The concept of diversity in computer systems is nothing new. There
are plenty of papers on the subject available, one is at:

http://www.cs.unm.edu/~immsec/publications/hotos-97.pdf

> -----Original Message-----
> From: Peter Huang [mailto:yinrong (at) rogers (dot) com [email concealed]]
> Sent: Thursday, January 30, 2003 11:0

[ more ]  [ reply ]

SummerCon 2003
June 6th, 7th, 8th 2003
Pittsburgh, PA

Come out and meet your favorite hackers, phreakers, phrackers, feds, 2600
kids, cops, security professionals, U4EA, r00t kids club, press, groupies,
chicks, conference whores, k0d3 kids, convicted felons, and concerned
parents! It?s time again:

[ more ]  [ reply ]

Defeating Exploits
**************
The ideas in this "paper" present a method for defeating exploits; not the
actual vulnerability. Before getting to the details let's consider slammer
(again).

What made slammer so successful?
The overriding factor that made slammer so successful was it's ability to

[ more ]  [ reply ]

Abstract:

On January 25, 2003, the SQL Slammer worm (w2.SQLSlammer.worm), also known

as Sapphire (F-Secure), w32.SQLexp.worm (Symantec), and Helkern

(Kaspersky) fully exploited known vulnerabilities in Microsoft SQL 2000

servers and caused tremendous network jam around the world. In this

[ more ]  [ reply ]

We allready knew pressing the back button on IE is dangerous
(http://online.securityfocus.com/archive/1/267561) So it wont come as a
total shock
that so is clicking a link :)
The problem lies in the dragdrop method that was added as a method on
nearly all HTML elements in ie5.5 This method makes a

[ more ]  [ reply ]

"After" Security Advisory

Title: OpenBSD chpass/chfn/chsh file content leak
Affects: chpass/chfn/chsh from OpenBSD (from 2.0 to 3.2)
Advisory ID: ASA-0001
Release Date: 2003-02-03
Author: Marc Bevand <bevand_m (at) epita.fr>
URL: http://www.ep

[ more ]  [ reply ]

I examined this issue to eventually create a security patch but i failed
when diving deeper into the material. Shortly said, i'm not lucky with
the patch and here are my considerations.

IMHO, when a relay forwards a BOOTREQUEST it must not use the MAC
broadcast as a destination - unless the system

[ more ]  [ reply ]

Hi!

It is possible to cause a remote denial of service attack against Kazaa
Media Desktop v2.

If you can inject a malicous response for the automated ad download of
the client, you can cause a bufferoverflow and the denial of service. It
may be possible to run arbitary code with this vulnerability

[ more ]  [ reply ]

Informations :
°°°°°°°°°°°°°°
Version : 0.4.3-1
Website : http://myphppagetool.sourceforge.net/
Problem : Include file

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php,
help4.php, help5.php, help6.php, help7.php, help8.php and help9.

[ more ]  [ reply ]

Informations :
°°°°°°°°°°°°°°
Version : 1.00
Website : http://www.pc-encheres.com
Problem : SQL Injection

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
compte.php :
---------------------------------------------------------------
<?
session_start();

if (isset($achat))
{
session_register("achat");
}
el

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-02
- - --------------------------------------------------------------------

PACKAGE : slocate
SUMMARY : buffer overflow
DATE : 2003-02

[ more ]  [ reply ]

######################################################################

Applications: Blade encoder (http://bladeenc.mp3.no)
Versions: 0.94.2 and previous versions
Platforms: All the platforms supported by the program
Bug: Usage of an integer number for seeking the file
Risk (high):

[ more ]  [ reply ]

A bug in cvs versions up to and including 1.11.4 was recently found
where, under certain conditions,
a pointer is free()'d, and then free()'d again without being
re-initialised.
The reports with regards to the exploitability of the condition in
question range from -
"it is a classical exploitable

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-01
- - --------------------------------------------------------------------

PACKAGE : Mail-SpamAssasin
SUMMARY : arbitrary code execution

[ more ]  [ reply ]

So after writing the RPC locator exploit, I noticed that the service
is not actually vulnerable until it has been initialized
properly. Does anyone have any more information on how often and when
this service is intialized (as opposed to simply started)?

Here is tethereal output illustrating an un

[ more ]  [ reply ]

We have completed our preliminary analysis of the spread of the
Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to
spread worldwide making it by far the fastest worm to date. In the
early stages the worm was doubling in size every 8.5 seconds. At its
peak, achieved approximately

[ more ]  [ reply ]

Good Evening,
while screwing around tonight checking memory for the SSH2
advisory. I noticed passphrase and complete sessions from silc in
memory. I dont know if this is normal for silc ( I wouldnt think it
would be ) but all you need to do it is:

cdowns@Vader:~$ sudo dd if=/dev/mem of=/hom

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: CVS double free vulnerability
Advisory number: CSSA

[ more ]  [ reply ]

---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated kerberos packages fix vulnerability in ftp client
Advisory ID: RHSA-2003:020-10
Issue date: 2003-01-31
Updated on: 2003-01-

[ more ]  [ reply ]

Suggested Risk Level: Medium (many conditions must be fulfilled to reach
exploit but results can be destructive)

Types of Risk: HTTP SSL session re-use, information disclosure, gain
access and control, manipulation of key management information and
destructive actions (as server reboot).

Affec

[ more ]  [ reply ]

Aloha, David.

Please continue to publish proof of concept sample exploit code and disclose
the details of vulnerabilities that you discover or analyze. The public
receives little or no security benefit from keeping knowledge obscure, and
closed source (secret) analysis of mistakes from the past gua

[ more ]  [ reply ]

I've reported this to 3ware at least twice, and never received any
response. Previously I didn't have a test case other than "run a nessus
scan against the host". I've narrowed it down to a reproducible minimum
test case now.

If you connect to 3dm port 1080 on either linux or windows and send:

GET

[ more ]  [ reply ]

OVERVIEW
========

Tomcat is a JSP/Servlet implementation developed at the Apache Software
Foundation. Tomcat versions 3.3.1 and earlier contain some security
vulnerabilities which allow a remote user to retrieve listings of
directories despite index.html or index.jsp files. It is also possib

[ more ]  [ reply ]

3rd party apps with MSDE.
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13

-=BM=-
"Try not. Do. Or do not. There is no try." - Yoda
Security News - http://news.ists.dartmouth.edu/todaysnews.html

-----Original Message-----
From: Stefan Laudat [mailto:stefan (at) worldbank (dot) ro [email concealed]]

[ more ]  [ reply ]