On Wed, 3 Sep 2008 16:31:25 +0700
"Samuel Beckett" <[EMAIL PROTECTED]> wrote:
> What would be the the worst case if you implement the following scenario for
> a credit card transaction:
[..snip..]
> After the successful credit card transaction, certain credit card details
> are then encrypted and
>
> Out of bound array accesses can be vulnerabilities because they can
>> in some cases result in code execution, but not in this case. In
>> this case, it is just an integer underflow that causes a
>> conditional to evaluate to true that shouldn't have and a byte or
>> two of memory being read ou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
My judgment is telling me to just ignore this, but I'll entertain
it with one response.
On Wed, 03 Sep 2008 20:04:34 -0400 Shyaam <[EMAIL PROTECTED]> wrote:
>This is a healthy discussion. This topic leads to a very good
>question. When
>do we call a b
> This is an out of bounds memory read that crashes the browser. It
> is a major exaggeration to call this a vulnerability, especially
> considering this is a beta browser. Not that others haven't already
> said it, but people never seem to learn that a browser crash is a
> stability issue, not a s
Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities
in XRMS, CVE-2008-3664
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3664
http://xrms.sourceforge.net
Description
XRMS is a web-based application for mana
===
Ubuntu Security Notice USN-640-1 September 03, 2008
libxml2 vulnerability
CVE-2008-3281
===
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7
Le Mon, 01 Sep 2008 02:44:35 -0300,
Fernando Gont <[EMAIL PROTECTED]> a osé(e) écrire :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Folks,
>
> We have published a revision of our IETF Internet-Draft about port
> randomization. It is available at:
> http://www.gont.com.ar/drafts/port
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>Even though I had the vulnerability 4 hrs well before the real
>publication of the bug and had the exploit along with the some
>crash details like "int 3" Kernel Exception/Trap @ 0x01002FF3,
>different attack cases, exceptions of http/ftp and further
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:185
http://www.mandriva.com/security/
On Wed, Sep 3, 2008 at 8:01 PM, <[EMAIL PROTECTED]> wrote:
> On Wed, 03 Sep 2008 14:47:22 -0400 n3td3v <[EMAIL PROTECTED]>
> wrote:
>>On Wed, Sep 3, 2008 at 5:06 PM, <[EMAIL PROTECTED]> wrote:
>>> I'd place bets that whoever it is, they're on the RBN payroll...
>>>
>>
>>I thought a high ranking s
Hi,
"Time" can definitely plays a major role. There was a collision that occurred
due to the fact that I took time to find the real break point in the code,
search for a template and to publish at EvilFingers site before sending it to
Google and other bugtraqs.
Even though I had the vulnerab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 03 Sep 2008 14:47:22 -0400 n3td3v <[EMAIL PROTECTED]>
wrote:
>On Wed, Sep 3, 2008 at 5:06 PM, <[EMAIL PROTECTED]> wrote:
>> I'd place bets that whoever it is, they're on the RBN payroll...
>>
>
>I thought a high ranking security professional
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:184
http://www.mandriva.com/security/
On Wed, Sep 3, 2008 at 5:06 PM, <[EMAIL PROTECTED]> wrote:
> I'd place bets that whoever it is, they're on the RBN payroll...
>
I thought a high ranking security professional like yourself would
stick to facts, not the latest disinformation handed out by so-called
"trusted" security professionals
On 9/3/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
...
> I'd place bets that whoever it is, they're on the RBN payroll...
...
If they really were the "biggest hacker", why on earth would they work
for a large group that would merely dull their shine and take from
their profits, etc.
No, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in
Cisco PIX and Cisco ASA
Advisory ID: cisco-sa-20080903-asa
Revision 1.0
For Public Release 2008 September 3 1600 UTC (GMT
Fusil is a Python library for writing fuzzers and a set of specific fuzzers:
Apache, ClamAV, Firefox, gettext, gstreamer, ImageMagick, libpoppler,
printf(), Mplayer, ogg123, PHP and Python. The goal is to quickly write your
fuzzer, Fusil is reponsible to manage a fuzzing campain (create files,
clea
On Wed, 03 Sep 2008 10:04:43 BST, n3td3v said:
> I think the world's biggest hacker HD Moore
HD is incredibly talented, and deserves a round of applause for Metasploit.
However, a minute's thought will show that we don't have a fucking *clue*
who the world's biggest hacker is. We have plenty of
So what fuck are you doing here?
This list speak english, if you dont want to, get out.
2008/9/3 Urlan <[EMAIL PROTECTED]>
> PT: FODA-SE!
>
> 1) Perdao, mas eu nao vi em nenhum lugar voce ajudando em coisa alguma.
> 2) Eu falo e escrevo em portugues, estou no Brasil. Obrigado mas eu nao
> quero p
Sorry for my mistake.
Urlan
2008/9/3 Fabio N Sarmento [ Gmail ] <[EMAIL PROTECTED]>
> So what fuck are you doing here?
> This list speak english, if you dont want to, get out.
>
> 2008/9/3 Urlan <[EMAIL PROTECTED]>
>
>> PT: FODA-SE!
>>
>> 1) Perdao, mas eu nao vi em nenhum lugar voce ajudando em
shut the fuck up
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Urlan
Sent: 3. september 2008 14:37
To: The Mad Hatter
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Google Chrome Browser Vulnerability
PT: FODA-SE!
1) Perda
PT: FODA-SE!
1) Perdao, mas eu nao vi em nenhum lugar voce ajudando em coisa alguma.
2) Eu falo e escrevo em portugues, estou no Brasil. Obrigado mas eu nao
quero postar coisas em ingles para quem quer que seja ler.
Urlan
On Wed, Sep 3, 2008 at 12:18 AM, The Mad Hatter <[EMAIL PROTECTED]> wrote:
==
Secunia Research 03/09/2008
- Novell iPrint Client -
- nipplib.dll "IppCreateServerRef()" Buffer Overflow -
=
Title
--
DDIVRT-2008-13 AVTECH PageR Enterprise Directory Traversal
Severity
Medium
Date Discovered
---
July 1, 2008
Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey LeBleu and [EMAIL PROTECTED]
Vulnerability Description
-
Title
-
DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point
Malformed HTTP POST DoS
Severity
Medium
Date Discovered
---
May 20, 2008
Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: Brandon Shilling and [EMAIL PR
What would be the the worst case if you implement the following scenario for
a credit card transaction:
- Store the private keys as disk files and place them in an area on a server
that is readable from a DLL that contains the decryption algorithm
-Hardcode one password into a DLL and the other pa
On Wed, Sep 3, 2008 at 8:52 AM, silky <[EMAIL PROTECTED]> wrote:
> On Wed, Sep 3, 2008 at 5:37 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
>> Okay, well you cannot deny this is a lackluster starting point.
>>
>> I hope Google can use this inauspicious starting point to build
>> the advertising emp
On Wed, Sep 3, 2008 at 5:37 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> Okay, well you cannot deny this is a lackluster starting point.
>
> I hope Google can use this inauspicious starting point to build
> the advertising empire they desire.
>
> I for one do not welcome the advertisement overlor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Andrew Farmer <[EMAIL PROTECTED]> wrote:
>On 02 Sep 08, at 21:48, Paul Ferguson wrote:
>> - -- "James Matthews" <[EMAIL PROTECTED]> wrote:
>>> The same thing happened to safari when it came out on windows.
>>
>> Well, no kidding. :-)
>>
>> Maybe
On 02 Sep 08, at 21:48, Paul Ferguson wrote:
> - -- "James Matthews" <[EMAIL PROTECTED]> wrote:
>> The same thing happened to safari when it came out on windows.
>
> Well, no kidding. :-)
>
> Maybe the flaws that will hound Chrome are due to the fact that
> it uses Safari as a codebase?
WebKit !=
30 matches
Mail list logo
