1.-Overview
Latinchat is one of the most known chat server, and used basically by
latin american people.
2.-Description
This system has a vulnerabily as DoS, taking system offline by a while.
The fail
###
Luigi Auriemma
Application: AlsaPlayer
http://www.alsaplayer.org
Versions: <= 0.99.76 and current CVS
Platforms:*nix and others
Bugs: A] buffer-overflow in reconnec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:140
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:139
http://www.mandriva.com/security/
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 1147-1[EMAIL PROTECTED]
http://www.debian.org/security/ Moritz Muehlenhoff
August 9th, 2006
Thanks. What threw me for a loop was that I consider CANVAS et. al.
to be security tools... not hacker tools. So, I wasn't thinking of
those applications when I read that.
I didn't see any mention of exploit code at the usual places.
On 8/9/06, H D Moore <[EMAIL PROTECTED]> wrote:
Core Impact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm not sure if "overnight" is correct - since we released it around
4pm EST into our Partner's program. This is something different from
CANVAS Professional in that it's more a program for large penetration
testing companies, government agencies, and
Core Impact and Canvas both have exploits out. Metasploit technically has
one, but it hasn't been completed/released yet.
-HD
On Wednesday 09 August 2006 13:10, Matt Davis wrote:
> Did I completely miss exploit code being released in the wild for that
> vulnerability?
__
Mehta was referring to a proof-of-concept exploit that is available for
Canvas and at least one other tool.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Davis
Sent: Wednesday, August 09, 2006 11:10 AM
To: full-disclosure@lists.grok.org.uk
Subject: [
Vulnerability Report
-
Vendor: Microsoft and ArcSoft
Product: PocketPC OS and MMS Composer
Version(s): MMS Composer: 1.5.5.6, 2.0.0.13 (possible others)
Platform: PocketPC (tested on: WinCE 4.2 and WinCE 4.21, possible
others)
Architectur
Just came across this on news.com regarding MS06-040 and homeland
security's response:
http://news.com.com/2100-7348_3-6103805.html?part=rss&tag=6103805&subj=news
"Overnight, popular hacker toolkits were updated with code that allows
researchers to check for the flaw and exploit it, said Neel Me
rPath Security Advisory: 2006-0150-1
Published: 2006-08-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
krb5=/[EMAIL PROTECTED]:devel//1/1.4.1-7.2-1
krb5-server=/[EMAIL PROTECTED]:devel//1/1.4.1-7.2-
The query http://www.google.сom/search?q=xscript+xss or
http://www.google.com/search?q=PTHeader+PTValue allows you to discover sites
scanned by XSpider (MaxPatrol). Perhaps other vulnerability scanners leave
their traces at Web servers. Time will show which exactly.
3uBi3u
Overflow.pl Security Advisory #6
Clam AntiVirus Win32-UPX Heap Overflow
Vendor: Clam AntiVirus
Affected version: Prior to 0.88.4
Vendor status: Fixed version released (0.88.4)
Author: Damian Put <[EMAIL PROTECTED]>
URL: http://www.overflow.pl/adv/clamav_upx_heap.txt
Date: 09.08.2006
1. Backgro
On Mon, 7 Aug 2006 10:58:09 -0700 [EMAIL PROTECTED] wrote:
> TippingPoint IPS customers have been protected against this
> vulnerability since July 26, 2006 by Digital Vaccine protection
> filter ID 4544.
Is it just me, or is it a really perverted idea to have a malware pattern
scanner protect co
http://www.gnucitizen.org/blog/xssing-the-lan-4
--
pdp (architect)
http://www.gnucitizen.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
===
Ubuntu Security Notice USN-333-1August 09, 2006
libwmf vulnerability
CVE-2006-3376
===
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
U
I need some contact at Netscape who can put me in touch with the
development/operations team (in particular, the team responsible for
the new security features in 8.1). Any suggestions?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.
Denial Of Service on Chat Magma Latinchat
http://www.latinchat.com
Researcher: Vicente Perez
1.-Overview
Latinchat is one of the most known chat server, and used basically by
latin american people.
2.-Description
This system has a vulnerabily as DoS, taking system offline by a while.
The
32 matches
Mail list logo