On Thu, 17 May 2012 20:56:54 +0200, Adam Zabrocki said:
> Sorry I can not agree with you. Suse 12.1 is very new/fresh distribution
> so I don't see any point of delivering "old" binaries with new system.
> Still there is an open question about 3rd party vendors applications.
Exactly - it's all ab
LinkedIn uses a Token into the login form which can be used many times
for different usernames. You can do it using the same IP or differents
IP, the token will not be verified.
I. Step by step
===
1). Login into your LinkedIn account and capture the "sourceAlias" and
"csrfToken" var
You should have went to a CERT with this, shouldn't vendor
coordination be of urgency here?
On Thu, May 17, 2012 at 12:35 PM, Григорий Братислава
wrote:
> Hello Full-Disclosure!! !! !!
>
> Is like to warn you about is vulnerability in Dopewars. I'm is
> discover vulnerability perhaps 10 years ago
Hello Full-Disclosure!! !! !!
Is like to warn you about is vulnerability in Dopewars. I'm is
discover vulnerability perhaps 10 years ago but is posting now.
Is problem exist when carry more than is 50 cocaines and is Officer
Hardass (pitifully armed) is kill 2 of is your bitches. Is when this
hap
That's what I said. :D
Timothy "Thor" Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mike Hearn
Sent: Wednesday, May 16, 2012 1:38 PM
To: fu
On Wed, 16 May 2012 23:49:40 +0200, Adam Zabrocki said:
> so the latest update has this fix but still official ISO has old kernel. Fix
> was applied
> in March/April. So again _sock kernels_ have/had so simple mistake ;)
You're assuming it's a *mistake* rather than something intentional.
Rememb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:078
http://www.mandriva.com/security/
_
http://www.securitybsides.com/w/page/33949981/BSidesDetroit
Only two weeks left before the opening day.
Talks/schedule listed on page above.
--
Kyle Creyts
Information Assurance Professional
BSidesDetroit Organizer
___
Full-Disclosure - We believe i
Hi All,
There is a new web application vulnerability scanner available. It is
called WebVulScan and it is open source. Here is the link for it if you
want to check it out: http://code.google.com/p/webvulscan/
Regards,
Dermot Blair
___
Full-Disclo
Hi there full-disclosure,
I wanted to respond to the recent post covering the Google real time
anti-hijacking system and explain a bit more about what this system is
and how it works. For background I am the tech lead of the relevant
team, and Daniel Margolis works on it with me.
Firstly, I'd lik
I understand your concerns, however they are not valid. You can be
assured of the following:
1) We do not see this system as a replacement for passwords. If we
block a login the user is notified and asked if it was them, if it
wasn't we ask them to pick a new password. In very high confidence
case
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2474-1 secur...@debian.org
http://www.debian.org/security/ Raphael Geissert
May 16, 2012
The point of my article is to specifically show that Google has a system in
place which gives the perception of a particular type of security; that is if
their password happens to be compromised, that the attack will be limited
unless the attacker has very specific knowledge about the user and t
Dnia 2012-05-16, śro o godzinie 14:39 -0700, Dan Kaminsky pisze:
> But we're making progress, we now know that opensuse on x86 is
> broken.
>
>
>
> Is VSYSCALL at a fixed address a similar problem? My Ubuntu boxes
> indeed have this mapped at the fixed location mentioned
Dnia 2012-05-16, śro o godzinie 23:09 +0200, Tavis Ormandy pisze:
> On Wed, May 16, 2012 at 11:49:40PM +0200, Adam Zabrocki wrote:
> > Hi Tavis,
> >
> > Yes this is stock kernels and yes you must believe it is so simple mistake
> > ;)
> > All systems was installed as VM in default installation us
Hi Tavis,
Yes this is stock kernels and yes you must believe it is so simple mistake ;)
All systems was installed as VM in default installation using official ISOs.
And of course this is configuration mistake not kernel problem(!) - my mistake
if I wasn't clear in the write-up.
Anyway Suse ISO w
Title
-
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
Severity
High
Date Discovered
---
April 12, 2012
Discovered By
-
Digital Defense, Inc. Vulnerability Research Team
Credit: Chris Graham and r@b13$
Vulnerability Description
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:077
http://www.mandriva.com/security/
_
You use a custom kernel with Gentoo so this would be a user error...
Charlie
Quoting Tavis Ormandy :
> On Wed, May 16, 2012 at 11:49:40PM +0200, Adam Zabrocki wrote:
>> Hi Tavis,
>>
>> Yes this is stock kernels and yes you must believe it is so simple
>> mistake ;)
>> All systems was installed
Nice one.
I thought behaviors like these were already fixed, but
I was wrong :D
Certainly something to add to BeEF.
Pity I will not be at HITB.
Cheers
antisnatchor
On Wed, May 16, 2012 at 6:29 PM, Nicolas Grégoire
wrote:
>
>> Uploading a SVG chameleon (SVG file triggering a XSLT
>> transformatio
20 matches
Mail list logo