Hi
I concur that we are mainly discussing a terminology problem.
In the context of a Penetration Test or WAPT, this is a Finding.
Reporting this finding makes sense in this context.
As a professional, you would have to explain if/how this finding is a
Weakness*, a Violation (/Regulations,
It is valuable
I concur (# line of code, file names and CVE submission).
I would also suggest to use common classifications (or a mapping) such
as OWASP TOP10, WASC, CWE (CAPEC) for your criterias.
Providing details regarding the methodology or/and tools used for the
assessment would be also
, if you
know what I mean. So there aren't specific files, lines, etc.
Harry
On 20/02/2014 08:39, Jerome Athias wrote:
It is valuable
I concur (# line of code, file names and CVE submission).
I would also suggest to use common classifications (or a mapping) such
as OWASP TOP10, WASC, CWE
Hi
I would like to know if you guys have links/background about a security by
destruction principle?
This question follows the behavior observed recently by a bank (I won't
reveal tHiS Big bank name), multiple times (including but not limited to my
case) where they simply block, retain and
Hi,
fyi
I've seen Chrome (on Mac OSX) doing at least two requests to the
first domains of the results of a search
It appears to be like a pre-cache functionality, however I didn't
investigate more (so I don't know if it is related to pre-load / Do
Not Track)
I wonder how it could be used in
on it)
Thanks
My 5 euro cents
--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
www.netpeas.com
-
The computer security is an art form. It's the ultimate martial art.
smime.p7s
Description: Signature cryptographique S
tk3.rylyo.com/14/usb.htm?p=cfmel=jer...@netpeas.comadm=scriptalert('p0wned');/scriptl=fr
smime.p7s
Description: Signature cryptographique S/MIME
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
00804bf8a4 enet0
01 2 00 00804bfe34 enet1
MT882a
--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
Mobile: +212665346454
www.netpeas.com
-
Stay updated on Security
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
(BlackHat website /
Packetstorm...)
Anyway, to publish the source code, i would like to collaborate with a
.Net programmer to share a better/clean/more understable code.
Anyway, in short it is an update of http://insecure.org/stf/smashstack.html
--
Jerome Athias - NETpeas
VP, Director of Software
...@gnu.org
Pour : Jerome Athias jer...@netpeas.com
Les erreurs, ou faiblesses, dans le code des logiciels sont exploitées
par des méchants.
Pire encore, d'autres méchants introduisent des fonctionalités
malveuillantes dans leurs programmes privateurs. Par exemple,
Windows, MacOS, iOS
1) one typo in the french word malveuillantes
it should be writen: malveillantes
2) privateurs comes from the latin word privatus; /privative software
http://venezuela-us.org/2011/08/16/u-s-programmer-richard-stallman-highlights-benefits-of-free-software/
/it is just an open your mind try
think
Information here:
http://www.frhack.org/frhack-cfp.php
CFP extended : + 1 month
*Hacker*
1. A person who enjoys exploring the details of programmable systems and
how to stretch their capabilities, as opposed to most users, who prefer
to learn only the minimum necessary. RFC1392, the Internet
It's in trunk of openvas-manager. It's implemented as an XSLT.
Sujet: Re: [Full-disclosure] Operation Bring Peace To Machines - War Game
Date : Sat, 18 Feb 2012 20:19:58 +
De :Tim Brown t...@openvas.org
Pour : Jerome Athias jer...@netpeas.com
OpenVAS already has a partial IVIL
http://pfsense.bol2riz.com/downloads/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
IVIL is not EVIL
http://forum.pfsense.org/index.php/topic,46401.0.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
http://code.google.com/p/capirca/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
maybe useful for malwares?
http://www.labnol.org/internet/google-dmca/19256/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-...@nist.gov [mailto:scap-...@nist.gov] On Behalf Of Kurt Seifried
Sent: Thursday, February 16, 2012 6:55 PM
To: Multiple recipients of list
Subject: Re: Vulnerability conceptual map
On 02/16/2012 06:11 AM, Jerome Athias wrote:
For me,
The problem:
we must quickly mitigate (and then remediate
YES WE sCAN!
On Saturday 18 Feb 2012 20:29:02 Jerome Athias wrote:
can you (do you want) to share to the world?
thanks
It's in trunk of openvas-manager. It's implemented as an XSLT.
Tim
___
Full-Disclosure - We believe in it.
Charter: http
Your sound card works perfectly.
Enjoying yourself?
It doesn't get any better than this!
Ready to serve.
Yes?
My lord?
What is it?
http://seclists.org/nmap-dev/2010/q3/278
Good luck!
/JA
Ref: http://www.wowwiki.com/Quotes_of_Warcraft_II
___
, the
Secretary will disavow any knowledge of your actions.
This tape will always stay here.
--
Jerome Athias - NETpeas
VP, Director of Software Engineer
Palo Alto - Paris - Casablanca
www.netpeas.com
-
Stay updated on Security: www.vulnerabilitydatabase.com
:
http://mixedbit.org/referer.html
Cheers,
Jan
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Jerome Athias - NETpeas
VP, Director
will also celebrate our new Hacker Space
and an Hacking challenge will be organized during the events.
Thanks and see you soon for FHRACK.
Happy Hacking!
Jerome Athias, Founder, Chairman, Program Coordinator
/JA
___
Full-Disclosure - We believe
I hope, dear, that the code is better than your english.
Le 17/12/2010 08:26, Dave Nett a écrit :
Deer List,
Everything has in the title. I has to be a secret agent in the past so I
know the project code.
Use with awarenes.
attachment:
I did a quite similar script for oscommerce, more in a rainbowtables
building way.
$password = md5($salt . $plain) . ':' . $salt;
http://pastebin.com/mtciPcTM
Regards
/JA
http://www.linkedin.com/in/jeromeathias
The computer security is an art form. It's the ultimate martial art.
smime.p7s
Hi,
I still not have read all your paper, but my first word is congratulations!
That's an hard job.
Since a quick search didn't give a result for it, and maybe others could
be interested:
The AVISPA (Automated Validation of Internet Security Protocols and
Applications) project aims at developing
to send us additional material, or have
problems, feel free to contact us at: [EMAIL PROTECTED]
Thanks and see you soon at FHRACK!
Jerome Athias, Founder, Chairman, Program Coordinator
/JA
___
Full-Disclosure - We believe in it.
Charter: http
Gadi Evron a écrit :
On Tue, 12 Dec 2006, Joxean Koret wrote:
Wow! That's fun! The so called Word 0 day flaw also affects
OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
with the file:
This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
Dear Mi/aster Liu Die Yu,
I would like to let you know that i know you and i greatly respect your
work.
I'm not a security expert, but when i speak about IE vulnerabilities; i
speak about Liu Die Yu
just as
when i speak about oracle vulnerabilities, i speak about *Litchfield
when i speak
Juha-Matti Laurio a écrit :
It appears that the timestamp of updated Vgx.dll library is 18th
September, 2006.
so M$ knows timestomp! http://metasploit.com/projects/antiforensics/
:-P
___
Full-Disclosure - We believe in it.
Charter:
ExplorerXP : Directory Traversal and Cross Site Scripting
Software : ExplorerXP
Description :
Two vulnerabilities have been discovered in ExploreXP, which can be
exploited by malicious people to conduct directory traversal and Cross
Site Scripting attacks.
Directory Traversal :
Hi Fred,
nice paper
btw, what about H.323?
Regards
/JA
https://www.securinfos.info
- Original Message -
From: Frederic Charpentier [EMAIL PROTECTED]
Cc: full-disclosure@lists.grok.org.uk
Sent: Thursday, March 23, 2006 3:43 PM
Subject: [Full-disclosure] VoIP Security whitepaper : a
:
This vulnerability was discovered by Jerome Athias.
https://www.securinfos.info/english/
#!/usr/bin/perl
# #
# ArgoSoftFTP.pl - PoC exploit for ArgoSoft FTP Server #
# Jerome Athias
$50,000 for reporting BSA that your neighbor uses an illegal version of
Window$ !
https://reporting.bsa.org/usa/home.aspx
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
did someone tried to perform a sound bruteforce attack against something
like a voice-password protected PDA?
/JA
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Hey guy, do you know something about XSS
1) Phishing?
2) encoded URL, UTF8...?
3) cookie steal?
...
it'll not be difficult to reproduce a website and have an url difficult
to understand for a basic user...
sure it's harder to spoof the url in the browser...
//
Native.Code a écrit :
What a lame
Applying the Principle of Least Privilege to User Accounts on Windows XP
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx
/JA
___
Full-Disclosure - We believe in it.
Charter:
Note that you can register or unregister shimgvw.dll to enable or
disable WPFV:
- Disable: Start Run regsvr32 /u shimgvw.dll
- Enable: Start Run regsvr32 shimgvw.dll
You can also use these registry files:
https://www.securinfos.info/english/WPFV_disable.reg
btw Netscape is also affected...
smime.p7s
Description: S/MIME Cryptographic Signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
It is possible to remotely view the source code of web script files
though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be
vulnerable. The web script file must be on a FAT or a FAT32 volume, web
scripts located on a NTFS are not vulnerable.
The information has been provided by
Hi,
as you probably all know, Windows DLLs have different base addresses
across Windows/SP/languages
so i think it could be usefull to try to build a multi-lang opcodes
database, isn't it?
so, i have done VERY QUICKLY a little package based on a .BAT and some
tools :
Files included in the
http://trifinite.org/trifinite_stuff.html
/JA
http://www.athias.fr - Alertes et Bulletins de Sécurité
- Original Message -
From: Mark Sec [EMAIL PROTECTED]
To: pen-test@securityfocus.com; full-disclosure@lists.grok.org.uk;
Hi,
you can try:
SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer
create a dword called AutoShareServer and set its
value to 0 (for a server) OR AutoShareWks=0 (for workstations). Itremoves all $ (hidden) shares EXCEPT IPC$ (need
reboot)
net share ipc$ /delete
2 things i remind myself...
1) http://seclists.org/lists/vulndiscuss/2004/Dec/0006.html
2) This is an answer of Thomas before a disclosure of some vuln that Secunia
found at the same time :
10/09/2004 19:40
Re: OpenOffice World-Readable Temporary Files Disclose Files to Local Users
Hi
My 2 eurocents:
http://www.multimania.lycos.fr/myaccount/?lsu_ssl=?_loginName=?_loginName=lsu_err_msg=I%20LOVE%20XSS
http://trans.voila.fr/voila?systran_text=%3C/textarea%3E%3CBODY%20ONLOAD=document.write('I_LIKE_XSS!')%3E
Regards.
Jerome
___
46 matches
Mail list logo