. In the Web Access
Layer list of available actions there are a couple dozen options, none
of which are labeled whitelist or whitelisted.
Also, I'm not sure what you mean by localdatabase. Internal http
traffic shouldn't hit the proxies...
Using an 8100-C with SG05 5.2.4.3.
-Guy
!!
**
Antoine,
Would you mind sharing the policy (on the bluecoat) you're referring
to for www.mappy.fr? What is the Action for that host or IP set to?
You mentioned whitelisted but that could mean anything from the list
of options in the policy manager.
Thanks,
Guy
is working
as it's supposed to, but I would like to confirm whether or not we're
susceptible to this alleged bypass. So far, looks like a dud... Not
even sure why this would work, it seems too simple.
-Guy
___
Full-Disclosure - We believe in it.
Charter
On Fri, Aug 14, 2009 at 4:17 PM, anto...@santo.franto...@santo.fr wrote:
Gone beach for the Week End, more info on monday.
Antoine.
Lies.
-Guy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
is a mathematical
scheme for demonstrating the authenticity of a digital message or
document.
There's also the ill-suited and over used md5 hash method...
-Guy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure
On Fri, Sep 4, 2009 at 2:05 PM, RandallMranda...@fidmail.com wrote:
how come we just can't sandbox the browser in away from the system.
Who or what says you can't?
Guy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
confidence builder there...
Think the idea is to avoid getting infected to begin with. Would you really do
business with a legitimate organization that implements the very tactics
they're trying to combat?
Guy
www.nullamatix.com
___
Full-Disclosure - We
the experience for the
rest of us, and I don't owe anyone of them sh-t. You really believe
everyone using the Internet should forfeit their privacy and security
because they owe you something? That's the price YOU might pay, but
not everyone would agree, firewall or not.
Guy
to end users or folks using the services on a
host.
Have had developers ask me to audit their web applications and provide
a url like,
http://PDC01SVWB996.int.the-domain.org/some-lame-app/MyAwesomeTool.aspx;.
No. Create a DNS entry, don't distribute the actual host name... Good luck.
Regards,
Guy
Alain,
Check the FAQ at:
http://www1.cs.columbia.edu/~salman/skype/
They present two distinct methods for blocking Skype.
Guy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Jan Kruska is a pedophile that had sex with a child when she was 22 years old.
Now she campaigns to let others have sex with children. If you disagree with
her, feel free to let her know. You can contact Jan at:
Jan Kruska
4102 W Woodridge Dr.
Glendale, Arizona 85308
(503) 389-7679
(602)
I just saw n3td3v.com up for sale on sedo...
https://sedo.com/search/details.php4?domain=n3td3v.comtracked=partnerid=language=us
-SecGuy
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Not just Rouge apps, it's much more widespread: other colors such
as magenta, mauve, fuschia, and even the extremes of pink and
purple can also be impacted.
On Wed, Aug 6, 2008 at 2:56 PM, John C. A. Bambenek, GCIH, CISSP
[EMAIL PROTECTED] wrote:
What's the infection vector? URL Link?
Hello fellow FD,
I recently came across an interesting website redirecting and delivering
malware and I'd like to ask a few questions
An Index of that checks your referrer to see if you've found the site through
a Google search. The index.php script is made to look just like a real 'Index
- Drive-by attacks with Java.
JavaScript has been used to infect thousands of legitimate web pages to insert
a trojan to visitors! Sound like a National Enquirer headline? No way! This
attack method has been very successful and nearly transparent to users. This
launches a new age in hacking.
Oops, sorry for the horrible English.
I just re-read it.
-Malformation
From: malformat...@hotmail.com
To: full-disclosure@lists.grok.org.uk
Date: Tue, 16 Dec 2008 16:41:23 +1030
Subject: [Full-disclosure] Index Of redirection malware attack?
Hello fellow FD,
I recently came across an
Hello fellow F.D.
Check out this funny hotmail post request I found whilst playing around with
Tamper Data:
http://img234.imageshack.us/my.php?image=hotmaileasteregg2tg1.png
Look at the highlighted text. Sums me up completely. Also, security officers at
hotmail are 'slack'? Lol.
Have fun
Or hey, if you're not getting anywhere with him, talk to this guy!
http://www.belkcollege.uncc.edu/jpfoley/
Let me see:
wachovia security cissp incident +network via Google
This looks interesting:
http://www.bryceporter.com/
I would have contacted someone on this level to put me
From: saphex saphex_at_gmail.com
Date: Wed, 20 May 2009 01:42:16 +0100
I think this is interesting, http://myf00.net/?p=18
So, how does someone manage to edit the overlay file?
Are they going to use some javascript from a malicious website to edit
the overlay file of an addon? Or are they
On Mon, May 25, 2009 at 8:26 PM, saphex sap...@gmail.com wrote:
This isn't about making the user install a malware add-on. It's about
gaining access to the system trough an exploit, or physical access,
modify an existing add-on with your code. And Firefox wont even
notice. Instead of
What's wrong with Slashdot today?
Best regards,Danila Wartho
_
Med Windows Live kan du ordna, redigera och dela med dig av dina foton.
According to Brad Spender (author of pax and linux) it's a bug in their
perlscript.Was just discussed on #social on PtP.
Anyone have screenshots? They seem to have taken Slashdot offline so I cannot
access it anymore.
- Danila
Date: Thu, 23 Jul 2009 17:59:23 -0400
Subject: Re:
Hello List,
Did a quick PoC on Right To Left Override (RTLO) spoofing under
windows 7 few months back, thought of sharing.
Any thoughts are appreciated.
http://esploit.blogspot.com/2011/05/practical-rtlo-unicode-spoofing.html
Thanks,
Satyamhax
http://esploit.blogspot.com
. However, today after nearly 7
months saw the same news in imperva blog, checked the site and found
that it's not only still up and running but even updating frequently !
Apart from selling the services above, this guy also discloses SQL
injection vulnerabilities in major websites including banks
Hi Security Experts,
I have a question about the security track record of Indian IT vendors like
Infosys, TCS, Wipro etc. An article about Indian IT vendors by an
ex-employee of one of these companies is circulating in the different NITs
(National Institute of Technology) of India today.
My
On Thu, Dec 1, 2011 at 10:37 PM, TAS p0wnsa...@gmail.com wrote:
Wonder guy, the basis of your conclusion are as ridiculous as your question.
Microsoft and Google are products companies. Atleast TCS and Wipro are not.
They are into offshore and managed business domains. Infosys is also
*Storesonline, Ecommerce hosting solution - how to avoid mistakes that put
your business at risk*
Building an e-business inevitably requires a dedicated ecommerce hosting
solution that can support the infrastructures. There are plenty of areas to
take care of. Depending on your business types,
just make sure you dont hire my good friends @sekcore :PpPp
our local media whore pierre-guy lavoie ...
http://www.cbc.ca/news/story/2000/03/01/hacker000301.html
http://www.cbc.ca/news/story/2000/03/01/hacker000301.html
A 22-year-old Quebec City man has been convicted in a computer
hacker
It's futile trying to use the law to change things.
It will simply force people into the shadows. Which today involves
using tor and some Russian web money account.
I read a slogan from before my time, in a book: If source is outlawed
outlaws will have source - same applies to zero days.
Anyway
Hi
I agree with you. It's just these 'underground communities' tend to be
a bunch of kiddies playing with milworm, bots, and asking help with
basic programming.
Where's the original ideas, the research, and the worth-while discussion?
I guess I described an extreme scenario, but you get the
Just to summarise what's been said and what I think so we can get back
on topic, and conclude something:
No-one hacks using metasploit! Go back to 2003.
Terrorists with metasploit! What to you have a picture in your head of
Mr. Jihad Bigbeard using metasploit to shutdown a powergrid?
Reasons Why
I'd just like to point out that Symantec has something similar.
See here: http://www.symantec.com/security_response/threatconlearn.jsp
It's not applied in such a useful way as you suggest - but in case you
wanted to know.
On 11/29/08, Mike C [EMAIL PROTECTED] wrote:
Hi,
It is time to take an
Aren't they just a bunch of kids trying to brag on IRC that they
hacked their 'enemy' country? Maybe they don't like them because of
propaganda is telling them Indians did the bombing. Or maybe they,
like most kids, they've no idea about current affairs and just want to
prove themselves good in
'British intelligence service'!?
According to this:
http://lists.grok.org.uk/full-disclosure-charter.html
...Full Disclosure is run by secunia. And administered by one man.
Does the 'British Intelligence Service' doesn't even exist?
There's:
The Security Service AKA MI5.
and SIS AKA the Secret
To you or someone who knows anything about banks, fraud, and how they
work and things.
I have a German bank account.
Should I do something!?
On 12/9/08, James Matthews [EMAIL PROTECTED] wrote:
German banks are some of the oldest in the world. This is pretty scary
however it is also the
ok this is what this whole thing looks like to me:
To n3td3v:
You often post ideas and express your opinion to this list. The some
(often the more liberal) of us often disagree with you and others mock
you for your adventurousness. Actually sometimes it looks childish,
almost as if you're
Here's an article explaining why Microsoft delays their patching:
http://en.wikipedia.org/wiki/Patch_Tuesday
Specifically this bit:
In order to reduce the costs related to the deployment of patches,
Microsoft introduced the concept of Patch Tuesday. The idea is that
security patches are
Oh my, you both seem to have emailed your conversation to the full
disclosure mailing list by accident.
How embarrassing. Every body who is subscribed has received emails of
you two talking about something that ONLY CONCERNS YOU TWO.
Maybe next time when you send emails to each other you should
and the guy was found innocent, despite the way the
news channels made it look.
On 1/3/09, Joel Jose joeljose...@gmail.com wrote:
http://www.networkworld.com/community/node/35713
It scares the hell out of me. when i read the topics...and try to
learn i cant help my mind and heart doubting...when
Okay e.hitler you mention you're attacking Israeli servers*, lets
ignore the impact of that for a second. e.Hitler I want you to tell
me, in more than a sentence, why you did that. Yeh, you failed to
mention it in your original post. Tell me exactly how your cause makes
you feel, and why.
Now
40 matches
Mail list logo
