Re: [Full-disclosure] [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability

2006-11-13 Thread Nick Boyce
attacker could also entice a user to open a specially crafted web page, document or X client that will trigger the buffer overflow. um ... doesn't that make it a *remote* privilege escalation ? Cheers, Nick Boyce -- The reason why worry kills more people than work is that more people worry than

Re: [Full-disclosure] PDF mailto exploit in the wild

2007-10-23 Thread Nick Boyce
of that little registry entry ? Cheers, Nick Boyce -- The system is repaired when ordinary greed takes over from extraordinary fear - and that's what we're working towards. Prof Larry Summers, US Treasury Secretary 1999-2001, commenting on the Northern Rock banking crisis on BBC Newsnight

Re: [Full-disclosure] PDF mailto exploit in the wild

2007-10-23 Thread Nick Boyce
On 10/23/07, Gregory Boyce [EMAIL PROTECTED] wrote: On Tue, 23 Oct 2007, Nick Boyce wrote: # To Disable mailto (recommended) Modify tSchemePerms by setting the mailto: value to 3: version:1|shell:3|hcp:3|ms-help:3|ms-its:3| ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet

[Full-disclosure] Re: Microsoft confirmed Word 0-day vulnerability

2006-09-08 Thread Nick Boyce
for most folks. Cheers, Nick Boyce -- The person who says it cannot be done should not interrupt the person who is doing it. -- Chinese Proverb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

Re: [Full-disclosure] Linux Kernel CIFS Vulnerability

2009-04-09 Thread Nick Boyce
distributions' kernel upgrade notice to this and other security lists.  E.g. (to randomly pick an advisory): http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0060.html Um .. I don't see the word CIFS anywhere in that bulletin. Nick Boyce -- Leave the Olympics in Greece, where

Re: [Full-disclosure] How to disable Java Deployment Toolkit

2010-04-16 Thread Nick Boyce
On Wed, Apr 14, 2010 at 11:15 AM, Kristof Zelechovski giecr...@stegny.2a.pl wrote: Regarding the Java Deployment Toolkit vulnerability: On Windows XP and later: open the Local Security Settings console and create a prohibition rule for the path  %HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Web

Re: [Full-disclosure] looking for Network Trafic Monitoring software

2011-02-27 Thread Nick Boyce
On Sat, Feb 26, 2011 at 7:17 AM, Gopi Nath gopinath...@gmail.com wrote: I want to check the traffic.  Because recently many times some systems were throughing more trafic.  It was difficult for me to check each and every system mannulaly .  Is there any tool which i can use to monitor the 

Re: [Full-disclosure] Cisco Linksys WRT54G XSS Vulnerability

2011-04-29 Thread Nick Boyce
On Thu, Apr 28, 2011 at 5:12 PM, Justin Klein Keane jus...@madirish.net wrote: Systems affected: - - Cisco Linksys Wireless G Boradband Router WRT54G with firmware version 4.21.1 was tested and found to be vulnerable. FWIW, exact same weakness confirmed in Linksys AG241v1

Re: [Full-disclosure] Lastpass Security Issue

2011-05-05 Thread Nick Boyce
On Thu, May 5, 2011 at 9:09 PM, Benji m...@b3nji.com wrote: They've said nothing about what they're going to do to the server with said anomaly. Wouldnt be happy until a full reinstall. From http://blog.lastpass.com/2011/05/lastpass-security-notification.html : We're rebuilding the boxes in

Re: [Full-disclosure] WTF

2011-05-06 Thread Nick Boyce
On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.com wrote: WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms Same here ... this time on

Re: [Full-disclosure] Is FD no longer unmoderated?

2011-12-01 Thread Nick Boyce
that seems to show up here from time to time] Cheers Nick Boyce -- Leave the Olympics in Greece, where they belong. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

Re: [Full-disclosure] Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla

2012-02-09 Thread Nick Boyce
On Wed, Feb 8, 2012 at 9:12 PM, . . kerdezd...@gmail.com wrote: https://bugzilla.mozilla.org/show_bug.cgi?id=718066 what the hell is this?! I'll bite ... (I know your question was rhetorical) It's a very bad idea IMO. From TFA: (https://wiki.mozilla.org/MetricsDataPing) Mozilla has a

Re: [Full-disclosure] Trustwave and Mozilla

2012-02-13 Thread Nick Boyce
On Sun, Feb 12, 2012 at 10:54 AM, Jeffrey Walton noloa...@gmail.com wrote: https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 In case folks are interested in the following Mozilla's response to active MitM attacks that were facilitated by

Re: [Full-disclosure] Trustwave and Mozilla

2012-02-13 Thread Nick Boyce
On Mon, Feb 13, 2012 at 4:18 PM, Nick Boyce nick.bo...@gmail.com wrote: http://www.mozilla.org/projects/security/certs/included/ Be advised: the above page appears to be some kind of .. [recoils in horror] .. XML which doesn't render properly on WinXP, but renders fine on Debian Linux

Re: [Full-disclosure] Adobe Flash UpdateInstalls Other Warez without Consent

2012-09-18 Thread Nick Boyce
On Mon, Sep 17, 2012 at 6:39 PM, Christian Sciberras uuf6...@gmail.com wrote: On Thu, Sep 6, 2012 at 2:09 PM, Jeffrey Walton noloa...@gmail.com wrote: [snip] Adobe now includes additional warez in their updates without consent. The warez includes a browser and tools bar. The attached image

Re: [Full-disclosure] Foxit Reader suffers from Division By Zero

2012-09-29 Thread Nick Boyce
version many people are comfortable with); with this version I get a dialog box stating format error: not a PDF or corrupted, and no crash. This is also on XP Pro SP3. Another reason to be disappointed with Foxit Reader V5 :) Cheers Nick Boyce -- You are in a maze of twisty little relative jumps

Re: [Full-disclosure] Your account could be at risk of state-sponsored attacks

2012-10-05 Thread Nick Boyce
On Fri, Oct 5, 2012 at 8:04 AM, Aftermath aftermath.thegr...@gmail.com wrote: In the last two weeks some of my cyber friends have been getting this message in their gmail. http://support.google.com/mail/bin/answer.py?hl=enctx=mailanswer=2591015 [...] Has anyone else gotten this message from

Re: [Full-disclosure] OT Google raises sploit bounties

2012-11-26 Thread Nick Boyce
On Sat, Nov 24, 2012 at 3:28 PM, Georgi Guninski gunin...@guninski.com wrote: http://www.theregister.co.uk/2012/11/23/mystery_chrome_0_day/ ... but that was before Google began offering up to $60,000 in bug bounties [...] Did I miss a major malware related to their warez? Or are they just

Re: [Full-disclosure] How to lock up a VirtualBox host machine with a guest using tracepath over virtio-net network interface

2013-06-26 Thread Nick Boyce
to be the same day you reported the problem here after getting apparently zero response from Oracle Support for 8 days. Maybe they just silently fixed the bug during those 8 days - in which case they should have had the manners to let you know. Cheers Nick Boyce -- I can't watch TV longer than five