did you actually try the link? cause it worked for me...
On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie eddie.mcg...@ncr.comwrote:
come on what's funny about encoding a url? you don't see this as
a vuln? REALLY geez peace...
--
*From:*
http://jailbreakme.com/_/ gives me a 404 Not Found error.
There were a few vulnerabilities in lighthttpd related to the %00 character
but after googling a while I couldn't find this particular one. I guess it's
worth reporting if this still works in the current version (1.5.0).
On Thu, Aug 5,
What is WinAppDbg?
==
The WinAppDbg python module allows developers to quickly code instrumentation
scripts in Python under a Windows environment.
It uses ctypes to wrap many Win32 API calls related to debugging, and provides
an object-oriented abstraction layer to manipulate
:
How is it different from pydbg?
Sent from my Blackberry handheld.
- Original Message -
From: Mario Vilas mvi...@gmail.com
To: bugt...@securityfocus.com bugt...@securityfocus.com;
full-disclosure@lists.grok.org.uk full-disclosure@lists.grok.org.uk;
Python-Win32 List python-wi
On Fri, Aug 27, 2010 at 5:27 PM, matt m...@attackvector.org wrote:
2) This opens the door for more widespread attacks. In the case of
PowerPoint, one could simply find a share on a network that contains a large
amount of ppt files and save his/her rogue DLL file in that directory.
Then,
if you email a web page, tipically all files are unzipped when the user
double clicks on any .html file
but I still don't see this as something drastically different from double
clicking on exe files...
On Thu, Sep 2, 2010 at 12:45 AM, coderman coder...@gmail.com wrote:
On Wed, Sep 1, 2010 at
How ironic...
On Fri, Sep 10, 2010 at 11:07 PM, valdis.kletni...@vt.edu wrote:
On Fri, 10 Sep 2010 22:52:46 +0200, Stefano Angaran said:
I think that was a joke
You're new here, aren't you? :)
___
Full-Disclosure - We believe in it.
To be fair, both Canvas and Impact had the same pivoting features years
before Metasploit (and yes, that includes the entire Windows API too). It's
no wonder really, since Metasploit is newer too (Impact was created some ten
odd years ago and Canvas came shortly later, if I'm not wrong). But IMHO
paranoid Uhm, why the redirection through Facebook? /paranoid
2010/10/21 Román Ramírez pat...@0z0ne.com
Hello all,
We don't send emails to communicate sponsorships as we undertsand is
quite disturbing and we all receive a lot of email.
But this is a special situation as I want to transmit
Just signing the update packages prevents this attack, so it's not that hard
to fix.
On Sat, Oct 30, 2010 at 5:02 PM, valdis.kletni...@vt.edu wrote:
On Sat, 30 Oct 2010 04:43:14 +0800, Jacky Jack said:
It's now a time for vendors to re-consider their updating scheme.
And do what
what's
available. Also, I believe the operating system should provide the
mechanism, not the application.
On Sun, Oct 31, 2010 at 3:36 PM, valdis.kletni...@vt.edu wrote:
On Sun, 31 Oct 2010 13:09:27 BST, Mario Vilas said:
Just signing the update packages prevents this attack, so it's
Oh, fuck this shit.
http://rapidshare.com/files/444699301/InsectProFull.zip
This is the previous version, you can guess what the new version should be like.
___
Full-Disclosure - We believe in it.
Charter:
Gotta love the team name ;)
http://www.goear.com/listen/570f6b5/debede-sumo
On Mon, Jan 31, 2011 at 10:17 PM, CORE Security Technologies
Advisories advisor...@coresecurity.com wrote:
7. *Credits*
These vulnerabilities were discovered and researched by Federico Muttis,
Sebastian Tello and
It seems to be a different version.
IMHO if I have to pay to download it then it's not really free. Insect
should follow the same donation policy as any open source project - download
should be free and donation should be optional. This is probably a non-issue
anyway but I feel the word free
Actually, when the tool was originally released it wasn't free (strings
attached or not), but they tried to charge $500 per license as a closed
source product.
http://seclists.org/fulldisclosure/2010/Sep/283
So at any rate some people have been complaining over and over for the use
of the word
Actually, if they can get the data back (be it because it's stored in
plaintext or in obfuscated plaintext) then it's not secure. Obfuscation
doesn't make it more secure, or any less plaintext.
On Wed, Apr 6, 2011 at 11:01 AM, Romain Bourdy achil...@gmail.com wrote:
Hi Full-Disclosure,
Just
Is the suid bit set on that binary? Otherwise, unless I'm missing something
it doesn't seem to be exploitable by an attacker...
On Thu, Apr 28, 2011 at 12:03 PM, Juan Sacco
jsa...@insecurityresearch.comwrote:
Information
Name : Heap Buffer Overflow in xMatters
additionaly cannot execute any other commands, but can mysteriously
control the arguments). Unless either scenario is researched (and nothing in
the advisory tells me so) I call bullshit.
On Thu, Apr 28, 2011 at 6:09 PM, valdis.kletni...@vt.edu wrote:
On Thu, 28 Apr 2011 14:40:22 -0300, Mario
Hi, just a quick question, do those exploits you mention work in a
jailbroken device? I'm running Linux Leopard lOS 4.3 on my iAndroid tablet.
On Wed, May 18, 2011 at 11:41 AM, Joxean Koret joxeanko...@yahoo.es wrote:
Sorry men, there is no exploit for Linux Kernel(TM) 2011. But you have
http://isc.sans.org/diary.html?storyid=10312;
On Wed, May 18, 2011 at 11:07 PM, Eric dkn...@gmail.com wrote:
Greetings,
Has anyone ever noticed, the sort of DNS queries when you fire/running
Google-chrome?
The DNS queries for domain names likes:
bsjghxplor
hrrtjswxtt
epjyptuure
etc.
Probably in fear that said attribution would kill the notion that they
actually wrote the software they're trying to sell.
IMHO, none of this ranting would happen if the tool had been free to
begin with. It's a long lost cause now.
On Thu, Jun 23, 2011 at 8:23 PM, root ro...@fibertel.com.ar
Actually you *can* launch an executable that way, if you add a couple
more clicks afterwards, or you right click on the file and choose a
non default menu option. It's no more ridiculous than any other social
engineering that requires people to hit a hotkey they probably never
heard of and browse
Don't worry, we all know MustLive is lying, as usual.
On Fri, Jul 22, 2011 at 10:08 PM, Chris Evans scarybea...@gmail.com wrote:
On Fri, Jul 22, 2011 at 8:36 AM, MustLive mustl...@websecurity.com.ua wrote:
Hello list!
I want to warn you about URL Spoofing vulnerability in Mozilla Firefox,
Insect Pro - Now with an integrated 1.21 gigawatt Flux Capacitor! If you
make a pentest at 88 miles per hour you can go back in time!
On Wed, Aug 3, 2011 at 3:17 AM, root ro...@fibertel.com.ar wrote:
Dude you just released INSECT Pro 2.7 less than a week ago. I swear to
god I'm being serious.
Perhaps you should post the contents of the advisory here as well. Many
people won't happily click on a link without any explanations.
On Mon, Aug 22, 2011 at 9:14 PM, Levent Kayan levonka...@gmx.net wrote:
hello,
http://vulnerability-lab.com/get_content.php?id=180
cheers,
noptrix
--
)
This doesn't look like an exploitable buffer overflow to me. I think
you just stumbled upon Skype's anti-debug measures.
On Tue, Aug 23, 2011 at 1:02 AM, Mario Vilas mvi...@gmail.com wrote:
Perhaps you should post the contents of the advisory here as well. Many
people won't happily click on a link
On Sat, Aug 27, 2011 at 4:27 AM, GloW - XD doo...@gmail.com wrote:
when is smeone going to warez this... it aint free..
http://www.insecurityresearch.com/files/
--
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the
Are you guys seriously reporting that double clicking on a malicious .vbs
file could lead to remote code execution? :P
Either I'm missing something (and I'd welcome a rebuttal here!) or you might
as well add .exe to that list. All those extensions are already executable.
On Fri, Sep 2, 2011 at
:
You don't get the worst part: unsuccessful exploitation also leads to
code execution.
Scary stuff.
On 09/02/2011 05:05 PM, Mario Vilas wrote:
Are you guys seriously reporting that double clicking on a malicious
.vbs
file could lead to remote code execution? :P
Either I'm missing
I disagree. If this so called vulnerability had any added value in terms
of social engineering, it would actually make sense to report it. Social
engineering isn't bad, I really don't care how leet it is. My claim is
simpler: this advisory makes no sense at all, because it replaces an easy
way of
Paul,
Those file extensions correspond to scripts. If a file contains a script
that runs when the file is double clicked, and the scripting engine is not
sandboxed (meaning the script can do the same things an executable file can
do) then the attack is meaningless. You can simply have the script
On Mon, Sep 5, 2011 at 7:45 PM, root ro...@fibertel.com.ar wrote:
Off-topic:
First Insect PRO, and now this?
What's happening fellow Latin-americans? our standards are falling.
Please behave, this is the Internet!
[image: The_Internet_is_Serious_Business - Low.jpg]
--
“There's a reason
This is a bit old (2007) but it shows this kind of bug perfectly well.
http://securitytracker.com/id/1018588
So I can imagine one scenario in which DLL hijacking would make sense - if
the developers neglected to properly set the directory permissions and it
got reported as a vuln, the patch
On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky d...@doxpara.com wrote:
Ok, now nobody can spoof a URL, but how come a user will tell good
URLs and bad ones apart? Oh boy!
Wherever did you get the idea that users can do this?
Jokes apart, I do find it annoying that URLs aren't expanded
I don't think it's supposed to be a secret. There are also references to
Insect Pro in the source code:
https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/src/com/exploitpack/main/License.java
BTW, you gotta love the scanner :)
On Thu, Oct 6, 2011 at 5:34 AM, root ro...@fibertel.com.ar wrote:
do not harass people who are writing software for free
Oh, that's rich.
--
“There's a reason we separate military and the police: one fights the
enemy of the state, the other serves and protects the people. When the
military
I also got that impression :( where is that clarified?
On Mon, Oct 24, 2011 at 6:13 PM, char...@funkymunkey.com wrote:
Withdrawn :P
Quoting char...@funkymunkey.com:
I got the impression that they have fully compromised the actual TOR
network, not a dummy network, am I wrong?
Charlie
Did you read the comments?
On Fri, Oct 28, 2011 at 3:36 PM, Leon Kaiser litera...@gmail.com wrote:
**
Bravo! A completely impartial source.
--
*Leon Kaiser* - Head of GNAA Public Relations -
litera...@gnaa.eu ||
On Fri, Oct 28, 2011 at 8:02 PM, Leon Kaiser litera...@gmail.com wrote:
**
Did you not hear me when I said I don't do blogs?
Hardly anyone heard you, unless they were in the same room as you. Some of
us read you, though. It's a good thing you know, reading. You should try
sometime.
By the
I liked the heavy breather in the perv closet bit.
On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst ryandewhu...@gmail.comwrote:
I think Jon just said what everyone else was thinking, he said what I
was thinking at least.
On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz jon.ke...@gmail.com wrote:
I have no doubt that a lot of things are lost on you.
On Fri, Nov 11, 2011 at 11:23 PM, xD 0x41 sec...@gmail.com wrote:
are you braindead ?
your humor, is really lost on me..so, i think, look within :P
On 12 November 2011 04:01, Mario Vilas mvi...@gmail.com wrote:
I liked the heavy
, 2011 at 5:08 PM, Thor (Hammer of God)
t...@hammerofgod.com wrote:
Yeah, I gotta say, I’m going to use it at some point ;)
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
Mario Vilas
Sent: Friday, November 11, 2011 9:02 AM
The guest account has no password, but it's not possible to login remotely
with ssh.
On Thu, Nov 17, 2011 at 5:28 PM, Dave m...@propergander.org.uk wrote:
Hi,
What is the password for this guest account?
Is the password random generated?
Is remote access of any kind enabled by default for
Let's not overreact. We're talking about a guest account only on dekstop
systems, for local login only, and perfectly visible to the user. The only
problem I see here is not having a simple GUI way to disable the guest
login for a non tech-savvy user, but no more. (Or am I missing something
here?)
I'd love to know what number he called. Or at least what country+area code.
On Tue, Nov 22, 2011 at 11:34 PM, root ro...@fibertel.com.ar wrote:
Please call again I didn't get it.
Sure you have my number right?
btw, chill man!
On 11/22/2011 04:48 AM, xD 0x41 wrote:
You fucking pieces of
Hi,
I'm afraid all the download links in that webpage seem to be broken, except
for the Windows installer (which has a different version number than the
rest of the downloads).
Also, the github repository where you're hosting the source code appears to
be empty.
Cheers,
-Mario
On Wed, Nov 30,
, Gino g...@1337.io wrote:
Seems to have Juan Succo written all over it
On 11/30/11 1:49 AM, Mario Vilas wrote:
Hi,
I'm afraid all the download links in that webpage seem to be broken,
except for the Windows installer (which has a different version number
than the rest of the downloads
On Fri, Dec 2, 2011 at 3:05 AM, adam a...@papsy.net wrote:
C:\Users\adam\Desktopls -la combined.zip | gawk {print $5}
*31337*317
That's a funny coincidence. :)
___
Full-Disclosure - We believe in it.
Charter:
50 US dollars per student just to pay for the video streaming? I have
a hard time believing that.
2012/1/3 runlvl run...@gmail.com:
Costo: 50 usd ( Para pagar streaming )
--
“There's a reason we separate military and the police: one fights the
enemy of the state, the other serves and
Just out of curiosity, exactly how do you measure that?
On Wed, Jan 18, 2012 at 8:25 PM, nore...@exploitpack.com wrote:
+20k active users
--
“There's a reason we separate military and the police: one fights the
enemy of the state, the other serves and protects the people. When the
military
On Tue, Jan 24, 2012 at 2:34 PM, Ben Bucksch n...@bucksch.org wrote:
Actual result:
notepad.exe shows My password
Expected result:
Nothing.
No.
Expected result is to have the clipboard text sent to the remote
machine, if you have your client configured to do so. In a really
security
Guys, could you please read carefully everything before you reply?
I read carefully. It still didn't make sense, though.
And you wouldn't be allowed to use copypaste while you edit sensitive
documents either, I guess?
I don't know how you could get to such a conclusion from what I wrote.
IP KVM, in which the foreign server basically gets only inbound
Keyboard and Mouse and outbound uncompressed pixels.
That is *precisely* what VNC is: an open-source IP KVM.
No, it's not. I won't go into the differences because other people
already did in this thread.
And please don't turn
:18 PM, Mario Vilas wrote:
Guys, could you please read carefully everything before you reply?
I read carefully. It still didn't make sense, though.
And you wouldn't be allowed to use copypaste while you edit sensitive
documents either, I guess?
I don't know how you could get to such a conclusion
Fair enough :)
On Wed, Jan 25, 2012 at 10:59 AM, Peter Osterberg j...@vel.nu wrote:
On 01/25/2012 10:54 AM, Mario Vilas wrote:
The bottom line is, the problem here is using VNC for what Ben is
using it. There are many more problems with that scenario and
clipboard sharing may be the least
I fear the day when he finally succeeds in making enough people
believe he's a real security researcher. I wish attrition.org did a
piece on him in the charlatans section.
2012/1/30 Peter Osterberg j...@vel.nu:
This is Juan Sacco's new spam puppet. He just posted the same thing using
his real
Good find. I think it should also be possible to disable the delete
* command with triggers, as a nice way to backdoor the database
(almost non intrusive compared with installing rogue plugins, and the
user isn't likely to ever find out).
On Mon, Feb 13, 2012 at 11:25 AM, Osama Bin Error
Indeed. It could also be very fast and not use threads at all. But IMO
it's much harder to write an efficient multithreaded program in python
than in C, at the very least you need a good understanding of the
inner workings of the python interpreter.
I find it a bit suspicious in general that a
Another lame backdoor.
On Sat, Mar 17, 2012 at 6:45 AM, yuri goncalves soares y...@bsd.com.brwrote:
Another POC.
http://pastebin.com/GM4sHj9t
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
On Tue, Mar 20, 2012 at 12:50 AM, Sanguinarious Rose
sanguiner...@occultusterra.com wrote:
Here let me re-quote my email for *prosperity*
I don't think that word means what you think it means.
___
Full-Disclosure - We believe in it.
Charter:
s/clone/theft/
On Tue, Apr 24, 2012 at 12:31 PM, Michele Orru antisnatc...@gmail.com wrote:
I'm also wondering if your tool is a clone of our BeEF or not :D
Cheers
antisnatchor
On Tue, Apr 24, 2012 at 11:25 AM, Jerome Athias jer...@netpeas.com wrote:
Hi,
I think that people here would be
The exploitpack.com website and the video have been removed... (maybe
we can call this a legally induced denial of service vulnerability?)
On Tue, Apr 24, 2012 at 12:31 PM, Michele Orru antisnatc...@gmail.com wrote:
I'm also wondering if your tool is a clone of our BeEF or not :D
Cheers
It's a capcha bypass, not a CSRF as claimed. I'm also not quite sure
if the capcha has really been bypassed at all as the blog post in
spanish says you have to enter it manually from time to time...
Si linkedin nos pone problemas con el captcha, lo que debemos hacer
es ingresar via web con una
[image: Inline image 1]
On Sat, Sep 29, 2012 at 4:01 AM, kaveh ghaemmaghami
kavehghaemmagh...@googlemail.com wrote:
Title: Foxit Reader suffers from Division By Zero
Version : 5.4.3.0920
Date : 2012-09-28
Vendor : http://www.foxitsoftware.com/
stack overflow != stack buffer overflow
On Wed, Oct 24, 2012 at 3:41 AM, kaveh ghaemmaghami
kavehghaemmagh...@googlemail.com wrote:
Title : Microsoft Office Word 2010 Stack Overflow
Version : Microsoft Office professional Plus 2010
Date : 2012-10-23
Vendor:
Or do, and grab a bag of popcorn ;)
On Tue, Oct 30, 2012 at 4:29 PM, Peter Dawson slash...@gmail.com wrote:
Dont feed the trolls !
On Tue, Oct 30, 2012 at 11:21 AM, Mikhail A. Utin
mu...@commonwealthcare.org wrote:
Normal way of doing security research business (for normal people of
I think we can all agree this is not a vulnerability. Still, I have yet to
see an argument saying why what the OP is proposing is a bad idea. It may
be a good idea to stop indexing robots.txt to mitigate the faults of lazy
or incompetent admins (Google already does this for many specific search
That paragraph says pretty much the exact opposite of what you understood.
Also, could we please stop refuting points nobody even made in the first
place? OP never claimed this to be a vulnerability, nor ever said
robots.txt is a proper security mechanism to hide files in public web
directories.
I was suddenly reminded of this...
http://www.quickmeme.com/meme/3qicaz/
On Sat, Apr 20, 2013 at 1:05 PM, Joxean Koret joxeanko...@yahoo.es wrote:
Oh, no, please not again. Are we going to talk one more fucking time
about the ethics of 0-days? Please no.
Is a delay of a year before reporting
On Tue, May 7, 2013 at 9:56 AM, SEC Consult Vulnerability Lab
resea...@sec-consult.com wrote:
To exploit these issues, the attacker must be authenticated as root.
???
___
Full-Disclosure - We believe in it.
Charter:
On Wed, Jul 10, 2013 at 10:57 AM, kaveh ghaemmaghami
kavehghaemmagh...@googlemail.com wrote:
1.The crash you showed does not control eip
(its not a stack-based bof)
And? You still need to control EIP or the exploit doesn't, you know,
actually work. :P
2.not even arbitrary memory
(check
This may be a silly question, so I apologize in advance, but that would
exactly be the advantage here? Using a NULL pointer is in most (if not all)
those cases undocumented behavior to begin with. Unless I'm missing
something, the problem is not so much with Win32 as it is with the C
language in
What is WinAppDbg?
==
The WinAppDbg python module allows developers to quickly code
instrumentation
scripts in Python under a Windows environment.
It uses ctypes to wrap many Win32 API calls related to debugging, and
provides
an object-oriented abstraction layer to manipulate
I haven't read the whole thread, so I apologize in advance for commenting
on it. But I think it's important to mention that not a vulnerability and
not exploitable are entirely different concepts. Since conclusively
proving that a vulnerability is 100% not exploitable for all code paths in
all
On Thu, Mar 13, 2014 at 10:30 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
We confirm this to be a valid vulnerability for the following reasons.
The access control subsystem is defeated, resulting to arbitrary write
access of any file of choice.
1. You Tube defines which file
You're still missing the attack vector (and the point of the discussion
too, but that's painfully obvious).
On Fri, Mar 14, 2014 at 4:21 AM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Here's my evidence.
Live Proof Of Concept
==
But do you have all the required EH certifications? Try this one from the
Institute for
Certified Application Security Specialists: http://www.asscert.com/
On Fri, Mar 14, 2014 at 7:41 AM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Thanks Michal,
We are just trying to improve
.
lem.niko...@googlemail.com wrote:
We are on a different level perhaps. We do certainly disagree on those
points.
I wouldn't hire you as a consultant, if you can't tell if that is a valid
vulnerability..
Best Regards,
Nicholas Lemonias.
On Fri, Mar 14, 2014 at 10:10 AM, Mario Vilas mvi
.
On Fri, Mar 14, 2014 at 10:10 AM, Mario Vilas mvi...@gmail.com wrote:
But do you have all the required EH certifications? Try this one from
the Institute for
Certified Application Security Specialists: http://www.asscert.com/
On Fri, Mar 14, 2014 at 7:41 AM, Nicholas Lemonias.
lem.niko
that the advisory is about writing arbitrary files. If I was
your boss I would fire you.
-- Forwarded message --
From: Nicholas Lemonias. lem.niko...@googlemail.com
Date: Fri, Mar 14, 2014 at 5:43 PM
Subject: Re: [Full-disclosure] Google vulnerabilities with PoC
To: Mario Vilas
files. If I
was your boss I would fire you.
-- Forwarded message --
From: Nicholas Lemonias. lem.niko...@googlemail.com
Date: Fri, Mar 14, 2014 at 5:43 PM
Subject: Re: [Full-disclosure] Google vulnerabilities with PoC
To: Mario Vilas mvi...@gmail.com
People can read the report
boss I would fire you.
-- Forwarded message --
From: Nicholas Lemonias. lem.niko...@googlemail.com
Date: Fri, Mar 14, 2014 at 5:43 PM
Subject: Re: [Full-disclosure] Google vulnerabilities with PoC
To: Mario Vilas mvi...@gmail.com
People can read the report
So if you can upload a file to Google Drive and trick someone to run it,
you'd call that a vulnerability too?
Hey, I've got another one. I can upload a video on Youtube telling people
to download and install a virus. I'll claim a prize too!
Keep at it man, you're hilarious! xDDD
/me goes grab
Please provide an attack scenario. Can you do that?
On Fri, Mar 14, 2014 at 9:23 PM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Are you sure this json response, or this file, will be there in a month?
Or in a year? Is the fact that this json response exists a threat to
youtube?
On Sat, Mar 15, 2014 at 5:43 AM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
People who do not have the facts have been, trying to attack the arguer,
on the basis of their personal beliefs.
Wow. I seriously can't tell if you're trolling or unbelievably narcissistic.
Your work has
That is not what this email says. You can't reply correct to criticism
and pretend it's praise.
On Sat, Mar 15, 2014 at 6:11 AM, Nicholas Lemonias.
lem.niko...@googlemail.com wrote:
Correct.
The mime type can be circumvented. We can confirm this to be a valid
vulnerability.
For the PoC's
I believe Zalewski has explained very well why it isn't a vulnerability,
and you couldn't possibly be calling him hostile. :)
On Sat, Mar 15, 2014 at 11:20 AM, M Kirschbaum pr...@yahoo.co.uk wrote:
I have been watching this thread for a while and I think some people are
being hostile here.
Thank you. :)
On Sat, Mar 15, 2014 at 1:45 PM, Gynvael Coldwind gynv...@coldwind.plwrote:
Hey,
I think the discussion digressed a little from the topic. Let's try to
steer it back on it.
What would make this a security vulnerability is one of the three standard
outcomes:
- information
Sockpuppet much?
On Sat, Mar 15, 2014 at 2:35 PM, M Kirschbaum pr...@yahoo.co.uk wrote:
Gynvael Coldwind,
What Alfred has reiterated is that this is a security vulnerability
irrelevantly of whether it qualifies for credit.
It is an unusual one, but still a security vulnerability. Anyone
feel I speak for a lot of
people here, everyone needs to grow up, and shut up.
Email scanned and verified safe.
On 15 Mar 2014, at 13:43, Mario Vilas mvi...@gmail.com wrote:
Sockpuppet much?
On Sat, Mar 15, 2014 at 2:35 PM, M Kirschbaum pr...@yahoo.co.uk wrote:
Gynvael Coldwind
Please stop changing hats, it's embarrasing.
On Sat, Mar 15, 2014 at 7:36 PM, T Imbrahim timbra...@techemail.com wrote:
Is this treated with the same way that says that Remote File Inclusion is
not a security issue ?
You don't follow? Implying ?
I understand why nobody likes Google. If I
ROFL
[image: Inline image 1]
On Mon, Mar 17, 2014 at 11:07 AM, T Imbrahim timbra...@techemail.comwrote:
What drugs are you on Pedro Ribeiro I wonder ...?
I express my views, if you don't like don't watch them. You responses so
far have only been assy speculations so don't tell me Im wrong
On Mon, Mar 17, 2014 at 2:25 PM, T Imbrahim timbra...@techemail.com wrote:
I definitely would patch my computer if I discovered that somebody could
upload files to my computer, even thought if couldn't 'probe' them.
1) I don't think you understood the meaning of the word probe in this
On Mon, Mar 17, 2014 at 3:11 PM, Ulisses Montenegro
ulisses.montene...@gmail.com wrote:
Should YouTube restrict file uploads to known valid mime types? Sure, but
that's only how you got the data in there to begin with. It's what happens
after the data is in that will make all the difference.
94 matches
Mail list logo