-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [24 Apr 2012]
===
ASN1 BIO incomplete fix (CVE-2012-2131)
===
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not
Hi,
Anybody else got this message? I think they are spamming the
subscribers/regular participants of the list.
-- Forwarded message --
From: steve ruskin ruskin.st...@gmail.com
Date: Tue, Apr 24, 2012 at 9:56 AM
Subject: Vulnerability research and exploit writing
To:
Title:
==
Cross Site Scripting - Exploitation Penetration Strings
Date:
=
2012-04-23
References:
===
Download: http://www.vulnerability-lab.com/resources/documents/531.txt
VL-ID:
=
531
Status:
Published
Exploitation-Technique:
===
Sheets
Is available at:
http://waleedassar.blogspot.com/2012/04/microsoft-incremental-linker-integer.html
Waliedassar
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Title: Undocumented Backdoor Access to RuggedCom Devices
Author:jc
Organization: JC CREW
Date: April 23, 2012
CVE: CVE-2012-1803
Background:
RuggedCom is one of a handful of networking vendors who capitalize on
the market for Industrial Strength and Hardened
Exploit Pack - Web Security Edition
This tool allows you to take control of remote browsers, steal social
network credentials, obtain persistence on it, DDoS and more.
Demo: http://www.youtube.com/watch?v=B_AYyRFNokI
Main features:
- Hacking of Gmail, Yahoo, Facebook, Live, Linkedin
- Session
Folks,
We've published a new IETF I-D entitled Security Implications of IPv6
on IPv4 networks.
The I-D is available at:
http://www.ietf.org/id/draft-gont-opsec-ipv6-implications-on-ipv4-nets-00.txt
The Abstract of the I-D is:
cut here
This document discusses the security
Hi,
I think that people here would be more interested by the (new?)
techniques you're using in your tool than by your own (not documented?)
implementation.
ie: are you using MSF browser autopwn technique for browser control?
(Or, will we have to spend individually 3 days to review and test your
I'm also wondering if your tool is a clone of our BeEF or not :D
Cheers
antisnatchor
On Tue, Apr 24, 2012 at 11:25 AM, Jerome Athias jer...@netpeas.com wrote:
Hi,
I think that people here would be more interested by the (new?)
techniques you're using in your tool than by your own (not
s/clone/theft/
On Tue, Apr 24, 2012 at 12:31 PM, Michele Orru antisnatc...@gmail.com wrote:
I'm also wondering if your tool is a clone of our BeEF or not :D
Cheers
antisnatchor
On Tue, Apr 24, 2012 at 11:25 AM, Jerome Athias jer...@netpeas.com wrote:
Hi,
I think that people here would be
Is good evening. I is would like to warn you about is vulnerability in
Backtrack is all version.
Backtrack Linux is penetration tester is system. Is come complete with
tool for to make hacking for penetration tester.
In is booting Backtrack, vulnerability exist in booting for when start
if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:064
http://www.mandriva.com/security/
*sigh* vulnerability reports like this make me sad.
On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com wrote:
Is good evening. I is would like to warn you about is vulnerability in
Backtrack is all version.
Backtrack Linux is penetration tester is system. Is come complete with
It makes me laugh! hahahaha
2012/4/24 Gage Bystrom themadichi...@gmail.com
*sigh* vulnerability reports like this make me sad.
On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com
wrote:
Is good evening. I is would like to warn you about is vulnerability in
Backtrack is all
Next thing ya know he will publish a disclosure on the default password
being toor.
On Apr 24, 2012 7:41 AM, Urlan urlanc...@gmail.com wrote:
It makes me laugh! hahahaha
2012/4/24 Gage Bystrom themadichi...@gmail.com
*sigh* vulnerability reports like this make me sad.
On Apr 24, 2012 5:50
I'll keep my response short simple...
This is an old debate, and one which never truly resolves because the contrary
opinions tend to be so deeply rooted. I have no objection to anyone wanting to
earn an _honest_ living finding and reporting vulnerabilities, but somewhere
along the line,
Hi all!
We are pleased to announce the release of plown, a security
tool for Plone.
Despite the fact that Plone [1] is one of the most
secure CMS, even the most secure system can be penetrated due to
misconfigurations, use of weak passwords and if the admins never apply
the patches released.
+1 duke
https://twitter.com/#!/mdowd/status/192986878138523648
http://i.imgur.com/dOjJt.jpg
Buy:
http://www.amazon.com/Software-Security-Assessment-Vulnerabilities-ebook/dp/B004XVIWU2
Steal: http://uploaded.to/file/nuq1ws67/032126.chm
2012/4/19 Tavis Ormandy tav...@cmpxchg8b.com:
I have a more critical vulnerability: root default password is toor
¬¬
2012/4/24 Григорий Братислава musntl...@gmail.com
Is good evening. I is would like to warn you about is vulnerability in
Backtrack is all version.
Backtrack Linux is penetration tester is system. Is come complete with
it makes me scary! There is also on my distro! DOH! ;P
On 04/24/12 16:41, Urlan wrote:
It makes me laugh! hahahaha
2012/4/24 Gage Bystrom themadichi...@gmail.com
*sigh* vulnerability reports like this make me sad.
On Apr 24, 2012 5:50 AM, Григорий Братислава musntl...@gmail.com
wrote:
IMHO, anyone who willingly, knowingly places customer data at risk by
inviting attacks on their production systems is playing a very dangerous
game. There is no guarantee that a vuln discovered by a truly honest
researcher couldn't become a weapon for the dishonest researcher through
El 24/04/12 14:41, Григорий Братислава escribió:
Is good evening.
Is good afternoon.
I is would like to warn you about is vulnerability in
Backtrack is all version.
I is want to advise you on one failure in Gentoo Hardened at all types
Backtrack Linux is penetration tester is system. Is come
On Tue, Apr 24, 2012 at 11:13 AM, Michal Zalewski lcam...@coredump.cx wrote:
IMHO, anyone who willingly, knowingly places customer data at risk by
inviting attacks on their production systems is playing a very dangerous
game. There is no guarantee that a vuln discovered by a truly honest
PD: Bad English written on purpose, please forgive me for any correct
grammar I may have used :P
PD2: Григорий seeing your historial I think the mail was a joke but
if you read his advisories and 0-days you know: It's not a joke...
--
Kind Regards
Milan Berger
Project-Mindstorm Technical
A you-only-get-it-when-successful 20,000$ budget from Google is
insulting, considering the perhaps massive time investment from
the researcher. [...] and yet they only pay a nice researcher 20
grand? You can't even live on that. Researchers aren't just kids
with no responsibilities, they have
On Tue, 24 Apr 2012 17:36:55 +0200, Milan Berger said:
if you read his advisories and 0-days you know: It's not a joke...
I always thought it was misunderstood performance art...
pgpBMDMGRP44M.pgp
Description: PGP signature
___
Full-Disclosure - We
Which always turns out to be the best...
Sent from my Windows Phone
From: valdis.kletni...@vt.edu
Sent: 4/24/2012 9:16 AM
To: Milan Berger
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Vulnerability in Gentoo hardened
On Tue, 24 Apr 2012
IMHO, anyone who willingly, knowingly places customer data at risk
by inviting attacks on their production systems is playing a very
dangerous game. There is no guarantee that a vuln discovered by a
truly honest researcher couldn't become a weapon for the dishonest
researcher through
Sharing source code with peers is one thing; sharing secrets over a public
medium is another. The all-seeing eye of Google has no mercy, and once the
secret has been seen, indexed, and copied to clone sites, it is no longer a
secret. Now combine the search power of Google with the computational
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2456-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
April 23, 2012
Ferenc,
I got one as well a few weeks ago. I suspect you are correct in your
assumption.
elazar
On Tuesday, April 24, 2012 at 4:03 AM, Ferenc Kovacs tyr...@gmail.com wrote:
Hi,
Anybody else got this message? I think they are spamming the
subscribers/regular participants of the list.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2457-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
April 24, 2012
Our interest is exploits which run over Windows 7, Snow Leopard with
applications such MS Office, Adobe, Browsers, Media Player , Notepad etc
Well, good thing I have a stash of Notepad 0-days.
Most of them involve you saving a snippet of text as evil.bat and
clicking on it, though.
/mz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2458-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
April 24, 2012
Hi List,
WANTED: one (free/available) .Net programmer
I did a research on Windows Opcodes (return addresses) database
https://en.wikipedia.org/wiki/Metasploit_Project#Opcode_Database
http://www.blackhat.com/html/bh-eu-12/bh-eu-12-briefings.html
My tools/results should be soon published
35 matches
Mail list logo