|
|
Colapse all |
Post message
Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) 2006-11-25 Thor (Hammer of God) (thor hammerofgod com) Re: Re: Digipass Go3 Token Dumper (at least for 2006) 2006-11-25 fcollyer gmail com Thanks Hugo! http://www.securityfocus.com/bid/21040 says: "(...)Digipass Go3 is prone to an insecure-encryption vulnerability because the device uses an insecure single-key encryption algorithm (...)" That is not the case. The C++ implementation that I've provided shows exactly the _opposite_! It [ more ] [ reply ] Free tool for pattern identification (for researchers) 2006-11-25 Gary Golomb (gary proventsure com) I'll keep this post short. See the webpage for *lots* more detail. Please send questions/comments/etc to me off-list, as this [probably] has no reason to become a thread. I'm posting this link to a couple lists, so if you are getting this twice, I apologize. I'm posting an application based on co [ more ] [ reply ] Wisi Portal [Sql Injection By Jesus Tovar] 2006-11-25 nagazakig74 hotmail com ###################### ##By: Jesus Tovar ##mail: nagazakig74 (at) hotmail (dot) com [email concealed] ##Greetz: Dario Struz ##Vendor: http://www.wsicorporate.com ##Digital Security Owner #################################### Dork: "Created and maintained by WSI" File Bug: /login.asp /admin/login.asp /admin [ more ] [ reply ] Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) 2006-11-24 Thor (Hammer of God) (thor hammerofgod com) (1 replies) Inline: On 11/24/06 10:46 AM, "stopmakingnoise (at) gmail (dot) com [email concealed]" <stopmakingnoise (at) gmail (dot) com [email concealed]> opined: > Having said this, do we really need a paper telling us: > > - "SQL Server code is just more secure than Oracle code." > > - "Does Oracle have an equivalent of SDL? > Looking at the results, I donâ??t [ more ] [ reply ] Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) 2006-11-25 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) AttackAPI 2.0 alpha 2006-11-25 pdp (architect) (pdp gnucitizen googlemail com) http://www.gnucitizen.org/projects/attackapi/ I understand that this announcement may be disturbing but I decided to do it anyway. I am quite happy to introduce AttackAPI 2.0 branch which is a lot better then the 1.x. Now it is a lot easier to code JavaScript attack vectors. There are also quite a [ more ] [ reply ] New Windows tool - NBTEnum 3.3 2006-11-24 Reed Arvin (reedarvin gmail com) New Windows tool - NBTEnum 3.3 Tool location: http://reedarvin.thearvins.com/tools/NBTEnum33.zip ===== Description: NetBIOS Enumeration Utility (NBTEnum) version 3.3 is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated infor [ more ] [ reply ] DoS in Microsoft Windows Live Messenger <= 8.0 2006-11-24 dragonjar gmail com Any one can make a DOS in the Microsoft Windows Live Messenger <= 8.0. Steps: 1. go to tools 2. optinos 3. messages 4. uncheck the gestual emoticons Then you can send " :D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D :D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D:D :D:D:D:D:D:D:D:D:D:D:D:D:D:D: [ more ] [ reply ] WebHost Manager (WHM) Multiple Cross-Site Scripting 2006-11-24 Advisory Aria-security net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=44 #----------------------------------------------------------- #Software: WebHost Manager (WHM) #Tested WHM X v3.1.0 (dem [ more ] [ reply ] CPanel 11 Multiple Cross-Site Scription 2006-11-24 Advisory Aria-security net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=44 #----------------------------------------------------------- #Software: CPanel #Tested On CPanel 11 Beta #Poc: # http [ more ] [ reply ] PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit 2006-11-24 crackers_child sibersavascilar com #!/usr/bin/perl ######################################################################## ################################ # PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit ######################################################################## ################################ [ more ] [ reply ] [ GLSA 200611-20 ] GNU gv: Stack overflow 2006-11-24 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Cahier de texte V2.0 SQL Code Execution Exploit 2006-11-24 gmdarkfig gmail com #!/usr/bin/perl # # # INFORMATIONS # ============ # Affected.scr..: Cahier de texte V2.0 # Poc.ID........: 15061124 # Type..........: Predictable backup filename, Source disclosure # Risk.level....: High # Conditions....: register_globals = on # Src.download..: www.etab.ac-caen.fr/bsauveur/cahier_de [ more ] [ reply ] [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows 2006-11-24 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) 2006-11-24 stopmakingnoise gmail com (1 replies) Yes the comparison is fair but language is not. Disclaimer. I do not work for Oracle, nor do I represent them nor am I associated with them in any way. Neither have I any interest in defending Oracle etc. etc. Additionally, I strongly agree they're pretty *BAD* at security, aren't responding in an [ more ] [ reply ] Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) 2006-11-25 Steve Friedl (steve unixwiz net) [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection 2006-11-24 Advisory Aria-security net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory : #http://www.aria-security.com/forum/showthread.php?t=42 #----------------------------------------------------------- #Software: MidiCart ASP Shopping Cart #Method: SQL Inject [ more ] [ reply ] [Aria-Security Team] iNews News Manager SQL Injection 2006-11-24 Advisory Aria-security net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory: #http://www.aria-security.com/forum/showthread.php?t=40 #----------------------- ------------------------------------ #Software: iNews News Manager #Method: SQL Injectio [ more ] [ reply ] [Aria-Security Team] ASP ListPics 5.0 SQL Injection 2006-11-24 Advisory Aria-security net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory : #http://www.aria-security.com/forum/showthread.php?t=41 #----------------------------------------------------------- #Software: ASP ListPics 5.0 #Method: SQL Injection # #Po [ more ] [ reply ] [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection 2006-11-24 Advisory Aria-security net #Aria-Security Team Advisory #<www.Aria-security.Com For English > #<www.Aria-Security.net For Persian > #Original Advisory : http://www.aria-security.com/forum/showthread.php?t=39 #----------------------------------------------------------- #Software: Fixit iDMS Pro Image Gallery #Method: SQL Injec [ more ] [ reply ] |
|
Privacy Statement |
On 11/25/06 9:53 AM, "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
<sbradcpa (at) pacbell (dot) net [email concealed]> opined:
> However, one cannot merely jump from the fact that Mr. Litchfield is
> beyond reproach to make his mere opinions into facts.
>
> Expert witnesses are bound by the "Daubert test" these days (g
[ more ] [ reply ]