Microsoft commandline tools BOF s
Product:Windows-2000 SP4 / Windows-XP SP2
Vulnerablities:
- Buffer Overflow (no privilege escalation)
Vendor: Microsoft (http://www.microsoft.com/)
Danny wrote:
The Secret Service, or any other government enforcement agency would
not condone, promote, or participate in website defacement
activities.
I know some of you have little faith in these agencies, but,
one thing
is for sure, they would never stoop this low.
Insecure replied:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 594-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 17th, 2004
Rob klein Gunnewiek wrote:
Not completely so. Issuing the command using the client causes that
the wildcards are sent to the server where globbing is handled..
there's also where the error occurs. When you mount it first and you
do the 'ls' command, your local BASH (not 'ls') handles the globbing
List,
I'm an expert in nothing so when I saw this I had to ask, as Im sure theres
someone out there that is a WiFi expert.
Google has found no answer so here goes.
Last night we saw a new access point appear. No problems its an ad-hoc
network so its someone's machine with XP on configured for
[EMAIL PROTECTED] wrote on 11/16/2004
01:22:25 PM:
On Tue, 16 Nov 2004 16:58:46 +, n3td3v [EMAIL PROTECTED]
wrote:
The site which was hosting services, like bombs, fake ID and
other
terrorist stuff is now showing a defacement or replacement page
showing words from the intelligence
It's just getting ridicules not to mention what it cost all of us in the
end. And might I add doesn't make since. I mean, they spam selling something
with no real contact but a spoofed one or real website to reach (most of
the time). I placed an web appliance at my work place and catch an average
In my opinion, I believe this list should be moderated for about a month
or so. Just to weed the bullsh*t off.
J
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason
Sent: Tuesday, November 16, 2004 10:20 PM
To: Eric Scher
Cc: [EMAIL PROTECTED]; [EMAIL
On Tue, 16 Nov 2004, Jason Coombs wrote:
If the devices create phantoms by design, why would they not also obey
commands to display arbitrary replacement images when some
non-TEMPEST-hardened component is blasted with RF from within the x-ray
scanning chamber?
A few years ago I met someone
I sent this to n3td3v yesterday. Why look into the news..just go to the
DOJ website...st8r to the fish's mouth.
Indictment for hundreds of credit cards, UK passports, state licenses,
school IDs, bank accounts...etc..
-Original Message-
From: Todd Towles
Sent: Tuesday, November 16,
Then sign up for the ones that are moderated by other folks..
there are at least 3 copies of this list in moderated form.
-KF
Esler, Joel - Contractor wrote:
In my opinion, I believe this list should be moderated for about a month
or so. Just to weed the bullsh*t off.
J
-Original Message-
On Wed, 17 Nov 2004 04:23:52 -0600, Curt Purdy [EMAIL PROTECTED] wrote:
Danny wrote:
The Secret Service, or any other government enforcement agency would
not condone, promote, or participate in website defacement
activities.
I know some of you have little faith in these agencies, but,
===
Ubuntu Security Notice USN-26-1 November 17, 2004
bogofilter vulnerability
CAN-2004-1007
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty
-BEGIN PGP SIGNED MESSAGE-
__
SUSE Security Announcement
Package:xshared, XFree86-libs, xorg-x11-libs
Announcement-ID:SUSE-SA:2004:041
fake ap
http://bsdvault.net/bsdfap.txt
http://www.blackalchemy.to/project/fakeap/
-KF
[EMAIL PROTECTED] wrote:
List,
I'm an expert in nothing so when I saw this I had to ask, as Im sure theres
someone out there that is a WiFi expert.
Google has found no answer so here goes.
Last night we saw a
A volunteer? ;-)
-Original Message-
From: Esler, Joel - Contractor [EMAIL PROTECTED]
Date: Wed, 17 Nov 2004 09:05:46
To:Jason [EMAIL PROTECTED], Eric Scher [EMAIL PROTECTED]
Cc:[EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] You have sent the attached unsolicited
Hey, I just heard of a really cool new technology called mail-filters!
It works like this:
1) You set up a rule to filter out everything you don't want to read (for
instance where the topic contains election fraud).
2) Go make some coffee, smoke a cigarette, code an exploit, whatever you want
Nicely done Skylined.
Hey Jason,
If you don't like FD... Might want to get on BugTraq..for your
super-clean delayed news.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Berend-Jan Wever
Sent: Wednesday, November 17, 2004 8:59 AM
To: [EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: gd
Advisory ID:
ClickandBuild: http://apply.clickandbuild.com/
Online eCommerce platform.
Vulnerability
The vulnerability lies in the listPos variable in the script running
at cashncarrion.co.uk.
It does not properly secure user inputted variables, presumably as the
user is not supposed to input the variable but
As far as handheld devices to aid you in your quest go, there are
several options. If you've got a Pocket PC around you can try
ministumbler, which is basically the Pocket PC version of netstumbler.
It's free and would probably do most of what you want. If you want more
and you're willing
On Wed, 17 Nov 2004 09:26:12 -0600, Todd Towles
[EMAIL PROTECTED] wrote:
I sent this to n3td3v yesterday. Why look into the news..just go to the
DOJ website...st8r to the fish's mouth.
Indictment for hundreds of credit cards, UK passports, state licenses,
school IDs, bank accounts...etc..
I'm not 100% on this, as it could be something I've never heard of (of
course). However, it sounds a lot like someone is playing with
FakeAP:
- http://www.blackalchemy.to/project/fakeap/
It's not real difficult to setup and only requires a Prisim chipset
card (one or more) and a compatible Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Linux 2.x smbfs multiple remote vulnerabilities
Release Date: 2004/11/17
Last Modified: 2004/11/17
It's agendas like that, that segregate the information and keep it locked up
in secret files that only the 3l33t you speak of have access too. A
substantial technological selling point for the current governmental
administration recently placed in office. I am not disputing your
professional
===
Ubuntu Security Notice USN-28-1 November 17, 2004
sudo vulnerability
http://www.sudo.ws/sudo/alerts/bash_functions.html
===
A security issue affects the following Ubuntu
I recently spoke with some MS Security Execs and I know they wouldn't argue
with this point. They know they have to improve and are working hard to do
so. It would have been nice had they started this work 10 years or more ago
but thankfully they have started now.
Someone asked me to describe
I am reading between the lines here...
TSA improperly identified a weapon in a fliers bag. Instead of taking
responsibility for the accident/misidentification, TSA is blaming it on
the equipment. Yeah. What he said.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Could also be RF interference. One of my coworkers tracked down a
particularly interesting problem with motion sensor lights. Turns out
the motion sensors worked at the 240mhz range, which has resonance at
2.4ghz, or something like that. Hence every time the motion sensor
worked, it would spew
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandrakelinux Security Update Advisory
___
Package name: apache2
Advisory ID:
On Wed, 17 Nov 2004, n3td3v wrote:
...
If I was in gov, I would shut a site down that looks remotely
hax0rish, even if they've done nothing wrong. All these crews and
hacker groups, fk them all. The net needs zero tollerence with online
crime. Govs should have the authority to
Well MS isn't about to produce code to configure MAC's and other OSs,
wouldn't you say that makes sense? They certainly aren't the experts in
writing code for controlling those platforms and I don't see why they would
want to.
On the flip side there are other companies doing so. Take a look at
this stuff is totally real to the max. my cousin's former roomate's
neighbor's uncle jessie once worked for the secret service and he told me
it's completely standard protocol to have the mission impossible theme in
the background. also the strike tag is used exclusively by the secret
service.
-Original Message-
From: Jason Coombs [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 16, 2004 12:09 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Airport x-ray software creating images of phantom weapons?
My flight into Midway airport, Chicago, just sat on the
A very good point indeed Mark; one that shouldn't be dismissed even
WITH common SSIDs. Other technology clashing with WiFi certainly isn't
new... in fact it getting worse!
Besides motion sensors, also look for wireless phones, security
systems (like ADT's window/door systems - they use wireless
| REXOTEC(dot)COM ###
|
|=-=[ ADV RX171104 - Cscope :: Race condition on temporary file ]-=|
|
|
|=---[ - INFORMATION
`--|
VulnDiscovery: 2003/05/21
On Wed, 17 Nov 2004 10:21:01 -0800, josh abbott [EMAIL PROTECTED] wrote:
this stuff is totally real to the max. my cousin's former roomate's
neighbor's uncle jessie once worked for the secret service and he told me
it's completely standard protocol to have the mission impossible theme in
the
On Wed, 17 Nov 2004 11:41:20 -0600, Todd Towles
[EMAIL PROTECTED] wrote:
Well, it is given that posting to FD does give a site exposure (good and
bad). But I wouldn't say that FD was the cause of it..it was the illegal
activity that was the cause of it. We all know SCC does some underground
On Mon, 15 Nov 2004 13:46:37 CST, Frank Knobbe said:
Which leads to the question, which is a safe graphics file format? BMP
perhaps?
Nope - the incredible compression of .BMP files allows its use to DoS
the mail server. :)
pgpbsc2Iv5LYR.pgp
Description: PGP signature
On Mon, 15 Nov 2004 22:32:21 +0100, Florian Streck said:
Wasn't the reason for the Electors that at that time it was not
practicable to make a direct election due to the great distances in
America?
No, the concern was that people out in the boonies might be ignorant
hicks who would vote for a
Guys,
For your pleasure:
http://www.materiel.be/n/7685/Des-fichiers-pirates-dans-XP.php
I know, it is in French, but here is my translation, it deserves to be known.
Digging into Windows XP Operating Systems, the journalists of PC Welt
discovered the following text at the end of the files
On Wed, 17 Nov 2004 13:29:19 -0700 (MST), Bruce Ediger
[EMAIL PROTECTED] wrote:
Unfortunately, the US Government operates under the auspices of a small
document called The Constitution, and a little concept called Common Law.
Now, I know that you trendy kids call things like that quaint (I
On Mon, 29 Nov 2004 05:31:14 EST, KF_lists said:
Professional responses like that *really* make me wanna go
out and pay for Eudora.
OK. So make a difference. How much *more* are you willing to pay
for Eudora to make security a higher priority?
Yes, we security geeks all have a
I have no problem with this list. I use a tool to passively filter this
list the same that I do for the spam problem that has taken over planet
earth
In your email client there is a button that will take care of this for you.
Look for something in the respects of DELETE
Anyone who can not
--On Wednesday, November 17, 2004 12:13:52 AM +0100 Christian
[EMAIL PROTECTED] wrote:
hm, i still don't get it: the daemon has to answer to dir too, doesn't
he? the sole reason that ls is a unix utility does not make sense in
this context. ls and dir are not vulnerable here, sure, but this
still
If you want to do Kismet, get a Sharp Zaurus handheld and install
OpenZaurus. Been running Dsniff, Kismet and Nmap on my handheld.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave King
Sent: Wednesday, November 17, 2004 10:52 AM
To: [EMAIL
On Wed, 17 Nov 2004 17:49:12 -0600, Paul Schmehl wrote
When you do an ls, you are making a call that the *os* has
to respond to. The os is *not* vulnerable, so it (properly)
rejects the request as malformed.
i think i get it now. as someone else explained is wildcard expansion
also an issue
Hey, cool paper. Speaking of phrack, if in the future you have an
article you think is print-worthy but is rejected by most zines, try
sending it to Binary Revolution [EMAIL PROTECTED]. Although they're
newer and have had some delays in getting new issues out, they're
starting to re-focus on
So are you saying you truly believe IE to be an integral part of the OS that
without it the OS would not be useable or would fail entirely and believe MS
implicitly or are you just trying to be a sassy PITA?
--
Pro-Choice
Let me choose if I even want a browser loaded thanks!
-Original
I would rather not get too deep into this. But I think you are mixing the
ideas of good code with good documentation or possibly with good hard design
specs.
In any project there are going to be things that aren't specifically
specified in the design that some other module could possibly take
On Tue, 16 Nov 2004 05:08:48 GMT, Jason Coombs said:
If quality is the true objective, then perhaps we should adopt exceptions to
intellectual property laws to force into the public domain any creative work
that has the capability to impact the security of anything important...
A few
Well as a security professional I can testify that the sites you want
closed down ie reference to zone-h etc.. Are a valued source of
knowledge!
Obviously your not plugged into security and as such use these groups to
talk Shi* and justify your views of closing IRC Channels.
Thankfully your not
Ah thanks, that answers my question. :o)
On the MS defender comment. Well I can't say much other than not everyone
thinks that a company is entirely good or entirely bad. I have a more
granular outlook on things. Some things are done well, some things aren't.
That applies to all OSes. None of
Hello list,
Mission Impossible theme sounded weird (too weird) and so on...
Tell me:
why should these link be active after the UNITED STATES SECRET SERVICE
Operation ?
http://www.shadowcrew.com/phpBB2/login.php
http://archive.shadowcrew.com/Archive/
Matteo Giannone
Without web defacing teenagers this industry wouldn't have gained the
momentum it has. Yin/Yang. Without your so called cybercriminals your life
would be meaningless.
/m
Len rose is a muppet.
Stop moderating my mail.
- Original Message -
From: n3td3v [EMAIL PROTECTED]
To: [EMAIL
What happened to the government can have my electronic speech when they pry it
from my cold, dead fingers ?
Many people fail to understand that incompetency knows no limits or bounds. It
is alive and well in all human institutions and activities, and each one of us
is in fact incompetent in
Like Mauro, I also rewrote the exploit for Linux and couldn't get it
to work at first. But I looked at it a little more and found it was
because Gentoo already had it patched. It looks like most of the
other vendors are also already on the ball with this one. So, as long
as it works, here it
You're right, in all that Dune of Sand, there really are some pearls, hard to
find but they are there.
Simon
Barry Fitzgerald wrote:
Berend-Jan Wever wrote:
If you can't stand the heat, get out of the kitchen!
And btw: if you're not cooking, get the fuck out too!
Yeah - how hard is it to
oh?
-
08/23/2001 05:00 AM 354,468 wmpaud1.wav
( bintext output )
00056862 00056862 0 INFOICRD
0005686E 0005686E 0 2000-04-06
00056882 00056882 0 Deepz0ne
00056894 00056894 0 Sound Forge 4.5
-
..heh
Guys,
For your pleasure:
I would have to agree with GuidoZ. The changing MAC would point to
something being up. AP using different channels is pretty common in some
models but the MAC changing and being different vendors points to fake
AP.
I bet you 10 bucks the WEP key changes on all but one of them each time
too..lol
60 matches
Mail list logo