Full Disclosure | Full-Disclosure

Full Disclosure | Full-Disclosure Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 13 Feb 2012 01:40:06 -0800 120 Gossamer Threads | Full Disclosure | Full-Disclosure 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg Re: Linksys Routers still Vulnerable to Wps vulnerability. On Sat, Feb 11, 2012 at 2:23 PM, <farthvader@hush.ai> wrote: > _________________________________________________________________________ > "Use Tomat 12 Feb 2012 14:42:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85023 Re: Linksys Routers still Vulnerable to Wps vulnerability. They should at least consider providing an option to disable the static pin only or disable it after an hour if the future is activated by the user. 12 Feb 2012 14:30:49 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85022 Re: Linksys Routers still Vulnerable to Wps vulnerability. Interesting. Do you know if they stop advertising WPS support after they disable it? On Sun, Feb 12, 2012 at 10:11 AM, Rob Fuller <jd.mubix@gmail.co 12 Feb 2012 13:55:10 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85021 [ MDVSA-2012:017 ] firefox -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 12 Feb 2012 12:23:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85020 Re: Trustwave and Mozilla On Sun, 12 Feb 2012 05:54:30 EST, Jeffrey Walton said: > For what its worth, pinning the certificate can usually remediate > these sorts of MitM atta 12 Feb 2012 07:55:35 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85019 Re: Linksys Routers still Vulnerable to Wps vulnerability. I've tested a 6 models of Linksys, all of them appear to disable WPS completely as soon as a single wireless setting is set. I assume this would be th 12 Feb 2012 07:11:24 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85018 Re: Iran is doing ip-and-port filtering of SSL In case the OP hasn't seen this: http://boingboing.net/2012/02/10/iran-attacks-internet-access-o.html https://lists.torproject.org/pipermail/tor-talk 12 Feb 2012 07:02:40 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85017 Re: [Off-Spanish] Webinario gratuito - Ataques DoS en latino america Agree. -- 'Wag More, Bark Less' - Jen and Bren, CloudStar 'Did you ever feel like God has a finger on the Reset button, waiting?' - dccdave "using w 12 Feb 2012 05:53:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85016 Trustwave and Mozilla Hi All, https://www.infoworld.com/d/security/trustwave-admits-issuing-man-in-the-middle-digital-certificate-185972 In case folks are interested in t 12 Feb 2012 02:54:30 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85009 Re: Iran is doing ip-and-port filtering of SSL maybe it's time to get the old school substitution code books out. http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-to 12 Feb 2012 01:13:16 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85008 Re: Iran is doing ip-and-port filtering of SSL thought they filtered specific URLs, but now they filter all SSL (to defeat VPNs, Tor, etc). On 2012-02-11 9:51 PM, "Robert Kim App and Facebook Marke 11 Feb 2012 22:58:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85015 Re: Iran is doing ip-and-port filtering of SSL On Sun, Feb 12, 2012 at 00:50, Robert Kim App and Facebook Marketing <evdo.hsdpa@gmail.com> wrote: > Hasn't Iran and China always been filtering? I'm 11 Feb 2012 21:56:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85013 Re: Iran is doing ip-and-port filtering of SSL Hasn't Iran and China always been filtering? Do VPNs work in this case? On Thu, Feb 9, 2012 at 9:54 AM, Sai <sai@saizai.com> wrote: > I have pretty 11 Feb 2012 21:50:27 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85007 Re: Linksys Routers still Vulnerable to Wps vulnerability. _________________________________________________________________________ "Use Tomato-USB OS on them." _______________________________________________ 11 Feb 2012 13:23:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85012 eFront Community++ v3.6.10 - SQL Injection Vulnerability Title: ====== eFront Community++ v3.6.10 - SQL Injection Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab 11 Feb 2012 10:53:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85011 Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability Title: ====== Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.c 11 Feb 2012 10:51:42 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85010 Re: [Off-Spanish] Webinario gratuito - Ataques DoS en latino america It should be marked as spam. We do not care about "exploitpack.com" ... do not send more message with this business. On 2/10/12, runlvl <runlvl@gmai 11 Feb 2012 08:58:55 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85014 [Announcement] ClubHack Mag - Call for Articles Hello All, ClubHack Magazine is seeking submissions for next issue, Issue 26 - March 2012. Topics:- 1. Web App Sec 2. OS Exploitation and Security 3 10 Feb 2012 22:22:53 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85004 Re: Iran is doing ip-and-port filtering of SSL See my post @ https://plus.google.com/u/0/103112149634414554669/posts/PT3eEF4u415 to stay updated. Copying over update: - Further testing done. Conc 10 Feb 2012 17:44:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85006 Re: Linksys Routers still Vulnerable to Wps vulnerability. On Fri, Feb 10, 2012 at 4:33 PM, <Valdis.Kletnieks@vt.edu> wrote: > On Fri, 10 Feb 2012 14:41:37 EST, Dan Kaminsky said: > > > According to the Reave 10 Feb 2012 13:43:12 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85003 Re: Linksys Routers still Vulnerable to Wps vulnerability. On Fri, 10 Feb 2012 14:41:37 EST, Dan Kaminsky said: > According to the Reaver people, DD-WRT doesn't support WPS at all :) The sort of people that 10 Feb 2012 13:33:07 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85002 Re: Linksys Routers still Vulnerable to Wps vulnerability. Waidaminnit... Didn't you try to sell me a belkin the other day? Conflict of interest there Sent from my BlackBerry® wireless device -----Original M 10 Feb 2012 12:01:39 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85001 Re: Linksys Routers still Vulnerable to Wps vulnerability. According to the Reaver people, DD-WRT doesn't support WPS at all :) On Fri, Feb 10, 2012 at 2:00 PM, Zach C. <fxchip@gmail.com> wrote: > Solution: 10 Feb 2012 11:41:37 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/85000 Re: Linksys Routers still Vulnerable to Wps vulnerability. Solution: use DD-WRT? Or is that vulnerable too? (Or are there worse problems? :)) On Feb 10, 2012 10:12 AM, "Dan Kaminsky" <dan@doxpara.com> wrote: 10 Feb 2012 11:00:02 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84999 [ MDVSA-2012:016 ] glpi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advi 10 Feb 2012 11:00:00 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/84998