Hi
[MSG] Metaeye Security Group has released new project
zmbscap.
For more details
Check : http://www.metaeye.org
Regards
[MSG]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Yes folks, it's that time of the month again... Meet will be in
Hammersmith, Wednesday 21st February, 2007 at 19:30
At the Charing Cross Sports Club.
Map:
http://www.multimap.com/map/browse.cgi?lat=51.4857lon=-0.2194scale=5000icon=x
On the talk schedule so far we have Zac showing some new
On Thu, Feb 15, 2007 at 11:13:39PM -0300, Andres Riancho wrote:
Hi,
For a research i'm doing I need a somehow big(around 100 would be
nice...) amount of phishing sites html code . I have googled for them but
I only get a lot of screenshots of those sites, not the actual code.
From: Michal Zalewski [mailto:[EMAIL PROTECTED]
Sent: Friday, 16 February, 2007 17:51
To: bugtraq@securityfocus.com
Cc: full-disclosure@lists.grok.org.uk
Firefox suffers from a design flaw that can be used to confuse casual
users and evoke a false sense of authority when visiting a
Juergen Fiedler to Andres Riancho:
For a research i'm doing I need a somehow big(around 100 would be
nice...) amount of phishing sites html code .
What kind of research?
Where? Under whose/what's guidance?
Seems unlikley to me that you would have both a genuine need for
ahoy,
a friend of mine contacted me because he saw lots of emails (60) to
[EMAIL PROTECTED] starting at about 5:00 am (US east coast
time).
so i checked our company's log files (about 300 users) and saw the same
here starting at about 10:45am CET, ending at about 6pm, and about 40
emails of this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am curious as to how one automatically logs on?
1. Internet Explorer disallows username:[EMAIL PROTECTED]://192.168.1.0
2. Opera has a very clear warning that you are logging on
3. Firefox has a very clear warning that you are logging on
Are there
On Mon, 19 Feb 2007, Timo Schoeler wrote:
[EMAIL PROTECTED]
[...]
is this a new worm spreading or something already known?
More like a spambot probe of some sorts.
http://groups.google.com/groups?hl=enq=catchthismail
___
Full-Disclosure - We
Hello 3APA3A,
Sorry for the delay in reporting the status of this case. The test teams have
concluded their investigations and we have determined that this would fall into
a next version type of fix. This has already been fixed in Vista and since
this is more of a tampering scenario rather
Here is a short analysis of the passwords chosen by myspace users,
that some guy has phished a few weeks ago.
The analysis is based on a list of 36700 user passwords. The
original file contained 56000+ lines, but I removed the blank passwords
and those that were 20+ characters length,
*Microsoft Internet Explorer Local File Accesses Vulnerability*
#
XDisclose Advisory: XD100099
Vulnerability Discovered : February 10th 07
Advisory Released : February 20th 07
Credit :
FYI, Bruce Schneier ran some similar analyses:
http://www.schneier.com/blog/archives/2006/12/realworld_passw.html
We used to quip that password is the most common password. Now it's
password1. Who said users haven't learned anything about security?
--
Todd Troxell
http://rapidpacket.com/~xtat
In epistula a Michal Zalewski [EMAIL PROTECTED] die horaque Mon,
19 Feb 2007 22:17:43 +0100 (CET):
On Mon, 19 Feb 2007, Timo Schoeler wrote:
[EMAIL PROTECTED]
[...]
is this a new worm spreading or something already known?
More like a spambot probe of some sorts.
On 19 Feb 07, at 09:54, [EMAIL PROTECTED] wrote:
I am curious as to how one automatically logs on?
Memorized passwords.
Also, if a password is required for a subsidiary resource, the
browser will ask the user for it. In IE, at least, a sequence like
the one I describe below will pop up a
In epistula a Michal Zalewski [EMAIL PROTECTED] die horaque Mon,
19 Feb 2007 22:17:43 +0100 (CET):
On Mon, 19 Feb 2007, Timo Schoeler wrote:
[EMAIL PROTECTED]
[...]
is this a new worm spreading or something already known?
More like a spambot probe of some sorts.
On Tue, 20 Feb 2007, Rajesh Sethumadhavan wrote:
Microsoft Internet Explorer is a default browser bundled with all
versions of Microsoft Windows operating system.
Any luck with sending the data back to the attacker? SCRIPT and STYLE ones
can be used to steal data from very specifically
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:043
http://www.mandriva.com/security/
On 2/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I am curious as to how one automatically logs on?
There are several potential methods (depending on the victim's browser):
1) Older versions of Flash allow the spoofing of arbitrary http
headers [1] thus allowing the creation of attacker
Hello Rajesh,
Thanks very much for your report. I have opened case 7244 and the case manager,
kieron, will be in touch when there is more information. In the meantime, we
ask you respect responsible disclosure guidelines and not report this publicly
until users have an opportunity to protect
just asking... Is this std practice by vendor to state ???
[..] we ask you respect responsible disclosure guidelines and not report
this publicly
/pd
On 2/19/07, Michal Zalewski [EMAIL PROTECTED] wrote:
On Tue, 20 Feb 2007, Rajesh Sethumadhavan wrote:
Microsoft Internet Explorer is
Just look at any modern password cracking wordlist and you will see a bunch
of stupid things written there!
On 2/19/07, Todd Troxell [EMAIL PROTECTED] wrote:
FYI, Bruce Schneier ran some similar analyses:
http://www.schneier.com/blog/archives/2006/12/realworld_passw.html
We used to quip that
just wondering why cant simple perl script be used
instead??
Gaurang.
--- Martin Johns [EMAIL PROTECTED] wrote:
On 2/19/07, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
I am curious as to how one automatically logs
on?
There are several potential methods (depending on
the victim's
does perl run in your browser?
On 2/20/07, Gaurang Pandya [EMAIL PROTECTED] wrote:
just wondering why cant simple perl script be used
instead??
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
does perl run in your browser?
hmm...true..here server is not in control..thanks.
On 2/20/07, Gaurang Pandya [EMAIL PROTECTED]
wrote:
just wondering why cant simple perl script be used
instead??
On 19 Feb 07, at 20:36, Gaurang Pandya wrote:
just wondering why cant simple perl script be used
instead??
Because it's easy to write a web page to make a user run some Flash.
Making a user run Perl isn't so easy.
___
Full-Disclosure - We believe
--- Andrew Farmer [EMAIL PROTECTED] wrote:
On 19 Feb 07, at 20:36, Gaurang Pandya wrote:
just wondering why cant simple perl script be used
instead??
Because it's easy to write a web page to make a user
run some Flash.
Making a user run Perl isn't so easy.
I think just one question
26 matches
Mail list logo