[Full-disclosure] Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk

2008-08-13 Thread Mister Nice Guy
*Storesonline, Ecommerce hosting solution - how to avoid mistakes that put your business at risk* Building an e-business inevitably requires a dedicated ecommerce hosting solution that can support the infrastructures. There are plenty of areas to take care of. Depending on your business types,

Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory

2008-08-13 Thread Seth Breidbart
On Fri, August 8, 2008 8:37 pm, Forrest J. Cavalier III wrote: Eric Rescorla wrote: To be concrete, we have 2^15 distinct keys, so, the probability of a false positive becomes (2^15)/(2^b)=2^(b-15). To get that probability below 1 billion, b+15 = 30, so you need about 45 bits. I chose 64

Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites

2008-08-13 Thread Gadi Evron
People need to realize it's quite possible these are just kids who attacked Georgia, and what that means. On Mon, 11 Aug 2008, Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron [EMAIL PROTECTED] wrote: In the last days news and government web sites in

Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites

2008-08-13 Thread Paul Ferguson
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron [EMAIL PROTECTED] wrote: People need to realize it's quite possible these are just kids who attacked Georgia, and what that means. Certainly -- anything is possible. I would note, however, that if it _is_ kids, then they have

Re: [Full-disclosure] [funsec] Internet attacks against Georgian web sites

2008-08-13 Thread Gadi Evron
On Tue, 12 Aug 2008, Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron [EMAIL PROTECTED] wrote: People need to realize it's quite possible these are just kids who attacked Georgia, and what that means. Certainly -- anything is possible. I would note,

Re: [Full-disclosure] Internet attacks against Georgian web sites

2008-08-13 Thread Viktor Larionov
Hi all, As a comment to Gadi's story: it's not nice to accuse anyone if it's still not clear who's behind all this and what is really happening. As a matter of fact, personally I trust Saakashvili allmost the same as I trust Medvedev - i'd bet both sides try to make themselves white and fluffy

[Full-disclosure] IntelliTamper v2.07/2.08 Beta 4 A HREF sploit

2008-08-13 Thread kralor
Old exploit, released for the masses. kralor, Crpt HiC. // /* [Crpt] IntelliTamper v2.07/2.08 Beta 4 sploit by kralor [Crpt] */ // /*

Re: [Full-disclosure] Vim: Netrw: FTP User Name and Password Disclosure

2008-08-13 Thread Tony Mechelynck
On 12/08/08 23:59, Jan Minář wrote: Vim: Netrw: FTP User Name and Password Disclosure 1. SUMMARY Product : Vim -- Vi IMproved Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109 Impact : Credentials disclosure Wherefrom: Remote Original :

[Full-disclosure] (no subject)

2008-08-13 Thread ff0000
Title: Hushmail Express [EMAIL PROTECTED] has sent you a secure email using Hushmail. To read it, please visit the following web page: https://www.hushmail.com/express/4JS7VCHT Frequently Asked Questions: Why did I receive this email? You have received this email because you

[Full-disclosure] OpenVAS Stable Release

2008-08-13 Thread Michael Wiegand
Hello, the OpenVAS project is proud to announce the release of the first stable version of the Open Vulnerability Assessment System. OpenVAS is a fork of the Nessus security scanner; while Nessus switched to a proprietary license, OpenVAS will continue to improve the scanner and will provide

Re: [Full-disclosure] Internet attacks against Georgian web sites

2008-08-13 Thread n3td3v
On Wed, Aug 13, 2008 at 6:43 AM, Viktor Larionov [EMAIL PROTECTED] wrote: Hi all, As a comment to Gadi's story: it's not nice to accuse anyone if it's still not clear who's behind all this and what is really happening. It would be great for the U.S to take down the .ge sites while Russia is

[Full-disclosure] NULL pointer in Ventrilo 3.0.2

2008-08-13 Thread Luigi Auriemma
### Luigi Auriemma Application: Ventrilo http://www.ventrilo.com Versions: = 3.0.2 Platforms:Windows, Linux i386, Solaris SPARC, Solaris x86, FreeBSD i386,

[Full-disclosure] rPSA-2008-0243-1 idle python

2008-08-13 Thread rPath Update Announcements
rPath Security Advisory: 2008-0243-1 Published: 2008-08-13 Products: rPath Appliance Platform Linux Service 1 rPath Appliance Platform Linux Service 2 rPath Linux 1 rPath Linux 2 Rating: Major Exposure Level Classification: Indirect Deterministic Unauthorized Access Updated

Re: [Full-disclosure] Internet attacks against Georgian web sites

2008-08-13 Thread n3td3v
On Wed, Aug 13, 2008 at 7:35 PM, Jim Race [EMAIL PROTECTED] wrote: http://www.nextgov.com/nextgov/ng_20080812_7995.php We want to get the attention of the next administration as they are coming in --Marcus Sachs. Announcing this during the Georgia cyber attacks is well and truly calculated.

[Full-disclosure] [ MDVSA-2008:169 ] hplip

2008-08-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:169 http://www.mandriva.com/security/

[Full-disclosure] Microsoft Windows Messenger Remote Illegal Access Vulnerability

2008-08-13 Thread cocoruder
Microsoft Windows Messenger Remote Illegal Access Vulnerability by cocoruder(frankruder_at_hotmail.com) http://ruder.cdut.net Summary: A remote illegal access vulnerability exists in Microsoft Windows Live Messenger. A vicious attacker can control the Live Messenger via constructing a

[Full-disclosure] [ MDVSA-2008:168 ] stunnel

2008-08-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:168 http://www.mandriva.com/security/

[Full-disclosure] [ MDVSA-2008:170 ] cups

2008-08-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2008:170 http://www.mandriva.com/security/