Re: [Full-disclosure] Is there a system or program which presents HTTP response count

Webalizer? Sent from my ATmega128 On Jul 7, 2011, at 5:44 AM, Jacqui Caren-home jacqui.ca...@ntlworld.com wrote: On 07/07/2011 08:03, 김무성 wrote: Is there a system or program which presents HTTP response count? Yes. ___ Full-Disclosure - We

[Full-disclosure] [SECURITY] [DSA 2275-1] openoffice.org security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2275-1 secur...@debian.org http://www.debian.org/security/Nico Golde July 7, 2011

[Full-disclosure] Detailes of the latest phpMyAdmin flaws

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html /Mango ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Extended: hashdays 2011 - Call for Papers (#days CFP)

Hi, Due to many request #days the Swiss conference for security, extends its call for papers (CFP) deadline until July 17th 2011. For details regarding the submission guidelines see: https://www.hashdays.ch/call-for-papers.html Here is why you'd really enjoy presenting at the #days conference: -

[Full-disclosure] XerXes DoS tool Leak. not so 0day now!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hey guys, thought the world needed this leaked, if only so j35t3r cannot continue his nonsense with his 31337 0day tool http://pastebin.com/raw.php?i=MLFs5m1K Thats the sauce :) Have fun, and I will be watching this to see when it is patched. BTW,

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

Oh snap. On Jul 8, 2011 1:52 PM, anonymous-t...@hushmail.me wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hey guys, thought the world needed this leaked, if only so j35t3r cannot continue his nonsense with his 31337 0day tool http://pastebin.com/raw.php?i=MLFs5m1K Thats the sauce

[Full-disclosure] ABZs of Cybersecurity

Hi, Those of you in the position of getting non-sec people to understand what they're doing wrong in security might find this article useful: The ABZs of Cybersecurity If we want people to be safer with their information we can't go the just say no route since people just won't do that.

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

Thanks, I know we have our disagreements but I do find your work interesting. On Jul 8, 2011 1:59 PM, anonymous-t...@hushmail.me wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Laurelai, nice of you to join us. How this tool seems to work is it just routes via a literal ton of TOR

Re: [Full-disclosure] Binary Planting Goes Any File Type

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan seems to be on the money here, and remember - if the attacker can get you to click on their file or open it, you are fscked anyways. Hence, it is moreso a way to hide your .exe unless I am very mistaken... (again, I hope I am doing the CC/BCC

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Laurelai, nice of you to join us. How this tool seems to work is it just routes via a literal ton of TOR servers to open connections to the target... Reminds me of Anonoctopus.c except using TOR. It does seem to be just as effective as the j35t3rs

Re: [Full-disclosure] Binary Planting Goes Any File Type

Mitja, A question/suggestion: Have you guys tried influencing where the .hotspotrc files are loaded from by supplying your own System properties (e.g. user.dir)? You can do this in .jnlp files and probably applet tags as well. This has allowed for JRE RCE in the past. If there is a way to

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

On 7/8/2011 1:58 PM, anonymous-t...@hushmail.me wrote: Laurelai, nice of you to join us. How this tool seems to work is it just routes via a literal ton of TOR servers to open connections to the target... Reminds me of Anonoctopus.c except using TOR. It does seem to be just as effective

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Same code base, same mechanism of attack. Essentially octopus flood routed via TOR. Ironically, SlowLoris routed via TOR with rapid exit node switching, combined with a modification to entropy's Torshammer HTTP POST DoS tool (using TOR also) is far

[Full-disclosure] phpMyAdmin 3.x preg_replace RCE POC

I'm flooded with requests for a POC and many doubt that these vulnerabilities are exploitable. And since this vulnerability is rather technically interesting I believe many could learn from it. http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html

Re: [Full-disclosure] Binary Planting Goes Any File Type

It's a nice attempt, but no. The social engineering required to pull that off exceeds what's required to get somebody to download and execute setup.exe, and we don't call that RCE either. Hundreds of false bugs are blinding you to probably a dozen real bugs. Likely more. In security as in

Re: [Full-disclosure] Binary Planting Goes Any File Type

Ok, Dan, just for you: Launch Internet Explorer 9 on Windows 7 (probably other IE/Win works too), go to File-Open (or press Ctrl+O), browse to Test.html and open it. No double-clicking and you couldn't launch an executable this way. Better? Cheers, Mitja On Jul 8, 2011, at 9:10 PM, Dan

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi everyone again, As I said to various people I would release an updated version that works lacking the bugs. The leaked version being fairly bad and was never intended to be released. http://pastebin.com/j6uVQ3yF - - William Welna -BEGIN

Re: [Full-disclosure] XerXes DoS tool Leak. not so 0day now!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/8/2011 10:17 PM, Sanguinarious Rose wrote: Hi everyone again, As I said to various people I would release an updated version that works lacking the bugs. The leaked version being fairly bad and was never intended to be released.