Full Disclosure | Full-Disclosure

Full Disclosure | Full-Disclosure Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ en-us (c) Gossamer Threads Inc. All rights reserved. 01 Dec 2008 17:16:05 -0800 120 Gossamer Threads | Full Disclosure | Full-Disclosure 75 23 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg Re: More proof that Microsoft products are probably backdoored If they use zero-day exploits then thats illegal. Secondly, are they using zero-day exploits post on public mailing lists or using their own home gro 01 Dec 2008 14:51:34 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65419 Fwd: Iran executes IT expert who spied for Israel ---------- Forwarded message ---------- From: n3td3v <xploitable@gmail.com> Date: Mon, Dec 1, 2008 at 10:23 PM Subject: Iran executes IT expert who sp 01 Dec 2008 14:25:34 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65418 [USN-682-1] libvorbis vulnerabilities =========================================================== Ubuntu Security Notice USN-682-1 December 01, 2008 libvorbis vulnerabilities CVE- 01 Dec 2008 09:11:59 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65414 [USN-681-1] ImageMagick vulnerability =========================================================== Ubuntu Security Notice USN-681-1 December 01, 2008 imagemagick vulnerability CVE- 01 Dec 2008 09:11:08 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65413 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0 BLUE MOON SECURITY ADVISORY 2008-09 =================================== :Title: Two buffer overflows in Maxum Rumpus :Severity: Critical :Reporter: 01 Dec 2008 08:56:19 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65412 Re: Project Chroma: A color code for the stateofcyber security Project chroma project? Welcome to the redundancy department of redundancy.. Mike c aka n3td3v shut the fuck up -----Original Message----- From: ful 01 Dec 2008 01:15:59 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65405 /bin/login gives root to group utmp There is a group-utmp-to-root privilege escalation vulnerability in /bin/login in Debian, and I expect in all other Linux distros. For details and exp 30 Nov 2008 11:51:11 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65392 Re: Project Chroma: A color code for the state ofcyber security The SANS Internet Storm Center has been doing this for ages. It has the advantage of being data driven, using the DShield reports as a primary sensor 30 Nov 2008 09:28:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65388 [SECURITY] [DSA 1675-1] New phpmyadmin packages fix cross site scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 30 Nov 2008 04:53:28 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65406 [SECURITY] [DSA 1674-1] New jailer packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 30 Nov 2008 00:33:23 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65384 Project Chroma: A color code for the state of cyber security Hi, It is time to take an example from Homeland Security and define codes of color for cyber-warfare threat levels. I propose the following: Green l 29 Nov 2008 21:34:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65381 Indian allegations alarm Pakistan Indian-Pakistan war is about to kick off folks... http://news.bbc.co.uk/1/hi/world/south_asia/7757031.stm __________________________________________ 29 Nov 2008 16:10:43 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65375 [SECURITY] [DSA 1673-1] New wireshark packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 29 Nov 2008 15:07:40 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65374 Security industry software license I think we should push for this so that attack platforms that are designed for penetration testers aren't used by the bad guys. I've already outlined 29 Nov 2008 10:17:22 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65369 Lazy bum approach to security On Wed, Nov 26, 2008 at 5:49 PM, Mike C <mike.cartall@gmail.com> wrote: > I'm sure theres no reason to doubt that. The fact remains full-disclosure is 29 Nov 2008 10:16:45 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65368 [SECURITY] [DSA 1672-1] New imlib2 packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 28 Nov 2008 18:28:21 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65367 [tool] Exomind v0.2 is out! What is Exomind? Exomind is an experimental Python console and programmatic framework for building decorated graphs and developing open-source intell 28 Nov 2008 13:36:31 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65366 DC4420 - DEFCON London - Christmas Meet - Tuesday 2nd December, 2008 Yes folks, it's that time of the month/year again... This will be our last meeting of 2008, so we're planning to make it a goodun!!! All are welcome 28 Nov 2008 04:46:03 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65364 DC4420 - DEFCON London - Christmas meeting - Tuesday 2nd December 2008 Yes, folks, it's that time of the year/month again... This will be our last meeting of 2008, so we're planning to make it a goodun!!! All are welcom 28 Nov 2008 04:37:01 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65363 im so done. n3td3v/andrew wallace of the uk u r a waste of time. a waste of air. i m done w/ u. u wont admit u know nothing, u dont do anything worth a thing. 27 Nov 2008 18:20:38 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65352 SecurityReason : PHP 5.2.6 dba_replace() destroying file -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ SecurityReason.com PHP 5.2.6 dba_replace() destroying file ] Author: Maksymilian Arciemowicz http:// 27 Nov 2008 16:01:25 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65339 [USN-679-1] Linux kernel vulnerabilities =========================================================== Ubuntu Security Notice USN-679-1 November 27, 2008 linux, linux-source-2.6.15/22 27 Nov 2008 09:51:15 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65335 FAO John Cartwright I urge you to ban Ureleet@Gmail.com from full-disclosure with immediate effect. _______________________________________________ Full-Disclosure - We 27 Nov 2008 09:45:06 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65333 Re: does the aim service save chat sessiondetails? How about you and Netdev email each other off list that would help my spam folder greatly. P.S Happy Turkey day! Sent from my Verizon Wireless BlackB 27 Nov 2008 09:16:48 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65331 [USN-680-1] Samba vulnerability =========================================================== Ubuntu Security Notice USN-680-1 November 27, 2008 samba vulnerability CVE-2008-4 27 Nov 2008 06:22:56 -0800 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/65319