-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
With such glowing reviews of your security product and such keen observation
regarding your website, from what many would regard as well
informed and skilled security personnel.
Not to mention the wonderful indexing of Google, I would question the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
One needs at least three rings according to the late Arthur Scherbius.
smiles
mrx
On 19/06/2011 18:20, w0lfd...@gmail.com wrote:
Hope there is such ring which will protect you others from the evil power
of The lords of the cyberworld.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/06/2011 12:24, coderman wrote:
On Wed, Jun 15, 2011 at 9:16 AM, valdis.kletni...@vt.edu wrote:
...
And there's the flip side of it - there's some 140+ million .com's out there.
For the vast majority of them, covering the 95% is in fact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/06/2011 16:23, Andrew Farmer wrote:
On 2011-06-15, at 12:59, kernel wrote:
Hi, all,
Some days ago I found head -n * of exploit for apache at patebin.com
http://pastebin.com/XEFnG9D6
#!/usr/bin/perl
#
# Apache 2.0.63 - 2.2.19 Remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/06/2011 20:24, Jeffrey Walton wrote:
An nice recap of the Sony malfunction by Security Curmudgeon from the
Dataloss Database (http://www.http://datalossdb.org/):
http://attrition.org/security/rants/sony_aka_sownage.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/06/2011 01:04, Nick FitzGerald wrote:
mrx wrote,
I am a little frightened that my web app will be owned and user
credentials exposed. ...
Keep that attitude when you are no longer a noob web-app developer
and the world
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/06/2011 16:05, n...@myproxylists.com wrote:
Primarily this is an advertisement.
I would guess that it is some anti-hack system for webmasters who haven't
a clue, a kind of auto-generating block list.
I'm a noob and I am just guessing.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Primarily this is an advertisement.
I would guess that it is some anti-hack system for webmasters who haven't a
clue, a kind of auto-generating block list.
I'm a noob and I am just guessing.
My member area is well protected. For a suitable fee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/12/2010 00:00, Dan Kaminsky wrote:
On Wed, Dec 22, 2010 at 3:47 PM, Dave Nett dave.n...@yahoo.com wrote:
http://marc.info/?l=openbsd-techm=129296046123471w=2
Long mail which just admit has backdoor, poor Theo.
(g) I believe that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 15/12/2010 11:34, Fabio Pietrosanti (naif) wrote:
On 15/12/10 12.24, Christian Sciberras wrote:
Which kind of trouble you refer to? It's nice to ear about understanding
and risks analysis on that stuff.
Libel, fraud, sharing of illegal
Tim
Thanks for your input
Dave.
On 08/12/10 11:12, mrx wrote:
Hi list,
Is anyone familiar with the firefox addon KeyScrambler? According to
developers this encrypts keystrokes.
Quote:
How KeyScrambler Works:
When you type on your keyboard, the keys travel along a path within
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/12/2010 13:40, Julien Reveret wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
Is anyone familiar with the firefox addon KeyScrambler? According to
developers this encrypts keystrokes.
What if the attacker uses a firefox
management.
This is where my skills bottom out. ASM is something I have not yet got my
head around.
I have a clue, but that's about all I do have... in time ;-)
Thanks for your advice and input
regards
Dave
On Thu, Dec 9, 2010 at 11:23 AM, mrx m...@propergander.org.uk wrote:
On 08/12/2010
, but that sure would be a good way to spread a
key logger!
Gary B
On 12/09/2010 07:25 AM, Christian Sciberras wrote:
Dave,
That's ok. Glad to have helped out :)
Cheers,
Chris.
On Thu, Dec 9, 2010 at 1:07 PM, mrx m...@propergander.org.uk
mailto:m...@propergander.org.uk wrote:
On 09/12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
Is anyone familiar with the firefox addon KeyScrambler? According to developers
this encrypts keystrokes.
Quote:
How KeyScrambler Works:
When you type on your keyboard, the keys travel along a path within the
operating system before it
kiddies only? I get the picture.
Thanks for your input Dan.
Regards
Dave
Sent from my iPhone
On Dec 8, 2010, at 3:12 AM, mrx m...@propergander.org.uk wrote:
Hi list,
Is anyone familiar with the firefox addon KeyScrambler? According to
developers this encrypts keystrokes.
Quote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/11/2010 15:03, Mikhail A. Utin wrote:
This my final reply.
For still interested:
- it happened on my home PC
- immediately disconnected (for a few interested people I can forward email
to taste this thing after receiving appropriate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/09/2010 20:51, Georgi Guninski wrote:
http://plus.maths.org/content/goumldel-and-limits-logic
Gödel and the limits of logic
Quote:
Another result that derives from Gödel's ideas is the demonstration that
no program that does not alter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/08/2010 01:17, Michal Zalewski wrote:
It seems that corporate America's purchasing of politicians (err, PAC
contributions) has been well worth the investment. Legislation is such
that victims and shareholders both suffer after a breach.
*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have been witnessing such attacks in the past few weeks. Most of the urls are
trying to exploit components of web software that I do not have
installed. Some do GET existing pages such as index.php and tag the attack on
the end. Such attacks began
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/06/2010 21:13, MustLive wrote:
Hello participants of Full-Disclosure!
For last two months I didn't post my articles to this list due to some not
serious moaning in April on some of my articles (you always can find my
articles at my site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I agree in principal, security does start with the user.
However, computers and connected computing devices with the advent of
locked down systems and cartoon like user interfaces, have become consumer
devices.
These devices no longer require any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What's more interesting is: hxxp://miano.us/misc/
Christian Sciberras wrote:
That was some ugly coding
On Sat, Apr 24, 2010 at 8:14 PM, information security
informationhacke...@gmail.com wrote:
Beware !!! before opening
is made from? Not to mention any other security mechanisms that may be employed.
I think there is a control potential here but only if the manufacturing tech is
precise enough.
mrx
T Biehn wrote:
So your proposition is that the passport manufacturers all use laser
beams on each passport
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
valdis.kletni...@vt.edu wrote:
On Fri, 19 Mar 2010 20:51:40 -, mrx said:
Consider a production line for printing anything that is used for access
control. Now providing there is absolutea consistency across every sample of
the
material
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Son of Ram wrote:
my life is totally ruined by police. Maybe a paid PI worked closely with a
cop (illegal) to pressure me and hope to get a criminal conviction to ruin my
life. Or perhaps it's because they wanted to get me to commit a crime so I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
valdis.kletni...@vt.edu wrote:
On Wed, 03 Mar 2010 15:33:59 +0100, Son of Ram said:
ZDNet and Cnet?
...
i can't think of a single thing of value that has came from layman websites
like that.
You do have to admit - when you see something
developed in commercial corporate environments the object of the exercise is
to get product out first regardless of the quality of the released code.
And only if a vulnerability is a threat to adoption of a product is that
vulnerability dealt with in a timely fashion.
regards
mrx
- --
Mankind's
vulnerabilities all the time. Quoted for truth.
your evolving novice
mrx
- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
on the page:
jQuery 1.2.6 - New Wave Javascript
drupal.js,v 1.41.2.4 2009/07/21
as well as google analytics stuff.
To my admittedly limited knowledge the site is benign
mrx
dramacrat wrote:
h, shall I click a tinyurl coming from a f-d poster?
n/n, pick one
this is email, not twitter
;-)
Hope this helps
regards
mrx
Vincent Chao wrote:
Thank you for your analysis. It really helps me.
And I also found the PDF report mail to us is in Chinese, in the website of
iiScan, however, to see the report of html or PDF format is English (of
course can change to Chinese).
-Original
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Thierry,
Thanks for the pointer...Done ;-)
regards mrx
Thierry Zoller wrote:
Hi mrx,
POST data is not included in apache logs perdefault, google about how
to configure apache as to log more details (verbose)
m -BEGIN PGP SIGNED
not been used.
regards mrx
snip
- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBS0X3
of the methods used. And I would never presume a site
to be safe even if the scan reported so.
This system did reveal 3 low level security risks I did not detect with Nikto
and Nessus.
However as I am a novice, this could have been a result of my lack of skill in
using these tools.
mrx
Michael Holstein
think Microsoft are creepy,
especially after discovering the phone home features in Win 7.
Google on the other hand are plain scary, thankfully unlike Microsoft they are
entirely altruistic.
mrx
- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
guess I am just paranoid.
mrx
ps I wish Thunderbird would default to the list when replying.
Dan Kaminsky wrote:
There's lots of things that phone home, but as long as they're opt-in
and explicitly documented, I don't have a problem with it per se.
Google can sure identify a heck of a lot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yet more codes:
3d5506fd3c7cd61anot used
b31a71097bb89399not used
f5d257a100c30269not used
928f14edc189bd46not used
e604a2eba8b6799bnot used
McGhee, Eddie wrote:
More invite codes
59961d6389a5dca9
. Hopefully the developers will address this language problem.
regards
mrx
- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I too would like an invitation code.
Thank you
regards
mrx
Guilherme Scombatti wrote:
Yes,
I want an invite code to test
On Tue, Jan 5, 2010 at 2:37 PM, McGhee, Eddie eddie.mcg...@ncr.com wrote:
Hi.
where can we receive a invite code
wrote:
Care to elaborate?
NSFW - http://encyclopediadramatica.com/The_game
Andy
Game over.
Good fortune in the new year, to all subscribers of Full Disclosure.
mrx
- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-BEGIN PGP SIGNATURE
person myself.
Isn't that what whores do... Sell holes?
:shrug:
Besides, when has arms dealing ever helped the innocent?
mrx
- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
snip
With all due respect, can we please not encourage:
kaibelf, Mr Appelbaum, GOBBLES, Jack Bauer, Gary McKinnon etc., etc.
regards mrx
- --
I am not an expert, I have much to learn, I make mistakes.
My words are just opinions which may or may
the fact.
Weasel words imho.
And Mr Holstein if this was the point you were trying to make, I accept it.
regards
mrx
dramacrat wrote:
Sorry, forgot to reply-to-all.
2009/11/20 dramacrat yirim...@gmail.com
They're ORs, unfortunately. The language is unclear but it seems to be one
only applies to those that are
caught if they are a criminal, and cannot be covered up if they are a
law enforcement officer.
regards
mrx.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBSvIoi7Ivn8UFHWSmAQKX
readers
MrX
Berend-Jan Wever wrote:
Adobe bulletin:
http://www.adobe.com/support/security/bulletins/apsb09-15.html
Short description and repro case:
http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/
Cheers,
SkyLined
http
of this after they read the email I sent them.
MrX
Rohit Patnaik wrote:
Has Foxit released an update for this?
--Rohit Patnaik
On Tue, Oct 13, 2009 at 6:40 PM, mrx m...@propergander.org.uk wrote:
It would appear that Foxit reader version 3.1.1.0928 is also
vulnerable to this memory
readers whilst offline.
MrX
Rohit Patnaik wrote:
Are there any available workarounds that would mitigate the threat? I
suppose I could just upload all my PDFs to Google Docs in the meantime, but
I'm looking for something that I could use while offline...
--Rohit Patnaik
On Tue, Oct 13
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I should have made it clear in my first response to this thread that
it is the Foxit Firefox plugin that is vulnerable and not the
standalone reader.
my bad
MrX
Rohit Patnaik wrote:
Ah, okay. I do that anyway, because I've had bad experiences
Steven Anders wrote:
Hi everyone,
I work as an engineer at an online company that sells online
subscription service for online tool. We accept orders online using
credit cards numbers and we use Authorize.net to process credit card
payments.
Our standard operating procedure for online
the sub.
For in that heap of death what streams may run?
When we have shuffled through this portal spoil
that which gave us cause: to show respect.
with apologies to Shakespeare
MrX
T Biehn wrote:
Should call yourself z3r0k3w1.
It would be 'krad elite.'
/obv. reference dropping.
-Travis
Rohit Patnaik wrote:
full-censors...@hushmail.com wrote:
On Fri, 11 Sep 2009 22:27:41 +0100 valdis.kletni...@vt.edu wrote:
On Fri, 11 Sep 2009 21:49:00 BST, you said:
would one not rather hire someone *not* well-known and *doesn't*
get owned?
*
*We have a code 4 on that 10-103m
regards
the real MrX
T Biehn wrote:
MrX,
Dude.
Just fake your own suicide. This old school trick will solicit the
feds to your locale if you're actually being watched.
Other advice?
I want voice recordings, jpegs, vlog posts, else it didn't happen
enough to
read/repond these postings after a bottle of Shiraz.
regards
the learner aka
MrX
ps I wish I didn't have so much to learn.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Thanks,
I noticed when I had problems accessing some network shares, shortly
after posting this.
Enjoy your beer
:-)
Your Clock's off
DOH! time for a beer
snip
___
Full-Disclosure - We believe in it.
Charter:
I am new to this list, I am new to IT security, I have so far
contributed very little if anything of actual value to this list.
I have gained much insight from the vast majority of posts here, I will
hopefully continue to do so.
There are some intelligent and wise persons contributing to this
Well if I was able to take down hackforums and mil0worm and intended to
do so, I certainly wouldn't brag about it on a full disclosure list and
warn my targets.
Just in case:
i) They believed the threat was real and took mitigating action.
ii) Backed up and mirrored the content so that they could
T Biehn wrote:
Mr X,
Isn't the gaining of expertise, in any field, a labor of love?
Going through the process without being spoon-fed usually carries with
it a certain amount of wisdom. So much potential talent is wasted
because of the ease of access to 'hacking tools and tutorials,' such
Travis,
Our conversation is now not really related to full disclosure, it is
more philosophy of information dissemination.
And I, much as I mentioned in my last post, I agree with your views on this.
I was pointing out that we all need a starting point and an occasional
guide through the abyss,
Yeah sure no problem,
But first we need your full name and address, your banks name and
address, your mothers maiden name, the names of your pets and all the
numbers from your credit card.
If you can post all those details to this mailing list we will be only
to pleased to help.
R0ut3r St4ck
Linval Thompson wrote:
On Tue, Jul 14, 2009 at 12:50 AM, opt opt optern...@gmail.com wrote:
On Mon, Jul 13, 2009 at 1:21 PM, mrxm...@propergander.org.uk wrote:
ii) One where there is no privacy and every action is logged tracked and
traced by governments.(And we all know that
Impact: Systems access
Where:From remote
Status:Unpatched
http://secunia.com/advisories/35798/
No CVE references
*Description*:
SBerry has discovered a vulnerability in Mozilla Firefox, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is
wouldn't?
btw I am a noob to IT security and this list(my first post), however I
don't expect mercy should anyone rip holes in my observations.
PS long live the English language...
regards
Acr0nym.
aka MrX
aka dozens of other nyms for security by obscurity does have it's place.
anti...@hushmail.com
62 matches
Mail list logo