-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Race condition != Memory corruption...
(and therefore ASLR has NOTHING to do with it...)
http://i.imgur.com/l1l3o.gif = me after reading this.
On 10/25/2011 06:56 PM, xD 0x41 wrote:
ln actually succeeds, but created /tmp/foo/foo instead. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Well that sounds like a personal problem to me. It's a good read, very
interesting stuff and definitely worth taking a look at.
Ryan
On 07/09/2011 09:51 AM, n...@myproxylists.com wrote:
I'm flooded with requests for a POC and many doubt that
Hey all,
Early this morning the folks over at LastPass decided to issue a warning about
a potential security issue based on the fact that they detected some anomalies
in their logs.
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
Basically the post outlines the fact that
Yeah, I second that.
Where do you draw the line if you do start making up rules like that? What
about a vulnerability like path-disclosure or insufficient anti-automation?
Granted they're not huge bugs, but they ARE bugs.
There's crap I don't want to read on this list, but that's a decision
Hey guys,
It was recently discovered (NOT by myself) that the ISC dhclient was vulnerable
to certain shell metacharacters in the hostname parameter specified by *any*
DHCP server, causing it to potentially run arbitrary commands as root. I
haven't seen anything else on it here, so I figured
Seriously. I gotta say I feel like people at Cenzic (and Mcafee for that
matter), if anyone should understand that a XSS should really only be construed
a 'criminal act' if it's indeed used to attack someone. If a group is taking
the time out of their day to find and disclose issues to Mcafee,
don't see any terms of use for
using their website anywhere.
This is all just my opinion though, and sorry for the long message!
Ryan
- Original Message -
From: Thor (Hammer of God) t...@hammerofgod.com
To: Ryan Sears rdse...@mtu.edu, noloa...@gmail.com
Cc: full-disclosure full-disclosure
: Jeffrey Walton noloa...@gmail.com
To: Thor (Hammer of God) t...@hammerofgod.com
Cc: Ryan Sears rdse...@mtu.edu, full-disclosure
full-disclosure@lists.grok.org.uk
Sent: Wednesday, March 30, 2011 5:28:59 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Vulnerabilities in *McAfee.com
the same thing (statically
compiled for more portability) it's going to be better off.
I like the concept and the idea though, as it provides some good flexibility if
the target won't notice a perl script getting run, but notices arbitrary
executables or something of the sort.
Ryan Sears
Hrm
Could this have something to do with this = http://pastebin.com/rD8hwpxT ? :-P
As far as 'magic secrets' go, either disclose something or don't. Then move on,
personally I think posting cryptic messages to a public forum like this is a
bit dumb. If you're trying to say something, just
-source I did not try it out. Just
too many red flags for me.
Just my 2 cents.
Ryan Sears
- Original Message -
From: Mario Vilas mvi...@gmail.com
To: Quentin Ducas quentin@gmail.com
Cc: full-disclosure@lists.grok.org.uk
Sent: Tuesday, March 8, 2011 6:55:38 PM GMT -05:00 US/Canada Eastern
...and for those of you who didn't get the opportunity to read it before they
took it down, here's a mirror:
http://i.imgur.com/0Yxgg.jpg
Apparently goatse security weren't the only ones out for 'max lols' :-P
- Original Message -
From: Andrew Kirch trel...@trelane.net
To: Full
I like that response! If you need more hosting, I will be happy to mirror it on
my website (perhaps even for the longevity of my site) as well.
I'm curious to play with it as well, and that has been the only thing
preventing me to do so. :)
Ryan Sears
- Original Message -
From
).
Next think about the kind of stuff Microsoft and OSX has potentially built into
the low-level windows kernel. They don't even really need to be subtle if their
pockets are deep enough. Scary. :-/
::takes off tin-foil hat::
Ryan Sears
- Original Message -
From: Paul Schmehl pschmehl_li
thing 5 times.
/rant
Ryan Sears
- Original Message -
From: dan j rosenberg dan.j.rosenb...@gmail.com
To: Cal Leeming [Simplicity Media Ltd]
cal.leem...@simplicitymedialtd.co.uk,
full-disclosure-boun...@lists.grok.org.uk, Ariel Biener ar...@post.tau.ac.il
Cc: leandro lista leandro_li
Yep, just tested it in an Ubuntu 10.10 sandbox I have (running kernel
2.6.35-22-generic). Works as expected.
Great job Dan. You're full of win!
Regards,
Ryan Sears
- Original Message -
From: Cal Leeming [Simplicity Media Ltd]
cal.leem...@simplicitymedialtd.co.uk
To: Dan Rosenberg
, not
I. I KNOW that I'm not the best at *anything* by any means, but I am learning
every single day about stuff I don't know, and the cutting-edge of security
technologies. You refuse to learn though, then expect to be right about
everything.
THAT'S why I'm pissed off.
Ryan Sears
. Welcome to Windows. That happens quite often.
Ryan Sears
- Original Message -
From: Thor (Hammer of God) t...@hammerofgod.com
To: Mikhail A. Utin mu...@commonwealthcare.org
Cc: full-disclosure@lists.grok.org.uk
Sent: Monday, November 22, 2010 4:52:07 PM GMT -05:00 US/Canada Eastern
Subject: Re
Well that's not really a useful response. He asked a simple question (the first
one that popped into my head as well).
Basically it comes down to this: THC's Hydra already does all that stuff, and
they've been doing it for years and years. How does your tool fit in with it?
It sounds like you
Yeah I definitely have to go with silky on this one.
Maybe if you elaborate on your point? I'm not sure I entirely grasp what you're
trying to say, because if I am, then you share relatively the same view as the
dev that's causing this problem. You can argue that any security measure
doesn't
To: Ryan Sears rdse...@mtu.edu
Cc: michaelsli...@gmail.com, full-disclosure@lists.grok.org.uk, Mutiny
mut...@kevinbeardsucks.com
Sent: Thursday, October 14, 2010 3:32:10 AM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Filezilla's silent caching of user's credentials
My point is, if you
Ok. Granted I'm not talking about a 0-day in OpenSSH here, but this IS a real
issue affecting REAL people.
I'm not really sure *who* you're trying to take a jab with point 7 and beyond,
but I know at least part of it is towards me.
Filezilla's behavior is *wrong* and what I was doing was
they'll understand the
importance of the issue.
On Fri, Oct 8, 2010 at 11:28 AM, Shirish Padalkar
shirish.padal...@tcs.com wrote:
http://www.google.com/#sclient=psyhl=ensite=source=hpq=inurl:recentservers.xmloq=inurl:recentservers.xml
:)
From:
Ryan Sears rdse...@mtu.edu
backing and explanation from the security community as to why this is a
problem, this issue may finally be resolved (it's been doing this for years
now).
Regards,
Ryan Sears
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk
to get them, but this works:
for i in `curl http://www.jailbreakme.com/%00/ | cut -d '=' -f 3 | grep pdf |
cut -b 2- | cut -d '' -f1`; do wget -nv http://www.jailbreakme.com/%00/$i; done
Ryan Sears
- Original Message -
From: Pablo Ximenes pa...@ximen.es
To: Marcello Barnaba (void) v
25 matches
Mail list logo
