Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 23 Jul 2008 23:37:14 -0800 120 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg ____ ____ __ __ / \ / \ | | | | ----====####/ /\__\##/ /\ \##| |##| |####====---- 23 Jul 2008 20:48:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62753 ____ ____ __ __ / \ / \ | | | | ----====####/ /\__\##/ /\ \##| |##| |####====---- 23 Jul 2008 16:34:26 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62752 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 23 Jul 2008 16:29:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62751 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 23 Jul 2008 16:27:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62750 Hello! You can find it here: http://oss.coresecurity.com/projects/sdtcleaner.html Package: http://oss.coresecurity.com/repo/SDTCleaner-v1.0.zip Wh 23 Jul 2008 15:49:33 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62749 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 23 Jul 2008 14:56:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62748 As a workaround, it is recommended to set DNS servers to forward only. Can someone explain why that helps? Cannot responses from the forwarder be spoo 23 Jul 2008 14:28:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62747 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 23 Jul 2008 13:33:58 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62744 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 23 Jul 2008 13:07:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62743 =========================================================== Ubuntu Security Notice USN-628-1 July 23, 2008 php5 vulnerabilities CVE-2007 23 Jul 2008 12:39:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62742 This should play nicer with some auto-linking code: http://isis.poly.edu/csaw/ Sorry about that! -- Dan Guido _____________________________________ 23 Jul 2008 12:14:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62741 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 23 Jul 2008 11:59:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62746 This pair of essays were written in 4 hours the night before they were due for last year's Cyber Security Awareness Week at Polytechnic University. Th 23 Jul 2008 11:40:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62740 1. SUMMARY Product : Vim -- Vi IMproved Version : Tested with Vim 7.2b.10, filetype.vim 2008-07-17 Impact : Arbitrary code execution Wherefrom: L 23 Jul 2008 11:29:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62739 adMERITia Vulnerability Report Vulnerability Information Vendor: EMC² Product: Centera Universal Access Version: CUA4.0_4735.p4 Vulnerability Type: 23 Jul 2008 10:09:27 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62745 mcwidget wrote: > Given how easy it appears to be to redirect a client to a malicious web server, > The web != the Internet. Think of POP and IMAP. 23 Jul 2008 08:29:23 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62738 On Wed, Jul 23, 2008 at 10:57 AM, mokum von Amsterdam <smokum@gmail.com> wrote: > > Are you not supposed to keep DNS issues under your hat and disclo 23 Jul 2008 08:15:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62737 On Wed, Jul 23, 2008 at 4:22 PM, Robert McKay <robert@mckay.com> wrote: > > > On Tue, Jul 22, 2008 at 3:36 AM, <monsieur.aglie@hushmail.com> wrote: >> 23 Jul 2008 07:57:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62736 On Tue, Jul 22, 2008 at 3:36 AM, <monsieur.aglie@hushmail.com> wrote: > from chargen 19/udp by ecopeland > > 0. > > The cat is out of the bag. Yes, H 23 Jul 2008 07:22:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62735 > > Hi Sandy Vagina, > > Looks like they did a U-turn after realising how over hyped the bug > actually is. > > n3td3v > So the Cat's out of the bag 23 Jul 2008 05:39:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62734 afk-47 is the tool don't make act the motherfuckin fool 23 Jul 2008 04:28:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62733 On Fri, Jul 11, 2008 at 9:22 PM, Sandy Vagina <bigsandyvagina@gmail.com> wrote: > > n3td3v wrote: > > Please nominate Mr.DNS aka Dan Kaminsky for Most 23 Jul 2008 02:00:18 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62732 we care we really do ________________________________ From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-bounces@lists.grok.org 23 Jul 2008 00:57:58 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62731 Paul Schmehl wrote: > So call your customer up and walk him through rebooting, going into single > user mode and changing the password. Ahahah, I ha 22 Jul 2008 23:46:25 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62730 > I have a buddy that is soliciting for help researching PIN numbers > used in > ATM's and things of that nature. He is in need of data-sets for > 22 Jul 2008 20:10:41 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62729 On Tue, Jul 22, 2008 at 8:25 PM, Maxime Ducharme < mducharme@cybergeneration.com> wrote: > > > ROFL agreed :-) > > > > +-------------------+ 22 Jul 2008 18:30:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62728 Asterisk Project Security Advisory - AST-2008-011 +------------------------------------------------------------------------+ | Product 22 Jul 2008 16:16:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62727 Asterisk Project Security Advisory - AST-2008-010 +------------------------------------------------------------------------+ | Product 22 Jul 2008 16:15:50 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62726 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 22 Jul 2008 16:07:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62725 > ROFL agreed :-) > > > > +-------------------+ .:\:\:/:/:. > | PLEASE DO NOT | :.:\:\:/:/:.: > 22 Jul 2008 14:20:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62720 i would be happy if i would be able to cname recursion to make shure i'm alive. old.issue.com.google.com. .. :p _____________________________________ 22 Jul 2008 13:59:46 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62724 oh no, my god! the cat is alive! it successfully recursed the cname=? stupid=? may be, or is not. let the cache make his decision. ______________ 22 Jul 2008 13:51:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62722 the cat is dead. it fails to sucsessfully recurse the cname. ;) _______________________________________________ Full-Disclosure - We believe in it. 22 Jul 2008 13:30:13 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62721 but the cat is dead, cos it forgot to cname the recursion. ;) _______________________________________________ Full-Disclosure - We believe in it. Cha 22 Jul 2008 13:19:46 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62723 ROFL agreed :-) +-------------------+ .:\:\:/:/:. | PLEASE DO NOT | :.:\:\:/:/:.: 22 Jul 2008 12:25:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62719 Le Tue, 22 Jul 2008 10:18:55 -0400, Ureleet <ureleet@gmail.com> a osé(e) écrire : > sad. isnt it? dan is clearly making fun of u, and u think he wan 22 Jul 2008 12:10:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62718 On 7/21/08 8:36 PM, "monsieur.aglie@hushmail.com" <monsieur.aglie@hushmail.com> wrote: > from chargen 19/udp by ecopeland 0. The cat is out of the 22 Jul 2008 11:50:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62717 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, i think you should reinstall that box! when "someone" gets root on it, it is more likely he/she i 22 Jul 2008 10:42:13 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62711 =========================================================== Ubuntu Security Notice USN-627-1 July 22, 2008 dnsmasq vulnerability CVE-200 22 Jul 2008 09:37:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62710 you've agreed w/ some of his posts? y'mean you've actually been reading all that shit that he types? someone mustn't have anything better to do other 22 Jul 2008 09:33:09 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62708 that's cool. it's not like he was worth anything to this list anywayz. thx netdev for your assistance in douching this list. On Tue, Jul 22, 2008 at 22 Jul 2008 09:27:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62709 On Tue, Jul 22, 2008 at 3:18 PM, Ureleet <ureleet@gmail.com> wrote: > sad. isnt it? dan is clearly making fun of u, and u think he wants to > be ur f 22 Jul 2008 09:21:54 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62707 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page Vulnerability found: 25/06/2008 22 Jul 2008 08:59:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62713 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-15: Several Webroot Disclosures on Moodle Vulnerability found: 20/06/2008 Vendor informed: 25/06 22 Jul 2008 08:48:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62715 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title Vulnerability found: 20/ 22 Jul 2008 08:46:23 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62714 nate, he doesn't have a job in the security industry. so he's made that we do. On Wed, Jul 16, 2008 at 2:40 AM, Nate McFeters <nate.mcfeters@gmail.c 22 Jul 2008 08:08:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62706 On Tue, 22 Jul 2008 10:51:48 +0200, Lucio Crusca said: > tried looking for "2.6.24-1-686 exploit" and "2.6.24-1-686 poc" but I can't > find anything. 22 Jul 2008 07:50:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62705 you suck. On Tue, Jul 22, 2008 at 7:09 AM, nigel <nigel@hardwick.demon.co.uk> wrote: >> razi garbie wrote: >> >>> Are you sure that a 0day is even ne 22 Jul 2008 07:24:51 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62704 oh noez, run for the hills, oh wait. turn off recursive dns where u dont need it. On Mon, Jul 21, 2008 at 6:56 PM, natron <shiftnato@gmail.com> wrot 22 Jul 2008 07:24:32 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62703 its been fagged up, and you want to add to it, instead of help making it better? On Thu, Jul 17, 2008 at 5:33 AM, n3td3v <xploitable@gmail.com> wrote 22 Jul 2008 07:21:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62702 cause he is tired of reading ur bullshit, so he quit fd. i dont blame him. On Fri, Jul 18, 2008 at 9:48 PM, n3td3v <xploitable@gmail.com> wrote: > O 22 Jul 2008 07:20:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62701 sad. isnt it? dan is clearly making fun of u, and u think he wants to be ur friend and podcast w/ u. wow. On Tue, Jul 22, 2008 at 4:09 AM, n3td3v <x 22 Jul 2008 07:18:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62699 --On Tuesday, July 22, 2008 09:35:03 +0200 Lucio Crusca <lucio@sulweb.org> wrote: > Alex Howells wrote: > >> Probably not and I can't think anyone h 22 Jul 2008 07:09:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62700 > razi garbie wrote: > >> Are you sure that a 0day is even needed? perhaps its a rather old >> kernel thats locally exploitable? >> shell# uname -r > 22 Jul 2008 04:09:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62697 http://www.milw0rm.com/exploits/5092 2008/7/22 Lucio Crusca <lucio@sulweb.org>: > razi garbie wrote: > >> Are you sure that a 0day is even needed? pe 22 Jul 2008 02:00:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62698 razi garbie wrote: > Are you sure that a 0day is even needed? perhaps its a rather old > kernel thats locally exploitable? > shell# uname -r 2.6.24-1 22 Jul 2008 01:51:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62696 ---------- Forwarded message ---------- From: Dan Kaminsky <dan@doxpara.com> Date: Sun, Jul 20, 2008 at 7:16 AM Subject: you know... To: xploitable@gm 22 Jul 2008 01:09:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62695 Alex Howells wrote: > Probably not and I can't think anyone hiding a 0-day is going to > release it for this. Sorry. No 0-day needed here, Lenny does 22 Jul 2008 00:35:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62693 Are you sure that a 0day is even needed? perhaps its a rather old kernel thats locally exploitable? shell# uname -r and then go google. 2008/7/22 Ale 22 Jul 2008 00:29:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62694 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 22 Jul 2008 00:01:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62712 from chargen 19/udp by ecopeland 0. The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat. 1. 21 Jul 2008 19:36:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62716 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 21 Jul 2008 18:49:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62691 2008/7/21 Lucio Crusca <lucio@sulweb.org>: > Believe it or not, I have a linux box (mine, yes it's mine) I need to own... > the problem is that it phi 21 Jul 2008 16:50:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62692 --On Monday, July 21, 2008 22:47:26 +0200 Lucio Crusca <lucio@sulweb.org> wrote: > Believe it or not, I have a linux box (mine, yes it's mine) I need 21 Jul 2008 16:21:13 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62690 ####################################################################### Luigi Auriemma Application: ZDaemon 21 Jul 2008 16:02:21 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62687 It appears matasano posted an explanation of Dan Kaminsky's DNS issue to their blog today, but looks like it may have been yanked back down. My googl 21 Jul 2008 15:56:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62688 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisor 21 Jul 2008 15:08:33 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62686 Believe it or not, I have a linux box (mine, yes it's mine) I need to own... the problem is that it phisically resides a few 100km from here and someo 21 Jul 2008 13:47:26 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62689 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisor 21 Jul 2008 12:52:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62685 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisor 21 Jul 2008 11:08:18 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62684 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 21 Jul 2008 10:29:08 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62682 OOPS!: By question I landed on the Server Side Bug Nomination List Again. Thanks for riding this Ceremony. kcope / eliteb0y / Nikos OOPS I did it 21 Jul 2008 09:07:05 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62683 Hey Alexandr, I see I'm invited to award Brett his pwnie for his SQL flaw if he wins. I'd be more than happy to - after all one bug over 3 years means 21 Jul 2008 07:58:44 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62676 FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer reference Denial of Service Vulnerability http://www.fortiguardcenter.com/advis 21 Jul 2008 06:49:25 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62678 FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability http://www.fortiguardcenter.com/ad 21 Jul 2008 06:47:20 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62679 FGA-2008-16: EMC Dantz Retrospect 7 backup Client PlainText Password Hash Disclosure Vulnerability http://www.fortiguardcenter.com/advisory/FGA-2008-1 21 Jul 2008 06:45:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62681 FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corruption Vulnerability http://www.fortiguardcenter.com/advisory/FGA-2008-16. 21 Jul 2008 06:44:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62680 Hi all, I checked out the Last Hope Conf this weekend and it was friggin sweet, anyone else checked it out and if so what talks you like? Sent from m 20 Jul 2008 18:06:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62675 The aim of this white paper is to analyze security implications of the new HTML 5 client-side storage technology, showing how different attacks ca 20 Jul 2008 17:32:26 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62674 Ureleet wrote: > how about enforcement of these guidelines? how about just keeping it unmoderated? _______________________________________________ F 20 Jul 2008 10:05:32 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62673 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 19 Jul 2008 16:06:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62672 It is reported to Oracle since 2004 by open3s and affects others libs. The workaround is very simple but it is "under investigation / being fixed in 19 Jul 2008 15:10:56 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62677 On Sat, Jul 19, 2008 at 7:34 PM, php0t <php0t@zorro.hu> wrote: > > If I didn't feel you were moving towards being-serious-about-it, i'd give > you a c 19 Jul 2008 13:40:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62671 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 19 Jul 2008 12:42:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62670 The maker of Linux was right, "In an e-mail to the Linux kernel developer mailing list, Torvalds said a section of the security industry was dedicate 19 Jul 2008 11:27:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62669 Oracle Database Local Untrusted Library Path Vulnerability ---------------------------------------------------------- The Oracle July 2008 Critical P 19 Jul 2008 08:08:40 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62667 rPath Security Advisory: 2008-0231-1 Published: 2008-07-19 Products: rPath Linux 2 Rating: Major Exposure Level Classification: Remote System 19 Jul 2008 07:31:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62668 ---------- Forwarded message ---------- From: n3td3v <xploitable@gmail.com> Date: Sat, Jul 19, 2008 at 12:13 AM Subject: Re: Stop The 70% Lie To: The 18 Jul 2008 18:56:47 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62665 On Fri, Jul 18, 2008 at 6:13 PM, Kingcope Kingcope <kcope2@googlemail.com> wrote: > I am reachable > 0nly @ two addresses: > > http://www.milw0rm.com 18 Jul 2008 18:48:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62664 rPath Security Advisory: 2008-0230-1 Published: 2008-07-18 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote System 18 Jul 2008 12:56:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62662 I am reachable 0nly @ two addresses from now on: http://www.milw0rm.com http://www.com-winner.com Thanks n3td3v 18 Jul 2008 10:58:04 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62666 I am reachable 0nly @ two addresses: http://www.milw0rm.com http://www.com-winner.com Thanks n3td3v Signed, KingCope 18 Jul 2008 10:13:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62663 motivation to commit crime is well documented. Loads of hardwork must never result in a crime because of a silly error. I understand that no solution 18 Jul 2008 09:23:57 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62661 On Fri, 18 Jul 2008 21:07:47 +0530, Joel Jose said: > abetting the crime. But a GUI crash is always less severe. People can > quickly loose trust in 18 Jul 2008 09:08:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62660 if ppl stop giving "special" consideration to security, the quality of security enforcement could come down. Ideally we like to "clean" all bugs. But 18 Jul 2008 08:37:47 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62659 At the end of April 2008 I published a paper about a new class of flaw in Oracle entitled "Lateral SQL Injection". The paper can be found here: http 18 Jul 2008 07:03:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62658 On Fri, Jul 18, 2008 at 00:54, Jan Mináø <rdancer@rdancer.org> wrote: > The attacker has to create the temporary file > ``/tmp/Makefile-conf<PID>'' b 18 Jul 2008 00:38:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62657 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Adv 17 Jul 2008 17:51:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62655 On Thu, 17 Jul 2008, The Security Community wrote: > http://70percenters.googlepages.com/ > > "The FBI estimates that about 70 percent of all computer 17 Jul 2008 17:18:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62656 http://70percenters.googlepages.com/ "The FBI estimates that about 70 percent of all computer security breaches are perpetrated by insiders." For ye 17 Jul 2008 16:29:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/62654