Freddie Vicious wrote:
Microsoft has released Internet Explorer 8 on March 19, 2009 and up to
now there's no reliable method to exploit memory corruption
vulnerabilities on it?
I mean, on IE6 and IE7 we had SkyLined heap spray technique, first
seen in the IFRAME overflow exploit [1] which
Well, it's starting to get cold already this year up in Michigan...
Thank goodness for ToorCon! I always look forward to warm San Diego in
October. Every year I've been to the conference it seems to get better,
and may I suggest you check out one of the awesome workshops too. :)
The complete
Mario Alejandro Vilas Jerez wrote:
What is WinAppDbg?
==
The WinAppDbg python module allows developers to quickly code instrumentation
scripts in Python under a Windows environment.
Can you compare/contrast with pydbg so I can understand why I might want
to give it a try?
Excellent. Doesn't trigger on Mac. I just did a talk on QuickTime
hacking at ShakaCon III -- which btw -- can I just say best place for a
con ever!. My slides are at www.vdalabs.com. The slides might give
you some insight into the types of exceptions you're hoping for. To
boil it down, a
the widest
audience with its revolutionary technology, the company would simply
publish the paper(s) rather than try and mine the data with a 'Request
Resource'.
You've got the wrong paper, mine is entitled: '*Introduction to
Application Security'*
Jeff
On 5/28/09, Jared DeMott jdem
Hi all,
If you plan to take my Application Security: For Hackers and
Developers at ShakaCon, BlackHat, ToorCon, and others;
I finally got off my can and finished the prerequisite white paper.
It can be found here:
Robin responding. Holy email list batman, it's a false alarm!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
James Matthews wrote:
I wish! Fortify software has been tested against many open source
projects and reported a bunch of false positives. Yes i know they are
working to improve the software However i still hold that fuzzing
will show you some issues that this software cannot.
James
And
KammyDoe wrote:
Merry Christmas, FD!
It's been a fun year; here's to '09!
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
And may God
Intelligence and religion shouldn't be in the same sentence. To even
pretend, yet alone believe, that some pathetic moron has an insight in
to the mindset of a celestial dictator is ridiculous.
Religion may have been a foolish first attempt at science, but the
fact that it still has a
James Matthews wrote:
Double Die
Gang, telling people to die is not nice. Please refer to [1] or [2].
[1] http://www.elliottsamazing.com/kindergarden.html
[2] http://en.wikipedia.org/wiki/Ethic_of_reciprocity
___
Full-Disclosure - We believe in it.
Alexander Sotirov wrote:
Dino Dai Zovi finally spilled the beans:
http://twitter.com/dinodaizovi/statuses/858981957
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
Kurt Dillard wrote:
How much do you pay?
We were all wondering but didn't have the gull to ask! lol.
smime.p7s
Description: S/MIME Cryptographic Signature
___
Full-Disclosure - We believe in it.
Charter:
Simon Smith wrote:
If you're interested you can read about it here:
http://snosoft.blogspot.com/2008/03/exploit-acquisition-program-shut-down.html
Ya, I'll second that one. The market turned out to be uglier than
expected for a lot of reasons including this one.
Jared
http://www.hackersforcharity.org/
Join the fun!
Jared
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
We all work so hard, and when we die - we have nothing to take with
us. None of the praises are going to help Justin or his family now. He
is missed and missed forever! I fear eternal life now.
Reminds me of 911 in a way. People get so caught up in this Matrix
like life ... we
VDA Labs Advisory:
--
Ipswitch FTP XSS leads to FTP server compromise. The Vendor has been
notified, and given the PoC.
Synopsis:
There is XSS vulnerability when the WS_FTP server logs client FTP
commands. All user commands are logged. When the FTP command
Dave, is any of this true?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
All:
So, I've tried the vendor pay model for bug hunting and it wasn't always
well received. Apparently auction sites and 3 party purchasers are
fine, but some folks don't like the idea of selling directly to the
vendor. I was thinking that this would be ideal since the vendor would
have the
For the full advisory and PoC, see:
http://www.vdalabs.com/tools/linkedin.html
Jared
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Михал Потапыч wrote:
If these are the kind of questions you ask then perhaps you should
reconsider your decision.
don't listen bro, there will always be nah-sayers when you're dreaming
big. like i said offline, go for it!
jared
___
IPSwitch WS_FTP Logging Server Remote Denial of Service
Version: 7.5.29.0 (Logsrv.exe)
Overview
The WS FTP logging server is a daemon that listens on UDP port 5151 and
is shipped with WS FTP and by default is turned on and used by the
Are available here:
http://www.vdalabs.com/resources
Thanks,
Jared
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Month of Random Hashes wrote:
[ITEM #1]
md5: 27cd1bb8a6b93c061fb0ad38031ca33d
sha1: 41b1f79e2f5a53ff182d03ca3fc00644a1173e4c
sha256:
0fba5450776398db658ca16d9b45e20e218d3f514d800586bf6778bcbb3d3088
Do I need to send out another hash of my ash to make this nonsense stop?
Month of Random Hashes wrote:
FAQ coming soon.
Please be patient.
ok, just having a little fun. Go ahead.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Month of Random Hashes wrote:
[ITEM #1] == my hinney
sha1: a25d7360e1294a6a6242ed4621d5d73347ea6398
Took a picture of my backend and would like to post the hash.
___
Full-Disclosure - We believe in it.
Charter:
Dr. Neal Krawetz PhD wrote:
Send it over here. The picture, not the hash. I have the technologies
to determine whether the image is computer generated, digitally altered,
or legitimately a real picture!
These technologies shall be unveiled at Blackhat during my presentation.
Sometimes it
Kradorex Xeron wrote:
On Sunday 24 June 2007 16:19, [EMAIL PROTECTED] wrote:
I can't give detail here
Isn't this list called full-disclosure? - in otherwords: If you aren't
going to disclose anything: DON'T post that you have something. This list
is designed specifically for
secure poon wrote:
*Proposition*
Microsoft is a 280+ billion dollar corporation. Why don't/can't they
have a standard ransom fee for security flaws?
0day Remote OS flaw: $1,000,000
0day IE explorer flaws that give administrative shells: $200,000
0day (other flaws) that affect other
What is funny however, is that Microsoft, the great supporter of
responsible disclosure actually is the main sponsor (patron) of the
SyScan conference: http://syscan.org/ which is organized by Thomas.
Maybe it's a sign that Microsoft realized that free responsible
disclosure idea is a bit
Dennis Rand wrote:
CSIS Security Group has discovered a remote exploitable arbitrary
overwrite, in the Blue Coat
K9 Web Protection local Web configuration manager on 127.0.0.1 and port
2372.
Justin Seitz of VDA Labs (www.vdalabs.com) already found this bug.
Here's the CVE: CVE-2007-1783.
Dennis Rand wrote:
Hey Jared
It does not matter when what was discovered as long as it got fixed J
It does if you're in the bug reselling business.
___
Full-Disclosure - We believe in it.
Charter:
for my
private copy but apparently Jared DeMott felt the time was right to
include pydbg_client class in his EFS release of Paimei! This should allow
debuggers of applications to use the remote functionality of Paimei to
debug
processes running on remote computers. Also the all new pydbg_server,
just
Tim Brown wrote:
Having noticed the popularity of fuzzing tools recently, I was feeling a
bit left out. Where is the Perl framework to complete the family? With
that in mind I've spent the last months working on something that should
fill the gap - Fuzzled.
Fuzzled is a powerful fuzzing
34 matches
Mail list logo