>Which shows that Gmail (which I use to write this email) is badly
>designed, logout should be used via a POST only...

Well I prefer to use url/form "signing" for certain actions in some of my
webapps.

Fake example:
http://somewhere.null/webapp?do=transfer&src=1234&dst=5678&amt=5551&sig=
ac36d415

[ more ]  [ reply ]

On Mon, Sep 12, 2005 at 02:06:30PM -0400, Hugo Vinicius Garcia Razera wrote:
> Hi every one, I would like to now if any one can help me whit this little
> problem.
>
>
>
> I'm trying to use the win32_bind shell code that come whit the metasploit
> Framework in one exploit that I'm writing in c++

[ more ]  [ reply ]

Hi,

Background:
A number of sites allow minimally controlled 3rd parties to post links to
images which other 3rd parties can view, and the only filtering used is
some pattern matching to ensure that a url has the "correct" extension.

However such filtering has problems if the "image" url actuall

[ more ]  [ reply ]

Snort <= 2.4.0 SACK TCP Option Error Handling

Package: Snort 2.4.0 (And previous versions)
Vendor url: http://www.snort.org
Class: Error Handling Exceptional Conditions
Risk: High
Credits: A. Alejandro Hernández Hernández
Contact: nitrous[at]vulnfact[dot]com

*BACKGROUND*
Snort is an open sour

[ more ]  [ reply ]

The HOD exploit for ms05-39 has been tested on windows
2000 sp4. Based upon the comments in the machine code
for the rpc call I am assuming the return address for
the buffer overflow to be 0x767a1567. Is this memory
address the return address for the buffer overflow?

If it is the case that thi

[ more ]  [ reply ]

Ups! Now I'm reading the second part of your mail (sorry, I'm doing
multitasking here :).
I don't know any good tool to analyze software security, when I have to
do that kind of work I basically do this:
- Build a fast schema of the objects/functions dependencies and
functionalities identifien the

[ more ]  [ reply ]

This was published by CERT. I sometimes uses it as a guideline.
http://www.cert.org/tech_tips/usc20_full.html

regards, Mauro Flores

On Wed, 2005-08-31 at 12:52 +0000, anceky (at) yahoo.com (dot) br [email concealed] wrote:
> Can anyone tell me some references (sites, articles) about Linux free software auditing ?
>
> I need

[ more ]  [ reply ]

You can use Bastille linux as a security auditing tool. Use the -a
option.
You can also take a look at http://www.cisecurity.org/bench_linux.html,
but above all, found a person that knows Linux Security. The tools are
just a help and can't replace human knowledge :)

regards, Mauro Flores

On Wed, 2

[ more ]  [ reply ]

Hi.

You can check the Center for Internet Security, www.cisecurity.com.

They have great benchmarks/tools, among them for Linux too.

--Snip--

CIS_RHLinux_Benchmark_v1.0.3.pdf - the Benchmark document contains detailed
instructions for implementing the steps necessary for CIS Level-I security
on

[ more ]  [ reply ]

look here...
http://www.vanheusden.com/Linux/audit.html

luka.research

[ more ]  [ reply ]

hi all:

Xcon2005 closed successful on Aug 20th, 2005

Those papers released in http://xcon.xfocus.org/
Chinese version papers in http://xcon.xfocus.net/

Hacking Windows CE..............................................-- by San
Windows Kernel Pool Overflow Exploitation ......................-- by

[ more ]  [ reply ]

Hi,

as you probably all know, Windows DLLs have different base addresses
across Windows/SP/languages
so i think it could be usefull to try to build a multi-lang opcodes
database, isn't it?
so, i have done VERY QUICKLY a little package based on a .BAT and some
tools :

Files included in the package

[ more ]  [ reply ]

Call for Papers

22C3 - Private Investigations
22nd Chaos Communication Congress
December 27th to 30th, 2005
Berlin, Germany

http://www.ccc.de/congress/2005/

Overview
========

The 22nd Chaos Communication Congress (22C3) is a four-day conference on
technology, society and utopia. The Congress o

[ more ]  [ reply ]

Yesterday while trying another vuln i`ve got SIGSEGV from rm (fileutils)
4.1 while
trying to rm`ing a huge directory tree. I haven`t seen an advisory like
this before so i released it that can be found at:

http://nutshell.gotfault.net/papers/adv_rm.txt

Best regards.

[ more ]  [ reply ]

a couple of bugs i found in os x applications:

real player for os x:
_______________________________
realplayer's proxy preference contains an overflow when filled with a
large string of characters.
gdb output:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_AD

[ more ]  [ reply ]

TOORCON 7 LINEUP FINALIZED & PRE-REGISTRATION ENDING

ToorCon 7 has finalized its speaker lineup with over 30 talks spanned
across 2 days. ToorCon will be taking place this year at the San Diego
Convention Center on September 16th-18th.

ABOUT TOORCON
ToorCon is just around the corner again this ye

[ more ]  [ reply ]

Hi,

I describe a new way to exploit heap-based buffer overflows in the following paper:

http://www.packetstormsecurity.com/papers/bypass/bypassing-win-heap-prot
ections.pdf

Basically, one can use critical section related linking structures stored on the process?s default heap to produce a n*4-byte

[ more ]  [ reply ]

Hello All,

After the recent increase of Internet Browser exploits I couldn't help but
give it a quick play.
After a bit of playing I found a bug with the latest version of FireFox
which seems to work on Win2K & WinXP.

I believe the bug to be with one of the plugins but since im not a
coder/reverse

[ more ]  [ reply ]

font book allows users to add new "collections" of fonts with a name of thier choice. When the name of the collection is a very very very large string of characters it crashes. here is the gdb output:
_____________________________________________________________
(gdb) run
Starting program: /Applica

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

***Exploitation Challenge***

Submissions for the CSR challenge have trickled in, one by one.

With some submissions containing a satisfactory exploit that meet
the demands for successful exploitation of csr-inject_v1.tgz ...

It appears that a rando

[ more ]  [ reply ]

Is it really possible? I compiled it, and for ex, looking for the address of printf. However gdb said:

gdb> p printf
$2 = {<text variable, no debug info>} 0xb7e93758 <printf>
gdb>

actually its address varies according to the application even if it's dynamically linked. Or am I missing a point

[ more ]  [ reply ]

Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2
-----------------------------------------------------------

Release Date: July 15 2005
Severity: Medium

A vulnerability has been discovered in Sybase EAServer. If exploited,
this can result in
user-specified code being executed under the

[ more ]  [ reply ]

ASP.NET RCP/Encoded Web service DOS
http://www.spidynamics.com/spilabs/advisories/aspRCP.html

Release Date: July 11, 2005
Severity: High

[System Affected]
* IIS Servers exposing ASP.NET Web services that consume arrays in
RCP/Encoded mode
* Applications using System.Xml.Serialization to consume un

[ more ]  [ reply ]

English url: http://pacsec.jp/speakers.html?LANG=ENGLISH
Japanese url: http://pacsec.jp/speakers.html?LANG=JAPANESE

PacSec/core05 CALL FOR PAPERS

World Security Pros To Converge on Japan November 15/16

TOKYO, Japan -- To address the increasing importance of information
security in Japan, the b

[ more ]  [ reply ]