Re: [Full-disclosure] can you answer this?

2012-02-03 Thread doo...@gmail.com
Arserspeage.haha. Fku lamer. - Reply message - From: "Zach C." To: Cc: "funsec" , "RandallM" , , Subject: [Full-disclosure] can you answer this? Date: Fri, Feb 3, 2012 8:04 pm The original message reads thus: > i was working with cleaning up "any to any" on fw. ran across inside > ips

Re: [Full-disclosure] can you answer this?

2012-02-03 Thread Full Disclosure mailing list
On 03/02/2012 08:20, RandallM wrote: > since no one could answer the last one how bout this. In my FW log > Trust (our 10.0.0.0. network) to untrust picked this up: > > 2012-02-02 10:08:10 7.254.254.254:68 7.254.254.255:67 0.0.0.0:0 > 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied > > My "any" to "any" d

Re: [Full-disclosure] can you answer this?

2012-02-03 Thread Fabian Wenk
Hello On 03.02.2012 09:20, RandallM wrote: > since no one could answer the last one how bout this. In my FW log > Trust (our 10.0.0.0. network) to untrust picked this up: > > 2012-02-02 10:08:10 7.254.254.254:68 7.254.254.255:67 0.0.0.0:0 > 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied > > My "any" to

[Full-disclosure] Vulnerability-lab.com XSS

2012-02-03 Thread Luis Santana
Earlier today I tried to contact the people over at http://vulnerability-lab.com about an XSS vulnerability I found on their site (ironic) but it appears they want nothing to do with me. Praise Full-Disclosure. [image: Vulnerability-lab.com XSS - HackTalk Security] h

[Full-disclosure] MD5 for pre-release advisory / multiple vulnerabilities / Sonexis ConferenceManager

2012-02-03 Thread Adriel Desautels
MD5 (20120203-SONEXIS-NETRAGARD.txt) = adde14f01f442022e40decba069e1f3e ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Key Internet operator VeriSign hit by hackers [DNS]

2012-02-03 Thread Dcdave
There is a turtle-like tendency within the vendors of security solutions to protect themselves against the potential loss of trust in their offerings and subsequent loss of revenue by pretending it didn't happen, keeping it quiet, dissembling, and ignoring rather than discussing a clear plan of

Re: [Full-disclosure] can you answer this?

2012-02-03 Thread Zach C.
The original message reads thus: > i was working with cleaning up "any to any" on fw. ran across inside > ips doing netbios (NS) , and one using port 4330 to 7.8.0.106, or > .107. > > a who is give .miil DoD Network Information Center. > > ? > > we are just a manufacturing company. One ip is from

Re: [Full-disclosure] can you answer this?

2012-02-03 Thread james
So what's the question? --Original Message-- From: RandallM Sender: full-disclosure-boun...@lists.grok.org.uk To: funsec To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] can you answer this? Sent: 3 Feb 2012 08:20 since no one could answer the last one how bout this. In my

[Full-disclosure] can you answer this?

2012-02-03 Thread RandallM
since no one could answer the last one how bout this. In my FW log Trust (our 10.0.0.0. network) to untrust picked this up: 2012-02-02 10:08:10 7.254.254.254:68 7.254.254.255:67 0.0.0.0:0 0.0.0.0:0 DHCP 0 sec. 0 0 Traffic Denied My "any" to "any" denied queue. -- been great, thanks RandyM a.k.a

Re: [Full-disclosure] Key Internet operator VeriSign hit by hackers [DNS]

2012-02-03 Thread Kyle Creyts
"Management was informed of the incident in September 2011" pg 33, sect 2 Further, there is no mention of risk potential for the SSL business whatsoever, despite numerous mentions of risk factors for the Registry Services business, not related to this attack. While nothing is "safe" to assume, I

Re: [Full-disclosure] Key Internet operator VeriSign hit by hackers [DNS]

2012-02-03 Thread Kyle Creyts
This is at least a year and a half old. Please, don't republish "news" that should have never been reprinted. I'm not sure who would have allowed this tripe to be syndicated... On Thu, Feb 2, 2012 at 2:49 PM, Jeffrey Walton wrote: > http://www.reuters.com/article/2012/02/02/us-hacking-verisign-id

Re: [Full-disclosure] hackers.it disappeared from google search results

2012-02-03 Thread David3 Gonnella
Hi Nancy, I think "noindex,nofollow" in robots of any page is the main problem. I have updated and, as you suggest, I am going to check with the google Webmaster Tools Hope to find out the problem and being indexed as usual. Thanks for helping! Davide > All this means is that Google has not index

[Full-disclosure] Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.

2012-02-03 Thread Michel
hello, Multiple vendor antivirus .kz archive format evasion/bypass vulnerability. DESCRIPTION .kz is a proprietary archive format from an Asian editor KuaiZip: http://www.kuaizip.com/en/index.html This format, similar to lzma, is recent and very rare format type (not supported yet by most co

Re: [Full-disclosure] hackers.it disappeared from google search results

2012-02-03 Thread David3 Gonnella
On Thu, 2012-02-02 at 11:47 -0600, adam wrote: > It should be noted that you can use webmaster tools to speed up the > process of having pages removed (once the meta tag is present on > them). Also, it may be hit or miss but you could try using > google.com/addurl to speed up the reindexing of thos

Re: [Full-disclosure] hackers.it disappeared from google search results

2012-02-03 Thread David3 Gonnella
Hi Rob, yes you are right, ripped off from PS cause the meaning would be quite the same, but text will be reviewed before going to prod. At the moment it is all in a test environment, i take your feedback for a better artwork and the update to new texts asap. Thanks Davide On Thu, 2012-02-02 at

[Full-disclosure] [SECURITY] [DSA 2403-1] php5 security update

2012-02-03 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2403-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst February 02, 2012

[Full-disclosure] NASA Subdomains FCKEditor - Multiple Vulnerabilities

2012-02-03 Thread resea...@vulnerability-lab.com
Title: == NASA Subdomains FCKEditor - Multiple Vulnerabilities Date: = 2012-01-29 References: === http://vulnerability-lab.com/get_content.php?id=400 VL-ID: = 400 Introduction: = The National Aeronautics and Space Administration (NASA) is the agency of the U

[Full-disclosure] Achievo v1.4.3 - Multiple Web Vulnerabilities

2012-02-03 Thread resea...@vulnerability-lab.com
Title: == Achievo v1.4.3 - Multiple Web Vulnerabilities Date: = 2012-01-30 References: === http://www.vulnerability-lab.com/get_content.php?id=403 VL-ID: = 403 Introduction: = Achievo is a flexible web-based resource management tool for business environments

[Full-disclosure] OSCommerce v3.0.2 - Persistent Cross Site Vulnerability

2012-02-03 Thread resea...@vulnerability-lab.com
Title: == OSCommerce v3.0.2 - Persistent Cross Site Vulnerability Date: = 2012-02-02 VL-ID: = 407 Introduction: = osCommerce is the leading Open Source online shop e-commerce solution that is available for free under the GNU General Public License. It features a ric