8cm,
Are you getting free hand jobs from Muts? You better get an
Uncertified Unethical Hacker certification instead.
The Backtrack will definitely BLOW YOUR DICK!.
- LDA
On 3/12/08, [EMAIL PROTECTED] [EMAIL PROTECTED] ask for a blow:
I had to post this, this is actually my first post. You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Secure Access Control Server for
Windows User-Changeable Password
Vulnerabilities
Advisory ID: cisco-sa-20080312-ucp
http://www.cisco.com/warp/public/707/cisco-sa
I would like to inform you that securls.com is back online: Harder,
Better, Faster, Stronger!
http://www.securls.com
and it has videos...and you can also have your own premium page for a
small fee (that's for companies/organizations that are interested). We
will keep improving the service so
Hi to all,
Inguma version 0.0.7.2 has been released. In this version I have added
new modules and exploits, fixed many, many, many bugs as well as
enhancing existing modules, such as the Oracle related stuff.
PyShellcodelib has been enhanced as well and now supports Mac OS X. But,
for the
ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-009
March 12, 2008
-- CVE ID:
CVE-2008-1188
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
-- TippingPoint(TM) IPS Customer Protection:
ZDI-08-010: Java Web Start encoding Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-010
March 12, 2008
-- CVE ID:
CVE-2008-1188
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
-- TippingPoint(TM) IPS Customer Protection:
TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
March 11, 2008
-- CVE ID:
CVE-2008-0116
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Office Excel 2003
Microsoft Office Excel 2002
Microsoft Office Excel
The ongoing monitoring of this campaign reveals that the group is
continuing to expand the campaign, introducing over a hundred new
bogus .info domains acting as traffic redirection points to the
campaigns hardcoded within the secondary redirection point, in this
case radt.info where a new malware
this file.
https://target/securecgi-bin/CSUserCGI.exe?Help+00.lala.c.hacker%22%22%22%3E%3Ch1%3EHello_Cisco%3C/h1%3E
Solution:
Update to UCP version 4.2.
See the Cisco Advisory for how to obtain fixed software:
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml
rPath Security Advisory: 2008-0106-1
Published: 2008-03-12
Products:
rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote Root Deterministic Information Exposure
Updated Versions:
[EMAIL PROTECTED]:1/1.4.18-0.4-1
rPath Issue Tracking System:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Dear list,
I was studying this passphrase creation method called Diceware:
http://world.std.com/~reinhold/diceware.html
In it, one rools a common dice five times, write down the results, in
a sequential manner, and then check the suggested word in the
DICTIONARY they provide.
You got that? The
police officers (in the states) wear bullet proof vests because there is a
high probability of them getting shot/shot at, do you think that somehow makes
it legal?
On Wed, 12 Mar 2008, M.B.Jr. wrote:
Date: Wed, 12 Mar 2008 16:15:56 -0300
From: M.B.Jr. [EMAIL PROTECTED]
To: Full-Disclosure
###
Luigi Auriemma
Application: McAfee Framework
(implemented in McAfee ePolicy Orchestrator 4.0
jf,
if your analogy was somehow decent, it would consider the police
giving citizens some shotguns since the Diceware dictionary is freely
available for download.
On Wed, Mar 12, 2008 at 11:49 PM, jf [EMAIL PROTECTED] wrote:
police officers (in the states) wear bullet proof vests because
On Wed, Mar 12, 2008 at 12:15 PM, M. B. Jr. [EMAIL PROTECTED] wrote:
Doesn't adopting the Diceware method in a, say, government corporative
environment means legalizing brute force attacks?
nah.
___
Full-Disclosure - We believe in it.
Charter:
How much should the average user worry about this? Not very much. Most
notebooks from average users don't even have Firewire on them and you
would have an easier time cracking them with a dictionary attack on
the password and other such things, which means that this attack
makes you no more
rPath Security Advisory: 2008-0108-1
Published: 2008-03-12
Products:
rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Unauthorized Access
Updated Versions:
[EMAIL PROTECTED]:1/1.0.13-0.1-1
rPath Issue Tracking System:
Re. where you said,
yes, if the system is off and you can turn it on (e.g. no bios or hdd
encryption passwords) you can bypass the logon screen. this is because
the tool searches for the function MsvpPasswordValidate in memory and
patches it to allow any password.
That's correct, but not
19 matches
Mail list logo
