Oh no!!
That would mean he fully disclosed his passwords to full disclosure. Quick!
Yair! Danny! Change your passwords! The evil music has started playing.
-Steve
-Original Message-
From: Michal Zalewski [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 22, 2007 2:25 AM
To: Steve
In November of 2005, Matan Gillon discovered a vulnerability in Internet
Explorer in the way it handled the CSS import directive
(http://www.hacker.co.il/security/ie/css_import.html). He proved the
danger of the IE vulnerability by attacking Google Desktop.
This proof of concept proved a
Hi Andres,
We process and analyse phishing emails from several sources; the phish
emails themselves and phish sites are listed and the data is publicly
available on our website: http://phishery.internetdefence.net.
We also have a real-time monitor there of the phishing sites themselves;
so
Title: Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW
informaton leak
Author: 3APA3A, http://securityvulns.com
Affected: Microsoft Windows 2000,XP,2003,Vista
Exploitable:Yes
Type: Remote (from local network), authentication
Hi,
You told that as a workaround that we should never allow creation of more
secure folder in less secure ones.
I agree but, as i see.., that means that also allowing the Bypass traverse
checking policy is also a bad idea.
Anyway, there are several scenarios where we could not protect us
Dear Andres Tarasco,
Agree, but actually, I mean to store sensitive data in different
location (different network share).
There will be one more advisory, it will demonstrate symlink-like
attacks on Windows. In the same advisory I plan to discuss problem of
secure data in
This vulnerability is cute but not very useful mainly because a lot of
social engineering is required.
However, here is an interesting thought for you: instead of asking the
user into bookmarking a page you can supply the bookmark directly to
their browser by using Live Bookmarks. So, a
Hi
I was asked to forward this to the list...
Cheers
- John
[full disclosure] Linux generic devices / pam.console problem
[EMAIL PROTECTED], 5.2.2007
modified +details disclosed 21.2.2007
May be distributed without charge for the purpose of alerting people.
I hope the information will be
On Thu, 22 Feb 2007, pdp (architect) wrote:
This vulnerability is cute but not very useful mainly because a lot of
social engineering is required.
Well, very little trickery is required - having a person bookmark an
interesting page and then reopen it later on, while the browser is still
on
On 2/19/07, Juergen Fiedler [EMAIL PROTECTED] wrote:
you can't readily get to the source
code for the form action because it is done in some sort of server
side scripting (CGI, PHP, ASP, whatever...) that can't readily be
viewed from the client side.
Can't readily be viewed BUT that part is
Hi List,
I am looking for some information on 802.1q vlan packets.i recently
seen some captures in which the protocol type in their ethernet
header is 802.1q (some googling gave me the packet structure) bellow
that sometimes ppp strcutres comes and some times it doesn't come.my
question is why
it becomes a matter of time before another vector of exploit (either
through the browser or web application) allows similar access.
There are already plenty out there for exploiting GDS, just that they are
not disclosed.
I found a similar one nearly a year ago where one can retrieve the
On Thu, 22 Feb 2007, Florian Weimer wrote:
This is the first time I read about the forced window title change. I
hadn't noticed it earlier. Do you think this is a good enough security
indicator (or indicator of origin, to be more precise)?
This is quite inadequate as far as protecting
VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability
iDefense Security Advisory 02.22.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 22, 2007
I. BACKGROUND
The ConfigChk ActiveX Control is part of VeriSign Inc.'s MPKI, Secure
Messaging for Microsoft Exchange and Go
IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability
iDefense Security Advisory 02.22.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 22, 2007
I. BACKGROUND
IBM Corp.'s DB2 Universal Database product is a large database server
product commonly used for higher end
was not this part of the pharming attack that was exucted over the last 2d ?
On 2/21/07, James Matthews [EMAIL PROTECTED] wrote:
Yes yes! They will make sure of course however the dumb person that falls
for it thinks hey look Bank Of America can't spell heheheh
On 2/21/07, James Rankin [EMAIL
IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities
iDefense Security Advisory 02.22.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 22, 2007
I. BACKGROUND
IBM Corp.'s DB2 Universal Database product is a large database server
product commonly used for higher
There is a cool combination-type vulnerability in MSIE7 that allows the
attacker to:
a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left
by normal means (this is a known brain-damaged design of onUnload
Javascript handlers),
b) Spoof transitions between pages
While researching my previous report on MSIE7 browser entrapment, I
noticed that Firefox is susceptible to a pretty nasty, and apparently
easily exploitable memory corruption vulnerability. When a location
transition occurs and the structure of a document is modified from within
onUnload event
Michal Zalewski wrote:
Firefox isn't outright vulnerable to this problem, but judging from its
behavior, it is likely to be susceptible to a variant of this bug (it
exhibits the same behavior, but we end up with a corrupted page instead);
Will you give Opera some love, too? Opera has always
pdp (architect) wrote:
However, here is an interesting thought for you: instead of asking the
user into bookmarking a page you can supply the bookmark directly to
their browser by using Live Bookmarks. So, a mainstream attack will be
when a SPLOG network injects malicious links into their
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2007:048
http://www.mandriva.com/security/
22 matches
Mail list logo