Webalizer?
Sent from my ATmega128
On Jul 7, 2011, at 5:44 AM, Jacqui Caren-home jacqui.ca...@ntlworld.com wrote:
On 07/07/2011 08:03, 김무성 wrote:
Is there a system or program which presents HTTP response count?
Yes.
___
Full-Disclosure - We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2275-1 secur...@debian.org
http://www.debian.org/security/Nico Golde
July 7, 2011
http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
/Mango
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hi,
Due to many request #days the Swiss conference for security, extends its
call for papers (CFP) deadline until July 17th 2011. For details
regarding the submission guidelines see:
https://www.hashdays.ch/call-for-papers.html
Here is why you'd really enjoy presenting at the #days conference:
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hey guys,
thought the world needed this leaked, if only so j35t3r cannot
continue his nonsense with his 31337 0day tool
http://pastebin.com/raw.php?i=MLFs5m1K
Thats the sauce :)
Have fun, and I will be watching this to see when it is patched.
BTW,
Oh snap.
On Jul 8, 2011 1:52 PM, anonymous-t...@hushmail.me wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hey guys,
thought the world needed this leaked, if only so j35t3r cannot
continue his nonsense with his 31337 0day tool
http://pastebin.com/raw.php?i=MLFs5m1K
Thats the sauce
Hi,
Those of you in the position of getting non-sec people to understand
what they're doing wrong in security might find this article useful:
The ABZs of Cybersecurity
If we want people to be safer with their information we can't go the
just say no route since people just won't do that.
Thanks, I know we have our disagreements but I do find your work
interesting.
On Jul 8, 2011 1:59 PM, anonymous-t...@hushmail.me wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Laurelai, nice of you to join us.
How this tool seems to work is it just routes via a literal ton of
TOR
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan seems to be on the money here, and remember - if the attacker
can get you to click on their file or open it, you are fscked
anyways.
Hence, it is moreso a way to hide your .exe unless I am very
mistaken...
(again, I hope I am doing the CC/BCC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Laurelai, nice of you to join us.
How this tool seems to work is it just routes via a literal ton of
TOR servers to open connections to the target... Reminds me of
Anonoctopus.c except using TOR.
It does seem to be just as effective as the j35t3rs
Mitja,
A question/suggestion:
Have you guys tried influencing where the .hotspotrc files are loaded
from by supplying your own System properties (e.g. user.dir)? You
can do this in .jnlp files and probably applet tags as well. This has
allowed for JRE RCE in the past.
If there is a way to
On 7/8/2011 1:58 PM, anonymous-t...@hushmail.me wrote:
Laurelai, nice of you to join us.
How this tool seems to work is it just routes via a literal ton of
TOR servers to open connections to the target... Reminds me of
Anonoctopus.c except using TOR.
It does seem to be just as effective
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Same code base, same mechanism of attack.
Essentially octopus flood routed via TOR.
Ironically, SlowLoris routed via TOR with rapid exit node
switching, combined with a modification to entropy's Torshammer
HTTP POST DoS tool (using TOR also) is far
I'm flooded with requests for a POC and many doubt that these
vulnerabilities are exploitable. And since this vulnerability is
rather technically interesting I believe many could learn from it.
http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html
It's a nice attempt, but no. The social engineering required to pull
that off exceeds what's required to get somebody to download and
execute setup.exe, and we don't call that RCE either.
Hundreds of false bugs are blinding you to probably a dozen real bugs.
Likely more. In security as in
Ok, Dan, just for you:
Launch Internet Explorer 9 on Windows 7 (probably other IE/Win works too), go
to File-Open (or press Ctrl+O), browse to Test.html and open it. No
double-clicking and you couldn't launch an executable this way. Better?
Cheers,
Mitja
On Jul 8, 2011, at 9:10 PM, Dan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi everyone again,
As I said to various people I would release an updated version that
works lacking the bugs. The leaked version being fairly bad and was
never intended to be released.
http://pastebin.com/j6uVQ3yF
- - William Welna
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/8/2011 10:17 PM, Sanguinarious Rose wrote:
Hi everyone again,
As I said to various people I would release an updated version that
works lacking the bugs. The leaked version being fairly bad and was
never intended to be released.
18 matches
Mail list logo