|
|
Colapse all |
Post message
MS to stop allowing passwords in URLs 2004-01-28 McAllister, Andrew (McAllisterA umsystem edu) I just read that Microsoft will stop allowing IDs and passwords to be embedded in URLs used by Internet Explorer. So you will no longer be able to use a URL like https://user:password (at) www.somehost (dot) com [email concealed]/ See http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 Their reasoning is that this [ more ] [ reply ] Mydoom DDoS attack time table 2004-01-31 Gadi Evron (ge egotistical reprehensible net) I apologize if in my previous email I didn't make it clear, this is an important issue for system administrators world wide, so I am emailing again in regard to this subject alone - a time table for the Mydoom DDoS attack. In my post from the 30th of January with the subject: "Refuting tall-tal [ more ] [ reply ] Re: new WIN virus? 2004-01-29 markus-1977 gmx net Hi, Seems that the webpage uses several known (unfixed) exploits in IE, i.e. it spoofes the URL in the adress-bar and overwrites Mediaplayer with an executable (updatte.exe). I took a quick look at the executable. It seems to be some sort of 900#-dialer. I couldn't find out a lot since all my disass [ more ] [ reply ] outbreak warning: new Myydoom.B is out 2004-01-28 Gadi Evron (ge egotistical reprehensible net) (1 replies) You can find information on Symantec's web page. Blocking: same port as last time, 3127. Gadi Evron [ more ] [ reply ] Re: [Full-Disclosure] outbreak warning: new Myydoom.B is out 2004-01-28 Gadi Evron (ge egotistical reprehensible net) MDKSA-2004:006-1 - Updated gaim packages fix multiple vulnerabilities 2004-01-30 Mandrake Linux Security Team (security linux-mandrake com) Advisory ! 2004-01-31 Mr Serbia (serbian_sniper hotmail com) ------------------------------------------------- thePHOTOtool SQL Injection Vulnerability By KingSerb ------------------------------------------------- Please Forgive my spelling or any mistakes i have made, Its my first discovery of a vulnerablity so please understand, and use this file for ed [ more ] [ reply ] http://www.smashguard.org 2004-01-30 Hilmi Ozdoganoglu (cyprian purdue edu) SmashGuard is a hardware-based solution developed at Purdue University to prevent Buffer-Overflow Attacks realized by overwriting the Function Return Address (patent-pending). The design of SmashGuard is a kernel patch that supports CPUs modified to support SmashGuard protection. For d [ more ] [ reply ] RE: virus handling 2004-01-28 Rainer Gerhards (rgerhards hq adiscon com) I agree with most in this post, but not with 3), the ISP actions. This is not doable for an ISP, not from a ressource (manpower) point of view and even hardly from a contractual basis. And, no, I am not with an ISP. Other than that, I really think the AV vendors should do this. Also, I hardly can [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs 2004-01-30 FreeBSD Security Advisories (security-advisories freebsd org) Serv-U exploit 2004-01-30 Berend-Jan Wever (SkyLined edup tudelft nl) Hi, Attached is my Serv-U "SITE CHMOD" exploit. Should be pretty script kiddie friendly. Cheers, SkyLined -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com Comment: Berend-Jan Wever - skylined (at) edup.tudelft (dot) nl [email concealed] mQGiBD//MyARBADnHLyg2lUBEddhdWAVBx [ more ] [ reply ] Cisco Security Advisory: Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049) 2004-01-29 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049) Revision 1.0 - FINAL For Public Release 2004 January 29 18:00 UTC (GMT) - ----------------------------------------------------------------------- Conte [ more ] [ reply ] [FLSA-2004:1207] Updated cvs resolves security vulnerability 2004-01-29 Jesse Keating (jkeating j2solutions net) ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========---------- 2004-01-29 pask open3s com ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========---------- Title: Local Vulnerability in IBM Informix IDSv9.40 onedcu binary Date: 08-08-2003 Platform: Only tested in Linux but can be exported to others. Impact: Users with exec perm over ./bin/onedcu can create [ more ] [ reply ] ----------========== OPEN3S-2003-08-08-eng-informix-onshowaudit ==========---------- 2004-01-29 pask open3s com ----------========== OPEN3S-2003-08-08-eng-informix-ontape ==========---------- 2004-01-29 pask open3s com ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving 2004-01-29 ZetaLabs (zetalabs zone-h org) |
|
Privacy Statement |
Hash: SHA1
in response to replies i've received on and off list...
no: i'm not infected (i live in an M$-free home).
no: i didn't submit the [suspected] virus to anyplace other than what i
originally listed.
yes: the HTML file is a trojan. it's purpose is to co
[ more ] [ reply ]