Full Disclosure mailing list archives
Re: Full-Disclosure Digest, Vol 17, Issue 12
From: "Jhou Shalnevarkno" <jhou.shalnevarkno () gmail com>
Date: Fri, 7 Jul 2006 15:33:43 +0000
I've been wondering when n3td3v would die.. he's such a sore loser. On 07/07/06, full-disclosure-request () lists grok org uk <full-disclosure-request () lists grok org uk> wrote:
Send Full-Disclosure mailing list submissions to
full-disclosure () lists grok org uk
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.grok.org.uk/mailman/listinfo/full-disclosure
or, via email, send a message with subject or body 'help' to
full-disclosure-request () lists grok org uk
You can reach the person managing the list at
full-disclosure-owner () lists grok org uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."
Note to digest recipients - when replying to digest posts, please trim your
post appropriately. Thank you.
Today's Topics:
1. Re: The truth about Rob Levin aka Liloofirc.freenode.net
(Dave "No, not that one" Korn)
2. Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam
Blogs (Juha-Matti Laurio)
3. Re: Two-Factor Authentication on the Web (mikeiscool)
4. [SECURITY] [DSA 1105-1] New xine-lib packages fix denial of
service (Martin Schulze)
5. Re: Re: Google and Yahoo search engine zero-day code
(Patrick Fitzgerald)
----------------------------------------------------------------------
Message: 1
Date: Fri, 7 Jul 2006 02:36:36 +0100
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Subject: [Full-disclosure] Re: The truth about Rob Levin aka
Liloofirc.freenode.net
To: full-disclosure () lists grok org uk
Message-ID: <e8kdr5$g29$1 () sea gmane org>
Eliah Kagan wrote:
> On 7/6/06, Edward Pearson wrote:
>> Yes, shame on you.
>> If Rob took you to court, you'd be in big fucking trouble.
>
> Wow, feel the hate.
>
> evilrabbi pointed it out, but maybe you didn't catch it...court
> records are public...
>
> Benjamin Krueger spoke of, "SSN, birthdate, and other personal data,"
> but see, nobody posted any of that...Andrew A posted some information
> from PUBLIC COURT RECORDS...
>
> -Eliah
You appear to have come in part way through this thread and missed the
first post that started it, which had Rob Levin's SSN, birthdate and
personal data.
What makes you look even dafter is that the post by Andrew A, which you
clearly *have* seen, re-quoted the entire thing beneath the top-post,
including Rob Levin's SSN, birthdate and personal data.
If you can't see things such as an SSN, birthdate, and personal data, when
they're right there in front of you, please don't try and help anyone else
by discussing the absence of SSN, birthdate, and personal data, from posts
that you clearly didn't pay the slightest attention to when you read them.
cheers,
DaveK
--
Can't think of a witty .sigline today....
------------------------------
Message: 2
Date: Fri, 7 Jul 2006 05:22:29 +0300 (EEST)
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Subject: [Full-disclosure] Major updates to Excel 0-day Vulnerability
FAQ at SecuriTeam Blogs
To: full-disclosure () lists grok org uk
Message-ID:
<10635453.503051152238949865.JavaMail.juha-matti.laurio () netti fi>
Content-Type: text/plain; Charset=iso-8859-1; Format=Flowed
Several updates to First Microsoft Excel 0-day Vulnerability FAQ document at
http://blogs.securiteam.com/?p=451
has been done.
* Several exploits for this vuln and other Excel issues has been released
recently
* PoC sample file Nanika.xls was posted to Bugtraq on Monday already
(NOTE: Several vendors see this as a separate vulnerability)
* New Trojan variant names added to the document
* Some other updates and fixes
Word 'First' to the FAQ document title was added in June to clarify the
situation after several Excel vuln disclosures.
At time of writing new 'Nanika' issue uses Repair Mode too (and user
interaction is needed).
There is no exact information is this a totally new type vulnerability,
however.
- Juha-Matti
------------------------------
Message: 3
Date: Fri, 7 Jul 2006 12:25:53 +1000
From: mikeiscool <michaelslists () gmail com>
Subject: [Full-disclosure] Re: Two-Factor Authentication on the Web
To: "PPowenski () oag com" <PPowenski () oag com>
Cc: webappsec () securityfocus com, "full-disclosure () lists grok org uk"
<full-disclosure () lists grok org uk>
Message-ID:
<5e01c29a0607061925p291ad51fg800af756bc0675ac () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 7/6/06, PPowenski () oag com <PPowenski () oag com> wrote:
> http://www.theregister.co.uk/2005/04/04/fingerprint_merc_chop/
>
> Carjackers swipe biometric Merc, plus owner's finger
honestly, this guy should sue mercedes. this absoutely had to forsee
this possibility and they did not care. something like that needs to
happen so that we can finall put an end to the stupidity that is
biometrics.
-- mic
------------------------------
Message: 4
Date: Fri, 7 Jul 2006 08:43:43 +0200 (CEST)
From: joey () infodrom org (Martin Schulze)
Subject: [Full-disclosure] [SECURITY] [DSA 1105-1] New xine-lib
packages fix denial of service
To: debian-security-announce () lists debian org (Debian Security
Announcements)
Message-ID: <20060707064343.44332FDDD () finlandia home infodrom org>
Content-Type: text/plain; charset=iso-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1105-1 security () debian org
http://www.debian.org/security/ Martin Schulze
July 7th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : xine-lib
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2802
BugTraq ID : 18187
Debian Bug : 369876
Federico L. Bossi Bonin discovered a buffer overflow in the HTTP
Plugin in xine-lib, the xine video/media player library, taht could
allow a remote attacker to cause a denial of service.
For the old stable distribution (woody) this problem has been fixed in
version 0.9.8-2woody5.
For the stable distribution (sarge) this problem has been fixed in
version 1.0.1-1sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 1.1.1-2.
We recommend that you upgrade your libxine packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.dsc
Size/MD5 checksum: 761 113ef134a39e2f37bc6395dc2e43b538
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.diff.gz
Size/MD5 checksum: 2339 194c32b8c93f5e85c873454412f63552
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz
Size/MD5 checksum: 1766178 d8fc9b30e15b50af8ab7552bbda7aeda
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_alpha.deb
Size/MD5 checksum: 261022 3314df47933eadc0af5b5cf4a36afdfe
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_alpha.deb
Size/MD5 checksum: 816024 897664eee06d09f43375f5320be1f17b
ARM architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_arm.deb
Size/MD5 checksum: 302960 9dee75c3d13aabb5e83978e0d75ec4ce
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_arm.deb
Size/MD5 checksum: 671494 dafc6c14181802dd56c887583bbf5140
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_i386.deb
Size/MD5 checksum: 260788 3a98e4d713d1c341fe69a717c8de0072
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_i386.deb
Size/MD5 checksum: 807996 1dd6e453aa93c420a145dd5397ee99bd
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_ia64.deb
Size/MD5 checksum: 260864 46ae5bb7b3256421dd7291e7c8898369
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_ia64.deb
Size/MD5 checksum: 953654 887b267a44c50e00f8bf9e2190852ca8
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_hppa.deb
Size/MD5 checksum: 260968 aa1ee745d7c5c6b9a8271c64f0a587a0
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_hppa.deb
Size/MD5 checksum: 846792 60ed39365a0c67db2d4fba67d2ba1583
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_m68k.deb
Size/MD5 checksum: 292718 2a87b508bcc610a01abf8c9c3773d40d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_m68k.deb
Size/MD5 checksum: 617706 67075fef400071473fa948e5dd89b8fc
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mips.deb
Size/MD5 checksum: 299478 5b0c49b3745472f71725dd052b60d712
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mips.deb
Size/MD5 checksum: 653086 0044bef2d6ebeb01385d1a20a716046a
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mipsel.deb
Size/MD5 checksum: 299568 79851707d297d94d74b613d5abaa6b3a
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mipsel.deb
Size/MD5 checksum: 655030 0868f2d006c6b5282c8880a8460fed77
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_powerpc.deb
Size/MD5 checksum: 261278 fc16e5e2889afdd2c73491714575d53f
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_powerpc.deb
Size/MD5 checksum: 742454 6c2be22417b910c45c0bb113a4f7707b
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_s390.deb
Size/MD5 checksum: 302404 9d54d7d12b431358f99fe688e2999cb5
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_s390.deb
Size/MD5 checksum: 662920 5da8cbae8d02f579e8150dde1b07c4f8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_sparc.deb
Size/MD5 checksum: 261104 30717fe03e13e5dfbd5adbf4dafd93eb
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_sparc.deb
Size/MD5 checksum: 803816 fe08139ea1b35f3e7d5b7bcb8de20dd3
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.dsc
Size/MD5 checksum: 1062 998afa8ddece7f06aac69cb8787b8bea
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.diff.gz
Size/MD5 checksum: 3230 6b65bdac09c698d6dcfc9c01f417714b
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
Size/MD5 checksum: 7774954 9be804b337c6c3a2e202c5a7237cb0f8
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_alpha.deb
Size/MD5 checksum: 107646 53ba83cd587bed30cdbd5dd96a241e43
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_alpha.deb
Size/MD5 checksum: 4829370 83e8d3ed71f20b06d4edcd1a97247903
AMD64 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_amd64.deb
Size/MD5 checksum: 107640 9be42e567a232db85ade634a8875cea1
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_amd64.deb
Size/MD5 checksum: 3933392 03aaaf4b88fd5cc99ab7048e386a81eb
ARM architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_arm.deb
Size/MD5 checksum: 107698 857f520bcc947238b6a1732239508e29
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_arm.deb
Size/MD5 checksum: 3878442 e505d7fd20cff3d6965e0e55640e5da0
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_i386.deb
Size/MD5 checksum: 107702 56fb77a0b6f0d01b3eb7cff160b7fc2e
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_i386.deb
Size/MD5 checksum: 4204886 3fb1c5b93a8bd2857f8da12f95a0c144
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_ia64.deb
Size/MD5 checksum: 107648 e5540cc5bbe66e9565fc412d7d37a23d
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_ia64.deb
Size/MD5 checksum: 5620728 800474cd0356d391f8ac843104de8057
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_hppa.deb
Size/MD5 checksum: 107676 8f22e952357456fe6f92217a6305a54b
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_hppa.deb
Size/MD5 checksum: 3600400 aff888a7efd1cc00072cc3bdd1c88a70
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_m68k.deb
Size/MD5 checksum: 107720 97d1027b157b256611e234ce20c76337
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_m68k.deb
Size/MD5 checksum: 3175260 ee6cef5deb75f0396b13013602f30b90
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mips.deb
Size/MD5 checksum: 107654 639d0ee2c65047864b5c726dfba30fcf
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mips.deb
Size/MD5 checksum: 4066606 b7beb0cb4615f6ca98b4fbff3be16c06
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mipsel.deb
Size/MD5 checksum: 107678 ba9bb94702fcf451db6dde218e23bc21
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mipsel.deb
Size/MD5 checksum: 4125476 fc4b6816829beff3ba2fbd175e7e1384
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_powerpc.deb
Size/MD5 checksum: 107686 0ce2a02a85fd72b5bb24213fc025f864
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_powerpc.deb
Size/MD5 checksum: 4305544 68c2be929520c8a45439d36ef8d0a2ca
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_s390.deb
Size/MD5 checksum: 107652 63c9659dc1e004412faf09d9feafee08
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_s390.deb
Size/MD5 checksum: 3880838 b747276fe66ef57341430e10adc32fee
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_sparc.deb
Size/MD5 checksum: 107666 045189d3cd49c72f4e4bf26ea391fec1
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_sparc.deb
Size/MD5 checksum: 4360438 15333a715e57287c63f2f2f36b40ec80
These files will probably be moved into the stable distribution on
its next update.
-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFErgKeW5ql+IAeqTIRAlpvAJ4yapJ+ISmJTUjpPiihYLpFjCXT3gCgsYoT
CWOU1x/y/dGOIGdgvJh3dvI=
=NtJp
-----END PGP SIGNATURE-----
------------------------------
Message: 5
Date: Fri, 7 Jul 2006 10:53:01 +0100
From: "Patrick Fitzgerald" <misterfitzy () gmail com>
Subject: Re: [Full-disclosure] Re: Google and Yahoo search engine
zero-day code
To: "Dave No, not that one Korn" <davek_throwaway () hotmail com>
Cc: full-disclosure () lists grok org uk
Message-ID:
<62da2d570607070253y2e1225a6h9f6aa524bb4ae3a3 () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I never reply to this mailing list but I feel that this blatant and
unashamed plagiarism should be exposed! This 'breaking' news by the
n3td3v research branch was written about by Michal Zalewski in his
excellent book, 'silence on the wire'. Maybe Zalewski is part of the
'fearsome' :) netdev group but I doubt it!
On 7/5/06, Dave No, not that one Korn <davek_throwaway () hotmail com> wrote:
> Denis Jedig wrote:
> > n3td3v wrote:
> >
> >> Today's disclosure involves Google and Yahoo search engines:
> >>
> >> All you need to do is put in the code to a web page, when Google and
> >> Yahoo visit it, then the code exploits the software they use and
> >> makes them start caching 'other' pages. Including 'no index' pages,
> >> where sites have setup a robot text file on their server to protect
> >> corporate and consumer interests.
> >
> > I think you missed the concept here. Whatever is on the webservers and
> > is available to the public is... well... available to the public.
> >
> > It does not help security matters to introduce a robots.txt - the
> > purpose of this directives file is not to secure something but to
> > reduce traffic and keep irrelevant content out of search engines.
> >
> > If you need security, you introduce some kind of authentication
> > *before* access is allowed to sensitive data. You will find that a
> > sign reading "Do not enter and do not steal any gold" will not help
> > much at the Fort Knox entrance if it is the only security measure.
>
>
> Also, Google and Yahoo *do* respect the robots.txt file and do check it
> for every server they fetch files from, and the whole thing is garbage.
His
> so-called 'example' is a fraud because it shows yahoo caching a page from
> the site mtf.news.yahoo.com, which DOES NOT HAVE A ROBOTS.TXT FILE.
>
> cheers,
> DaveK
> --
> Can't think of a witty .sigline today....
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
End of Full-Disclosure Digest, Vol 17, Issue 12
***********************************************
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Full-Disclosure Digest, Vol 17, Issue 12 Jhou Shalnevarkno (Jul 07)