|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/octet-stream attachment: Joke.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] My Yahoo! Search Spam Vulnerability
From: xploitable (xploitable
gmail.com)
Date: Tue Oct 05 2004 - 20:07:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yahoo! Tuesday released a new service dubbed as My Yahoo! Search
http://mysearch.yahoo.com. This allows users to search, save and share
web links they like, while using Yahoo! Search, with friends and
co-workers.
Problem: My Yahoo! Search allows users to archive saved web links. You
can send any web link to any e-mail address on the web using at the
location http://mysearch.yahoo.com/myresults/handler. This allows a
malicious user to spam Yahoo! Mail network with any link and message a
malicious user chooses.
The mail will go straight to a consumers inbox, instead of bulk
folder. This allows a malicious user to very quickly use up consumers
storage space (100MB). Also malicious users can use this to send junk
links, porn or other malicious links, for further exploration,
although this is a seperate issue from the spam vulnerability.
A malicious user as you may imagine is also able to attack Yahoo! mail
servers via the mailer, in a possible coordinated attack using a
zombie network. Also can make money from free link/website
advertising via the My Yahoo! Search link mailer.
The new service My Yahoo! Search in my opinion raises security
questions and how marketing companies will use this as a spam tool,
with or without the inbox vulnerability, which i have disclosed to you
today.
Yahoo! the vendor has not been contacted, as its beyond a joke now.
Three similar vulnerabilities have been found this year. Yahoo!
security team fail to review new Yahoo! projects before they go live
on any Yahoo! property.
Yahoo! Messenger 6 invite mailer was vulnerable and exploitable. (summer 2004)
Yahoo! New Homepage invite mailer was vulnerable and exploitable. (autumn 2004)
My Yahoo! Search link mailer is vulnerable and exploitable. (autumn 2004)
--
http://www.geocities.com/n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] My Yahoo! Search Spam Vulnerability
From: xploitable (xploitablegmail.com)
Date: Tue Oct 05 2004 - 20:27:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yahoo! Tuesday released a new service dubbed as My Yahoo! Search
http://mysearch.yahoo.com. This allows users to search, save and share
web links they like, while using Yahoo! Search, with friends and
co-workers.
Problem: My Yahoo! Search allows users to archive saved web links. You
can send any web link to any e-mail address on the web using at the
location http://mysearch.yahoo.com/myresults/handler. This allows a
malicious user to spam Yahoo! Mail network with any link and message a
malicious user chooses.
The mail will go straight to a consumers inbox, instead of bulk
folder. This allows a malicious user to very quickly use up consumers
storage space (100MB). Also malicious users can use this to send junk
links, pr0n or other malicious links, for further exploration,
although this is a seperate issue from the spam vulnerability.
A malicious user as you may imagine is also able to attack Yahoo! mail
servers via the mailer, in a possible coordinated attack using a
zombie network. Also can make money from free link/website
advertising via the My Yahoo! Search link mailer.
The new service My Yahoo! Search in my opinion raises security
questions and how marketing companies will use this as a spam tool,
with or without the inbox vulnerability, which i have disclosed to you
today.
Yahoo! the vendor has not been contacted, as its beyond a joke now.
Three similar vulnerabilities have been found this year. Yahoo!
security team fail to review new Yahoo! projects before they go live
on any Yahoo! property.
Yahoo! Messenger 6 invite mailer was vulnerable and exploitable. (summer 2004)
Yahoo! New Homepage invite mailer was vulnerable and exploitable. (autumn 2004)
My Yahoo! Search link mailer is vulnerable and exploitable. (autumn 2004)
--
http://www.geocities.com/n3td3v
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] [ GLSA 200410-04 ] PHP: Memory disclosure and arbitrary location file upload
From: Dan Margolis (krispykringlegentoo.org)
Date: Tue Oct 05 2004 - 20:22:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: PHP: Memory disclosure and arbitrary location file upload
Date: October 06, 2004
Bugs: #64223
ID: 200410-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Two bugs in PHP may allow the disclosure of portions of memory and
allow remote attackers to upload files to arbitrary locations.
Background
==========
PHP is a general-purpose scripting language widely used to develop
web-based applications. It can run inside a web server using the
mod_php module or the CGI version of PHP, or can run stand-alone in a
CLI.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-php/php < 4.3.9 >= 4.3.9
2 dev-php/mod_php < 4.3.9 >= 4.3.9
3 dev-php/php-cgi < 4.3.9 >= 4.3.9
-------------------------------------------------------------------
3 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
Stefano Di Paola discovered two bugs in PHP. The first is a parse error
in php_variables.c that could allow a remote attacker to view the
contents of the target machine's memory. Additionally, an array
processing error in the SAPI_POST_HANDLER_FUNC() function inside
rfc1867.c could lead to the $_FILES array being overwritten.
Impact
======
A remote attacker could exploit the first vulnerability to view memory
contents. On a server with a script that provides file uploads, an
attacker could exploit the second vulnerability to upload files to an
arbitrary location. On systems where the HTTP server is allowed to
write in a HTTP-accessible location, this could lead to remote
execution of arbitrary commands with the rights of the HTTP server.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP, mod_php and php-cgi users should upgrade to the latest stable
version:
# emerge sync
# emerge -pv ">=dev-php/php-4.3.9"
# emerge ">=dev-php/php-4.3.9"
# emerge -pv ">=dev-php/mod_php-4.3.9"
# emerge ">=dev-php/mod_php-4.3.9"
# emerge -pv ">=dev-php/php-cgi-4.3.9"
# emerge ">=dev-php/php-cgi-4.3.9"
References
==========
[ 1 ] Secunia Advisory
http://secunia.com/advisories/12560/
[ 2 ] BugTraq post regarding the php_variables.c issue
http://www.securityfocus.com/archive/1/375294
[ 3 ] BugTraq post regarding the rfc1867.c issue
http://www.securityfocus.com/archive/1/375370
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200410-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
securitygentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/1.0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iQEVAwUBQWNIwbDO2aFJ9pv2AQJECgf7BBrP7OEsoGjgSR11YB4IFZwTXWsWUJO0
WGAfY2VX9ZQNPFJ90Je0Vgb/j50ZR8lfNpg4sjqw/ohouXEsGgAFhckUuVgIvUsv
xnmLSVt+cP/w2Gku/dGtQ8yOoi3++JhbIx0UiYv8pH4GcpjOfrJDDfI/ItmQKrCe
sGswXjuhYO1pAugzTWpouLdpCofbCqGS23VJbIP0jW6YtsMaxKdI0AteWlBDFCo5
0trpIZWdS5eY3wicoFG2y8Cj1zsmLhbUiY0YtYxsuQrw2vrLf6owZavUxSmrRe8R
gSNbYNNsFT/vbfsuQcrtKCS2qI4IheK0/nZIbt9YBFEDqYH4UbUXLw==
=Qhn7
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
From: bipin gautam (visitbipinyahoo.com)
Date: Tue Oct 05 2004 - 22:02:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi iDEFENSE,
What a coincidence, This is what i was talking about
with few others in the list... a day
back!!! I myself saw this behavoir...... (i was a few
days short) hay guys you were telling me, "Antiviral
vendors aware about this problem, it was discussed in
past." so??? iDEFENSE took away my upcomming advisort.
)O;
3APA3A, do you work for iDEFENSE???????
ANYWAYS, this isn't a first time a advisory has
coinside with other........
cheese,
bipin
--- 3APA3A <3APA3ASECURITY.NNOV.RU> wrote:
> Dear bipin gautam,
>
> Actually my super antivirus easily detects
> eicar in nul.con. For
> example, for c:\NUL.CON\eicar.com
>
> try
>
> antieicar \\.\c:\NUL.CON\eicar.com
>
> Antiviral vendors aware about this problem, it was
> discussed in past.
>
> --Saturday, October 2, 2004, 9:57:52 PM, you wrote
> to full-disclosurelists.netsys.com:
>
>
> >> OK. I just wrote new super antivirus. It's
> >> databases currently consist
> >> from only eicar.com signature (I'm very new
> in
> >> this business) but it
> >> 100% detects EICAR in the file with removed
> >> permissions :)
> >>
> >> http://www.security.nnov.ru/files/antieicar.zip
>
> >> Now, there is at least one antivirus to break
> your
> >> statement :)
> >>
>
>
> bg> good example 3APA3A to teach those software
> companies
> bg> howto,
>
> bg> anyways... here is a archive,
>
> bg> http://www.geocities.com/visitbipin/antiPOC.zip
>
> bg> Extract the archive by using "DEFAULT ZIP
> MANAGER" of
> bg> windows xp. It will create a file "NULL.con" (O;
> bg> within which there is a "eicar test string
> file".
>
> bg> I don't think your super AV will detect the
> "eicar
> bg> test string file" withing "NULL.con" folder???
> :)
>
> bg> anyways... let me know HOW? when you figure out
> to how
> bg> to delete "NULL.con" directory.
>
>
> The problem specifically exists in attempts to scan
> files and
> directories named as reserved MS-DOS devices.
> Reserved MS-DOS device
> names are a hold over from the original days of
> Microsoft DOS. The
> reserved MS-DOS device names represent devices such
> as the first printer
> port (LPT1) and the first serial communication port
> (COM1). Sample
> reserved MS-DOS device names include AUX, CON, PRN,
> COM1 and LPT1. If a
> virus stores itself in a reserved device name it can
> avoid detection by
> Symantec Norton AntiVirus when the system is
> scanned. Symantec Norton
> AntiVirus will scan the files and folders containing
> the virus and fail
> to detect or report them. reserved device names can
> be creating with
> standard Windows utilities by specifying the full
> Universal Naming
> Convention (UNC) path. The following command will
> successfully copy a
> file to the reserved device name 'aux' on the C:\
> drive:
>
> copy source \\.\C:\aux
>
>
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
From: Kurt Seifried (listuserseifried.org)
Date: Wed Oct 06 2004 - 00:55:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> hi iDEFENSE,
>
> What a coincidence, This is what i was talking about
> with few others in the list... a day
> back!!! I myself saw this behavoir...... (i was a few
> days short) hay guys you were telling me, "Antiviral
> vendors aware about this problem, it was discussed in
> past." so??? iDEFENSE took away my upcomming advisort.
> )O;
Check the assigned CVE number, CAN-2004-0552, "Assigned (20040611)". That
was a while before you email. Thanks for playing though.
Kurt Seifried, kurtseifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] [SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service
debian-security-announcelists.debian.org
Date: Wed Oct 06 2004 - 02:32:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 558-1 securitydebian.org
http://www.debian.org/security/ Martin Schulze
October 6th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libapache-mod-dav
Vulnerability : null pointer dereference
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0809
Julian Reschke reported a problem in mod_dav of Apache 2 in connection
with a NULL pointer dereference. When running in a threaded model,
especially with Apache 2, a segmentation fault can take out a whole
process and hence create a denial of service for the whole server.
For the stable distribution (woody) this problem has been fixed in
version 1.0.3-3.1.
For the unstable distribution (sid) this problem has been fixed in
version 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of
Apache 2.
We recommend that you upgrade your mod_dav packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.dsc
Size/MD5 checksum: 645 5b405cd8fe0471edd793343ef8237b26
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.diff.gz
Size/MD5 checksum: 4523 94edc74f33414e93af4ca7fa849b3fb3
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3.orig.tar.gz
Size/MD5 checksum: 185284 ba83f2aa6e13b216a11d465b82aab484
Alpha architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_alpha.deb
Size/MD5 checksum: 96522 7e5d5d2184629de6be880eb0650d7fd1
ARM architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_arm.deb
Size/MD5 checksum: 81860 fbe2d647e0037436d710ee857c947a52
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_i386.deb
Size/MD5 checksum: 80122 dfaab95268192557f711ab9fbd7f9f9b
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_ia64.deb
Size/MD5 checksum: 116596 bb369037b3d2ee0110c15d0b085a410b
HP Precision architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_hppa.deb
Size/MD5 checksum: 90406 fc707743732c491c29bfdb21d469736f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_m68k.deb
Size/MD5 checksum: 80030 1b434a6598c06e23f3bb253867f59ae5
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mips.deb
Size/MD5 checksum: 84944 a422f253d772ca1c2dae84bac0bb79ea
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mipsel.deb
Size/MD5 checksum: 85094 4cf00ccacd87e2295af6618987950e13
PowerPC architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_powerpc.deb
Size/MD5 checksum: 84516 853b2929e7f371e79f153f6c57414a1f
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_s390.deb
Size/MD5 checksum: 82424 7f092c974abfe792278c925bdd345775
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_sparc.deb
Size/MD5 checksum: 92438 77bdcf29501a581a1cb768af644c923b
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announcelists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBY5+qW5ql+IAeqTIRAsAfAJ9OCkuj0CiIUV/GxATw5IqYG014OgCgsO57
2tpvIRLP8zoqZDV47z9ssf8=
=vMyZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Truth is stranger than fiction ... Bill Gates was right
From: Feher Tamas (etomcatfreemail.hu)
Date: Wed Oct 06 2004 - 05:00:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mr. William H. Gates III, the legendary co-founder of
Microsoft Corp. has recently talked about the viral nature
of the GPL, which spreads open source software like a flu.
Now it has been confirmed that he was right all the time!
The free ClamAV software already detects the GNU Public
Licence file as a virus!
This revelation clearly shows how and why Mr. Gates came to
be the richest man on Earth: he has incredible foresight and
can tell the signs of time well in advance.
For more info please see:
http://www.theinquirer.net/?article=18919
http://lists.clamav.net/lurker/message/20041006.061912.3632f28e.en.html
Sincerely: Tamas Feher.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] CodeCon 2005 Call for Papers
From: Len Sassaman (rabbiabditum.com)
Date: Wed Oct 06 2004 - 04:51:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CodeCon 4.0
February 11-13, 2005
San Francisco CA, USA
www.codecon.org
Call For Papers
CodeCon is the premier showcase of cutting edge software development. It
is an excellent opportunity for programmers to demonstrate their work and
keep abreast of what's going on in their community.
All presentations must include working demonstrations, ideally accompanied
by source code. Presenters must be done by one of the active developers of
the code in question. We emphasize that demonstrations be of *working*
code.
We hereby solicit papers and demonstrations.
* Papers and proposals due: December 15, 2005
* Authors notified: January 1, 2005
Possible topics include, but are by no means restricted to:
* community-based web sites - forums, weblogs, personals
* development tools - languages, debuggers, version control
* file sharing systems - swarming distribution, distributed search
* security products - mail encryption, intrusion detection, firewalls
Presentations will be a 45 minutes long, with 15 minutes allocated for
Q&A. Overruns will be truncated.
Submission details:
Submissions are being accepted immediately. Acceptance dates are November
15, and December 15. After the first acceptance date, submissions will be
either accepted, rejected, or deferred to the second acceptance date.
The conference language is English.
Ideally, demonstrations should be usable by attendees with 802.11b
connected devices either via a web interface, or locally on Windows,
UNIX-like, or MacOS platforms. Cross-platform applications are most
desirable.
Our venue will be 21+.
To submit, send mail to submissions-2005codecon.org including the
following information:
* Project name
* url of project home page
* tagline - one sentence or less summing up what the project does
* names of presenter(s) and urls of their home pages, if they have any
* one-paragraph bios of presenters, optional, under 100 words each
* project history, under 150 words
* what will be done in the project demo, under 200 words
* slides to be shown during the presentation, if applicable
* future plans
General Chairs: Jonathan Moore, Len Sassaman
Program Chair: Bram Cohen
Program Committee:
* Jeremy Bornstein, AtomShockwave Corp., USA
* Bram Cohen, BitTorrent, USA
* Jered Floyd, Permabit, USA
* Ian Goldberg, Zero-Knowledge Systems, CA
* Dan Kaminsky, Avaya, USA
* Klaus Kursawe, Katholieke Universiteit Leuven, BE
* Ben Laurie, A.L. Digital Ltd., UK
* David Molnar, University of California, Berkeley, USA
* Jonathan Moore, Mosuki, USA
* Len Sassaman, Nomen Abditum Services, USA
Sponsorship:
If your organization is interested in sponsoring CodeCon, we would love to
hear from you. In particular, we are looking for sponsors for social meals
and parties on any of the three days of the conference, as well as
sponsors of the conference as a whole and donors of door prizes. If you
might be interested in sponsoring any of these aspects, please contact the
conference organizers at codecon-admincodecon.org.
Press policy:
CodeCon provides a limited number of passes to bona fide press.
Complimentary press passes will be evaluated on request. Everyone is
welcome to pay the low registration fee to attend without an official
press credential.
Questions:
If you have questions about CodeCon, or would like to contact the
organizers, please mail codecon-admincodecon.org. Please note this
address is only for questions and administrative requests, and not for
workshop presentation submissions.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re[2]: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
From: 3APA3A (3APA3ASECURITY.NNOV.RU)
Date: Wed Oct 06 2004 - 05:25:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear bipin gautam,
This issue was really discussed in the past and was fixed in Kaspersky
Antivirus.
http://www.security.nnov.ru/search/document.asp?docid=4061
I do work for iDefense. They pay for Mozilla bugs more than Mozilla
does. But not in this case. As you can see
-=-=-=- Quote -=-=-=-
IX. CREDIT
Kurt Seifried (kurt[at]seifried.org) is credited with this discovery.
-=-=-=- End -=-=-=-
I never submitted any antiviral bugs to iDefense, but both iDefense and
Kurt Seifried may read security lists. Yes, Kurt tested Symantec against
good well known problem.
--Wednesday, October 6, 2004, 7:02:46 AM, you wrote to full-disclosurelists.netsys.com:
bg> hi iDEFENSE,
bg> What a coincidence, This is what i was talking about
bg> with few others in the list... a day
bg> back!!! I myself saw this behavoir...... (i was a few
bg> days short) hay guys you were telling me, "Antiviral
bg> vendors aware about this problem, it was discussed in
bg> past." so??? iDEFENSE took away my upcomming advisort.
bg> )O;
bg> 3APA3A, do you work for iDEFENSE???????
bg> ANYWAYS, this isn't a first time a advisory has
bg> coinside with other........
bg> cheese,
bg> bipin
bg> --- 3APA3A <3APA3ASECURITY.NNOV.RU> wrote:
>> Dear bipin gautam,
>>
>> Actually my super antivirus easily detects
>> eicar in nul.con. For
>> example, for c:\NUL.CON\eicar.com
>>
>> try
>>
>> antieicar \\.\c:\NUL.CON\eicar.com
>>
>> Antiviral vendors aware about this problem, it was
>> discussed in past.
>>
>> --Saturday, October 2, 2004, 9:57:52 PM, you wrote
>> to full-disclosurelists.netsys.com:
>>
>>
>> >> OK. I just wrote new super antivirus. It's
>> >> databases currently consist
>> >> from only eicar.com signature (I'm very new
>> in
>> >> this business) but it
>> >> 100% detects EICAR in the file with removed
>> >> permissions :)
>> >>
>> >> http://www.security.nnov.ru/files/antieicar.zip
>>
>> >> Now, there is at least one antivirus to break
>> your
>> >> statement :)
>> >>
>>
>>
>> bg> good example 3APA3A to teach those software
>> companies
>> bg> howto,
>>
>> bg> anyways... here is a archive,
>>
>> bg> http://www.geocities.com/visitbipin/antiPOC.zip
>>
>> bg> Extract the archive by using "DEFAULT ZIP
>> MANAGER" of
>> bg> windows xp. It will create a file "NULL.con" (O;
>> bg> within which there is a "eicar test string
>> file".
>>
>> bg> I don't think your super AV will detect the
>> "eicar
>> bg> test string file" withing "NULL.con" folder???
>> :)
>>
>> bg> anyways... let me know HOW? when you figure out
>> to how
>> bg> to delete "NULL.con" directory.
>>
>>
>> The problem specifically exists in attempts to scan
>> files and
>> directories named as reserved MS-DOS devices.
>> Reserved MS-DOS device
>> names are a hold over from the original days of
>> Microsoft DOS. The
>> reserved MS-DOS device names represent devices such
>> as the first printer
>> port (LPT1) and the first serial communication port
>> (COM1). Sample
>> reserved MS-DOS device names include AUX, CON, PRN,
>> COM1 and LPT1. If a
>> virus stores itself in a reserved device name it can
>> avoid detection by
>> Symantec Norton AntiVirus when the system is
>> scanned. Symantec Norton
>> AntiVirus will scan the files and folders containing
>> the virus and fail
>> to detect or report them. reserved device names can
>> be creating with
>> standard Windows utilities by specifying the full
>> Universal Naming
>> Convention (UNC) path. The following command will
>> successfully copy a
>> file to the reserved device name 'aux' on the C:\
>> drive:
>>
>> copy source \\.\C:\aux
>>
>>
bg> _______________________________
bg> Do you Yahoo!?
bg> Declare Yourself - Register online to vote today!
bg> http://vote.yahoo.com
bg> _______________________________________________
bg> Full-Disclosure - We believe in it.
bg> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
~/ZARAZA
Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] House approves spyware legislation
From: RandallM (randallmfidmail.com)
Date: Wed Oct 06 2004 - 06:03:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The U.S. House of Representatives voted late Tuesday to restrict some of the
most deceptive forms of spyware.
By a 399-1 vote, House members approved legislation prohibiting "taking
control" of a computer, surreptitiously modifying a Web browser's home page,
or disabling antivirus software without proper authorization.
http://news.com.com/House+approves+spyware+legislation/2100-1028_3-5397822.h
tml?tag=nefd.top
thank you
Randall M
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
From: 3APA3A (3APA3ASECURITY.NNOV.RU)
Date: Wed Oct 06 2004 - 06:03:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear idlabs-advisoriesidefense.com,
This vuilnerability for Symantec was reported in February, 2003 by
3APA3A (for Kaspersky Antivirus)
http://www.security.nnov.ru/search/document.asp?docid=4061
and by James C Slora Jr for Symantec (with a copy to Bugtraq moderator,
his message was published by SECURITY.NNOV)
http://www.security.nnov.ru/search/document.asp?docid=4081
This issue was reported to Symantec, but official reply was received
from Symantec their antiviral products are not vulnerable (it's signed):
http://www.security.nnov.ru/search/document.asp?docid=4208
I think credits on this issue discovery must be granted to James C Slora
Jr (Jim.Slora at phra.com).
--Tuesday, October 5, 2004, 8:36:22 PM, you wrote to idlabs-advisoriesidefense.com:
iaic> Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
iaic> iDEFENSE Security Advisory 10.05.04b:
iaic> www.idefense.com/application/poi/display?id=147&type=vulnerabilities
iaic> October 5, 2004
iaic> I. BACKGROUND
iaic> Symantec's Norton AntiVirus protects email, instant messages, and other
iaic> files by automatically removing viruses, worms, and Trojan horses. More
iaic> information about the product is available from http://www.symantec.com
iaic> II. DESCRIPTION
iaic> Remote exploitation of design vulnerability in Symantec's Norton
iaic> AntiVirus allows malicious code to evade detection.
iaic> The problem specifically exists in attempts to scan files and
iaic> directories named as reserved MS-DOS devices. Reserved MS-DOS device
iaic> names are a hold over from the original days of Microsoft DOS. The
iaic> reserved MS-DOS device names represent devices such as the first printer
iaic> port (LPT1) and the first serial communication port (COM1). Sample
iaic> reserved MS-DOS device names include AUX, CON, PRN, COM1 and LPT1. If a
iaic> virus stores itself in a reserved device name it can avoid detection by
iaic> Symantec Norton AntiVirus when the system is scanned. Symantec Norton
iaic> AntiVirus will scan the files and folders containing the virus and fail
iaic> to detect or report them. reserved device names can be creating with
iaic> standard Windows utilities by specifying the full Universal Naming
iaic> Convention (UNC) path. The following command will successfully copy a
iaic> file to the reserved device name 'aux' on the C:\ drive:
iaic> copy source \\.\C:\aux
iaic> III. ANALYSIS
iaic> Exploitation allows attackers to evade detection of malicious code.
iaic> Attackers can unpack or decode an otherwise detected malicious payload
iaic> in a stealth manner.
iaic> IV. DETECTION
iaic> iDEFENSE has confirmed the existence of this vulnerability in the latest
iaic> version of Norton AntiVirus. It is reported that earlier versions crash
iaic> upon parsing files or directories using reserved MS-DOS device names.
iaic> V. WORKAROUND
iaic> Ensure that no local files or directories using reserved MS-DOS device
iaic> names exist. On most modern Windows systems there should be no reserved
iaic> MS-DOS device names present. While the Windows search utility can be
iaic> used to locate offending files and directories, either a seperate tool
iaic> or the specification of Universal Naming Convention (UNC) must be used
iaic> to remote them. The following command will successfully remove a file
iaic> stored on the C:\ drive named 'aux':
iaic> del \\.\C:\aux
iaic> VI. VENDOR RESPONSE
iaic> "Symantec engineers have developed a fix for this issue for Symantec
iaic> Norton AntiVirus 2004 that is currently available through LiveUpdate.
iaic> The fix is being incorporated into all other supported Symantec Norton
iaic> AntiVirus versions and will be available through LiveUpdate when fully
iaic> tested and released."
iaic> More information is available in Symantec Security Advisory SYM04-015.
iaic> VII. CVE INFORMATION
iaic> The Common Vulnerabilities and Exposures (CVE) project has assigned the
iaic> names CAN-2004-0920 to these issues. This is a candidate for inclusion
iaic> in the CVE list (http://cve.mitre.org), which standardizes names for
iaic> security problems.
iaic> VIII. DISCLOSURE TIMELINE
iaic> 05/12/2004 Vulnerability acquired by iDEFENSE
iaic> 06/25/2004 iDEFENSE clients notified
iaic> 06/29/2004 Initial vendor notification
iaic> 06/30/2004 Initial vendor response
iaic> 10/05/2004 Coordinated public disclosure
iaic> IX. CREDIT
iaic> Kurt Seifried (kurt[at]seifried.org) is credited with this discovery.
iaic> Get paid for vulnerability research
iaic> http://www.idefense.com/poi/teams/vcp.jsp
iaic> X. LEGAL NOTICES
iaic> Copyright (c) 2004 iDEFENSE, Inc.
iaic> Permission is granted for the redistribution of this alert
iaic> electronically. It may not be edited in any way without the express
iaic> written consent of iDEFENSE. If you wish to reprint the whole or any
iaic> part of this alert in any other medium other than electronically, please
iaic> email customerserviceidefense.com for permission.
iaic> Disclaimer: The information in the advisory is believed to be accurate
iaic> at the time of publishing based on currently available information. Use
iaic> of the information constitutes acceptance for use in an AS IS condition.
iaic> There are no warranties with regard to this information. Neither the
iaic> author nor the publisher accepts any liability for any direct, indirect,
iaic> or consequential loss or damage arising from use of, or reliance on,
iaic> this information.
iaic> _______________________________________________
iaic> Full-Disclosure - We believe in it.
iaic> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
~/ZARAZA
В расчетах была ошибка. (Лем)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
From: 3APA3A (3APA3ASECURITY.NNOV.RU)
Date: Wed Oct 06 2004 - 05:42:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear idlabs-advisoriesidefense.com,
This vuilnerability for Symantec was reported in February, 2003 by
3APA3A (for Kaspersky Antivirus)
http://www.security.nnov.ru/search/document.asp?docid=4061
and by James C Slora Jr for Symantec (with a copy to Bugtraq moderator,
his message was published by SECURITY.NNOV)
http://www.security.nnov.ru/search/document.asp?docid=4081
This issue was reported to Symantec, but official reply was received
from Symantec their antiviral products are not vulnerable (it's signed):
http://www.security.nnov.ru/search/document.asp?docid=4208
I think credits on this issue discovery must be granted to James C Slora
Jr (Jim.Slora at phra.com).
--Tuesday, October 5, 2004, 8:36:22 PM, you wrote to idlabs-advisoriesidefense.com:
iaic> Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
iaic> iDEFENSE Security Advisory 10.05.04b:
iaic> www.idefense.com/application/poi/display?id=147&type=vulnerabilities
iaic> October 5, 2004
iaic> I. BACKGROUND
iaic> Symantec's Norton AntiVirus protects email, instant messages, and other
iaic> files by automatically removing viruses, worms, and Trojan horses. More
iaic> information about the product is available from http://www.symantec.com
iaic> II. DESCRIPTION
iaic> Remote exploitation of design vulnerability in Symantec's Norton
iaic> AntiVirus allows malicious code to evade detection.
iaic> The problem specifically exists in attempts to scan files and
iaic> directories named as reserved MS-DOS devices. Reserved MS-DOS device
iaic> names are a hold over from the original days of Microsoft DOS. The
iaic> reserved MS-DOS device names represent devices such as the first printer
iaic> port (LPT1) and the first serial communication port (COM1). Sample
iaic> reserved MS-DOS device names include AUX, CON, PRN, COM1 and LPT1. If a
iaic> virus stores itself in a reserved device name it can avoid detection by
iaic> Symantec Norton AntiVirus when the system is scanned. Symantec Norton
iaic> AntiVirus will scan the files and folders containing the virus and fail
iaic> to detect or report them. reserved device names can be creating with
iaic> standard Windows utilities by specifying the full Universal Naming
iaic> Convention (UNC) path. The following command will successfully copy a
iaic> file to the reserved device name 'aux' on the C:\ drive:
iaic> copy source \\.\C:\aux
iaic> III. ANALYSIS
iaic> Exploitation allows attackers to evade detection of malicious code.
iaic> Attackers can unpack or decode an otherwise detected malicious payload
iaic> in a stealth manner.
iaic> IV. DETECTION
iaic> iDEFENSE has confirmed the existence of this vulnerability in the latest
iaic> version of Norton AntiVirus. It is reported that earlier versions crash
iaic> upon parsing files or directories using reserved MS-DOS device names.
iaic> V. WORKAROUND
iaic> Ensure that no local files or directories using reserved MS-DOS device
iaic> names exist. On most modern Windows systems there should be no reserved
iaic> MS-DOS device names present. While the Windows search utility can be
iaic> used to locate offending files and directories, either a seperate tool
iaic> or the specification of Universal Naming Convention (UNC) must be used
iaic> to remote them. The following command will successfully remove a file
iaic> stored on the C:\ drive named 'aux':
iaic> del \\.\C:\aux
iaic> VI. VENDOR RESPONSE
iaic> "Symantec engineers have developed a fix for this issue for Symantec
iaic> Norton AntiVirus 2004 that is currently available through LiveUpdate.
iaic> The fix is being incorporated into all other supported Symantec Norton
iaic> AntiVirus versions and will be available through LiveUpdate when fully
iaic> tested and released."
iaic> More information is available in Symantec Security Advisory SYM04-015.
iaic> VII. CVE INFORMATION
iaic> The Common Vulnerabilities and Exposures (CVE) project has assigned the
iaic> names CAN-2004-0920 to these issues. This is a candidate for inclusion
iaic> in the CVE list (http://cve.mitre.org), which standardizes names for
iaic> security problems.
iaic> VIII. DISCLOSURE TIMELINE
iaic> 05/12/2004 Vulnerability acquired by iDEFENSE
iaic> 06/25/2004 iDEFENSE clients notified
iaic> 06/29/2004 Initial vendor notification
iaic> 06/30/2004 Initial vendor response
iaic> 10/05/2004 Coordinated public disclosure
iaic> IX. CREDIT
iaic> Kurt Seifried (kurt[at]seifried.org) is credited with this discovery.
iaic> Get paid for vulnerability research
iaic> http://www.idefense.com/poi/teams/vcp.jsp
iaic> X. LEGAL NOTICES
iaic> Copyright (c) 2004 iDEFENSE, Inc.
iaic> Permission is granted for the redistribution of this alert
iaic> electronically. It may not be edited in any way without the express
iaic> written consent of iDEFENSE. If you wish to reprint the whole or any
iaic> part of this alert in any other medium other than electronically, please
iaic> email customerserviceidefense.com for permission.
iaic> Disclaimer: The information in the advisory is believed to be accurate
iaic> at the time of publishing based on currently available information. Use
iaic> of the information constitutes acceptance for use in an AS IS condition.
iaic> There are no warranties with regard to this information. Neither the
iaic> author nor the publisher accepts any liability for any direct, indirect,
iaic> or consequential loss or damage arising from use of, or reliance on,
iaic> this information.
iaic> _______________________________________________
iaic> Full-Disclosure - We believe in it.
iaic> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
~/ZARAZA
В расчетах была ошибка. (Лем)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] real spam from secure
microsoft.com ?
From: Georgi Guninski (guninskiguninski.com)
Date: Wed Oct 06 2004 - 06:17:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
got this in my mailbox.
looks like spam from securemicrosoft.com
they don't even provide "unsubscribe" instructions.
lamers.
--
georgi
----- Forwarded message from Microsoft Security Response Center <securemicrosoft.com> -----
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Subject: New Microsoft Security Response Center PGP Key [pgp]
Date: Tue, 5 Oct 2004 15:40:01 -0700
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: New Microsoft Security Response Center PGP Key [pgp]
Thread-Index: AcSrLElFE3KUx/ffQnuyvPfsYOdiBg==
From: Microsoft Security Response Center <securemicrosoft.com>
Cc: Microsoft Security Response Center <securemicrosoft.com>
X-OriginalArrivalTime: 05 Oct 2004 22:40:30.0206 (UTC) FILETIME=[512D71E0:01C4AB2C]
X-MailScanner-Information: Please contact the ISP for more information
X-MScanner: Clean
Hello!
The Microsoft Security Response Center has generated a new PGP key. We
use this key to sign all security bulletin notifications and encourage
others to use this key when sending sensitive information to us. Our new
key is available at:
- https://www.microsoft.com/technet/security/bulletin/pgp.mspx
- ldap://keyserver.pgp.com/ and other public PGP key servers
- At the bottom of this message
You can verify the fingerprint of our key at:
- https://www.microsoft.com/technet/security/bulletin/pgp.mspx
A revoked copy of our former key is available at:
- ldap://keyserver.pgp.com/ and other public PGP key servers
- At the bottom of this message
If you would like to submit an encrypted security vulnerability report,
please email us at securemicrosoft.com.
Sincerely,
Microsoft Security Response Center
New Key (0xAA55BC66):
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.1
mQINBEFi+0EBEACgvngZV4wYosOvN9ZngVtuAK+pasNuLIIv/mmu1NdIMA59d5RB
QUkx5ZUcN+C3tpSZAhj6u5+oeYH9u5JBsgA+V68kW6Xc1KDeOxDBM4k0yN8SeGt1
2Svh8bJoS4XpM2p29eBtCc7Q2vyI+Na4DTkJn0Hmx6tqt1Ey0/KrBs9aacL10ZIM
ZeHk4VuhZ17eu1BuOzLhWy3Njm+t9rM/EIb3fkfeCrZVLhKXFkPRLdshMFuSkSEz
cUYiETQfe1D9mAy+VHM3KAkpseal2tRQhVlCqA0vWIZW6J/J/IgS+Nj6IBD3TH75
ASpLXfYYi7sBJJ01Vpg0kC39/TENIauyKtxtkjjYRTLzzHUR39ZsAD7HtP41K8Co
MsxHgvMPpqyKrxZk5ydDNf/AbBDQ3I9BhM3awuAeN7QFuNVs0UM+mIAAGpdBFbDf
ICes60Xa8Q8u36l3U73gaqKb6/eAF/540A2+8T/DANhvq1Q6cOEoqjVMJcp+Fxhf
zlp6e2MPfMyNg2Uakgrji6fIKqZSVpLFVB+Gi38mJUkmc27RhBp3qNzUnhuVQ3w4
r7mtOERCo3ueUxkHnlQk5ZLpmBh91k6Z7kZn3ahUABfsLxxJXExjXmp7MKLvoqwy
pk6Ive5bTIFUdIYL6EUZCUHoTxy/Mzlt17GveceglNxZ5Q6RJwLrCy5eLQARAQAB
tDlNaWNyb3NvZnQgU2VjdXJpdHkgUmVzcG9uc2UgQ2VudGVyIDxzZWN1cmVAbWlj
cm9zb2Z0LmNvbT6JAjoEEAECACQFAkFi+0EFCQJBcQAICwkIBwMCAQoCGQEFGwMA
AAAFHgEAAAAACgkQit4SBqpVvGbgfQ//SiDrz73ASvIa9AC5brB+vV8qZ4fRzlq2
TS1Q1rjho/KNWCnjbAD8UXQA+Sn7BClm4cclwCYt1wYZEQCfoNXlAp3ebdUgv2iu
+yYOW9CeUjGqe0BBcnHDNeNzexsAfybxPfSYjSBLwg8k+nZABGlXiVxf+Mg7uHwr
pFickGFTx9ZpCaxrnhwkHtCO6hgD1Tkmt7hFEX7PT1CHO86BwtKAY2Y/NvyH5pFA
7RpUYyXST7iA1P9sxTJq9Vo89ehEePn/DrIqzyvVm3GTBsgjuDlCXilGemyEljHh
DuM0PWDqqOdUJWiXRcbA8GfbSpxw/aekBxBNMRO7svozY2egbLtf0HjWHNlZWdRT
kKsbThURK9IehLaN5IbOSfxvEgsm/g7zc8r4X1Et95Nk3svzczbgTlYv8h5lbhcr
jb5CkB1AwlMYIbjbzACwHKTHI7I/dd+cNk+j1t6cM6g7l23re9TSDdJaGbPJTwDF
bpx8X9IcMhrz8qBxQI8sYhqQPUwlNAAycfzcz5NjyiSPQp6u0ZQ1RKyqQ3vfzCr0
ycAISzF3MeUDBe+AXYC5hnNyfIk1R85vJG02Uki0M9P0sGrSkq+WyMtL07xb11S2
R1N7blFBpme8t/5tuiI/uIFAK0oeX0JJIoXP2PNRiCvSiArkD1B9iqrWX8EeAwhk
GbKvDhRGyxKJARUDBRBBYvvBjRlJFDED9SsBAaWpB/9lE9bCHI0Tl+Wuq3nc9Mdv
xJMNo9T79eTl2Dc9iN3XutGA43mifZYjvZtDtu0IJStw3WkU9ONGMGsgOabk1Gs6
ZSLCWR3pZAIiWUTYkjns/2GsPv5Nr4yWAZYIQM3Z9YpKYRNIo/xmHyuxxFOQ76j8
9zmH9O8oOYM+PrrHEgr4i5VJrx3dwt3XCqQCuyBPVVMOz+r01CNeQzPI6EU9k9DZ
MVfPqn+XxJIwA0Dpm6oM0tj8CwPBgHu6Vh0y4GepWS0E6Go64KGeTs0JkrsCV0mp
wdIzsLrwrRbwPKPeXSmDObL4htNWpv0yk2Bq81/A46vuCXryeacmtP+kzd1eDXW5
uQINBEFi+0gBEACXCJy1mdqMCLRg7s5FUHA5M7+pfmAeVlKs8tmTvjocwXcPJxpR
HcfYzzInuVXYTDpPJMl7rTXi12lFBteHQBi3WZnQKrP+uSlDk0B4l62jiMK9BsGs
+i9LnRUDPjP9CZBENr3vdfVuVOCZJlV4rIeBCcFYdOWCzj7Q9LGWmmZvD4+1d29J
Lq/M1jurZsmqLcdLdKd8/OqRxT26bWTZQfC1RgWHeJxAmqMSqAS24d0Yu192+wPK
PojyrkSAp89Q4PWRZIV8mklY7S+EOtYSoIsK+FKcHt05t9Xcz/3Y5HPVpesJ7YqB
M1QV/znqtOJSzxfIOdUSRsSvIoI0JGhm3gZn6MqC8aMKZUNx2vxd2e+BpoPkMgML
uemzGz6hy3JyC6EKnkprSvu7V9h8kNnTSQaMg5E6lgG9SRaANlv59Z+KkT+CPmk6
1I6ULJQED1N4KIMW7tnVPUyj4PJVvIjCkUISk+M0aisTidnw6fmPbpxZw18hT48n
1sNk0scQbJ/SEt2dMBVre4puQYoQGg89dm1OayvFkujvJPYebj+0FfL+no3VsNdY
tgmqJ6I2Q3XTv7d7paj1upTB6Tulg8mCiu/MMMRdZ/KtOlWZLSfN6j+TFN+yjE5T
DmAzKXjUxWVN1ilQg90VFui/NLgRconHaADp0hhNer8FbLt1KnJOSXvyuQARAQAB
iQIoBBgBAgASBQJBYvtIBQkCQXEABRsMAAAAAAoJEIreEgaqVbxmaVUP/RxWAJHd
FZETOSc/NRNJ/iHPuBjLjIxiEMkUSKJPpWQa1CS47yryWY9qJsYSfDX+b18LLEJU
D4jeu4e5I4Ob5fDtOc4yuAK+/+t7pnGJ0J0HL+YYFERrXhXJEZnLyyWAF/cCcV8d
9oLMbP0OW1pPjeBk5xOAE5YWNtTXo+T2RjSkBTLbgiDaPqFt9dSXxn3DepBTBlKd
xc/TX9hxlfoR7skaMtJiE27Y9E1zp0aIadeX7IlVvWKJMPyz8mFrliKdpSeTa+N4
aEx5F2qEmnBm80zoAquas7vTnHOwpOuH+AeIYCODh8PZRzepKWmu5ZL+heWyYr6Y
IaKeHYB4gL2xvQykrYlq498ypno7M6dDpUY2fbrh11zVwt1jXQR5VsiqWEE2Amug
uPsTdQOeDWxfKQkwLAgCo8teyKD0hXTLgQBz0VcbrFQ9U9cxIV+HX0LwkZB5DegT
ciKIPtwM+/sMzB/KzNMssYz7jiRGRgmLzXF92M2agALOkdb47O8JaYFbI4hqi6as
t3ov9GTNx+wCI4ki2B0OO46rMkO+YVtEOF+8rEDh0XY0jDa4SG6agWirlVqosgzY
BjeSbGL8eu6uhaVvs7wctEySX7m432rYkTbKSpN8ODujwVHjUJkf/hCuaQ3/uMSc
1HHHG9y2Ge/WbE5hCsjYTBhrQEuIb6MInB3x
=oTL8
-----END PGP PUBLIC KEY BLOCK-----
Revoked Key (0x3103F52B):
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.1
mQENAziJZQwAAAEIALIflq+a5TJ5+rkJl6u4NtaEgeggoufIFy2O0luplLaE+3sw
E0MfG7Hr9b9yNLjMOD7/ZakIy4/54ph910K7qx1r3swo97gPuiDf11AhPzpmMe3m
iP2EV3XeoL0e69GF/AwZ/KB4im+/WMMqwHmF4OjWZX4PWG7QA3YM+mRg8x4768So
thxKx1sMO/ll1lAqryyzkWO3hODuOs7UiCPy0PgFBtlZ/qJU8VR/8z1vWX6aTDcl
3plT6MXiQuBGWXb/jHHfUEC7s5BtmWtA/Sdxf/oVDothMg48otI6tetzf/Rp6asa
PmmOH99+QE2At4YYbtK3a7/ss7YTjRlJFDED9SsABRGJARUDBSBBYvxIjRlJFDED
9SsBAbW2B/4ttsEK/Tqi7aADS8IEUZK0Apum68kclT4VbTzuunQBFLqfiR2NiCNO
xMA4ar4BIw5q37gl+V90hhwe2tSBBVvnHhCJwvSG8egEj2jq+m73Ov2wrMw7Lef7
o5OfPeBkZEopZSlJoofceOS6E08rQF6VGWsoYMhiF45M3vhI1gdTYoX8SEcRUtqx
0A4a6eCh1AMl+/1KtyWfslmkUY2hIhsb3mdo+H3dkJZ5oD5ANlmcdsxdrCO5dqrz
fZTsp5UieCajSD7tUhhU0yFu5q90IGvbeTZ7fS6j+CKhDkeFTstT0WIUmoq/gvb3
Gsk8VeM2tzn5eZgJMcEzvtXHiQ0zd5GotDlNaWNyb3NvZnQgU2VjdXJpdHkgUmVz
cG9uc2UgQ2VudGVyIDxzZWN1cmVAbWljcm9zb2Z0LmNvbT6JARUDBRA4iWUMjRlJ
FDED9SsBAZgpB/0XmLeOzIS0PJZPrYaTcJ8FqRTGJ4YtdfPbGcvhh6eOKQnUO3X7
m0dvyYgiI5V6rUejLuTc0p47d5dte7LNdf1/ormUeH4zkzRc9W++zPzsEzzTZGU8
S+ZydwSAXEwykWhK05OaGbeZ11D6cyMDPxkNewPaJC+qjhXK3jUf2unDvA4jwYG7
4K7OetPjaRJNpQQT+8r2hyasKkJ0UAmdebqobSJfwZcRGBN9l1oLvpNUca0Ubltz
V/UNHBF5oqEoiPtVd9RNB+j2vHu1cvxDkbDaKUYIma/yQTjdLwqw31E5cI1Ln6Qp
zNlQbzYvztwtgYSaC/YRBdF9K80DfO49cKTuiQBGBDARAgAGBQI/r7EHAAoJEEcx
dTMMgeE8SV8AoIhhcp6kBFp3qFmORDsmxA9BcXX+AKDArVN9Wekum9MY4jRMtAqO
vctzzIkARgQwEQIABgUCP5dh+wAKCRBitBUwiu7kNkv2AJ9ov2PBRjYnfSoORZj2
hea+77qqXgCeLLIrmE5i2JlYd/jBsqWBKSFMbCiJAEYEMBECAAYFAjt6gGUACgkQ
GQzQFUWcpu/oHwCffBoKzX1fsoIteC4kSxd5KuhbblcAoMKaVkk0XNCDnSMIdgAh
YB7GYgLJiQBJBDARAgAJBQI9OraaAh0gAAoJEM6A1gBt+KUHH0sAnipXgrBpKGWB
NW2vbnAVIRtyLATuAJ9OHv5JtWxKFAryOxcn0sB2C/FjyIkARgQwEQIABgUCPxZv
aQAKCRBvBMNExA+h3B9JAJ0WQHPK0UCp8JM+1Y2xziHWHTU9iACglWGGssKpzDbq
B9475tTeL/+i2zY=
=Ff87
-----END PGP PUBLIC KEY BLOCK-----
You are receiving this email because you have communicated with the
Microsoft Security Response Center using PGP in the past.
----- End forwarded message -----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re[2]: [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability
From: 3APA3A (3APA3ASECURITY.NNOV.RU)
Date: Wed Oct 06 2004 - 07:09:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear 3APA3A,
--Wednesday, October 6, 2004, 3:03:12 PM, you wrote to full-disclosurelists.netsys.com:
3> This issue was reported to Symantec, but official reply was received
3> from Symantec their antiviral products are not vulnerable (it's signed):
3> http://www.security.nnov.ru/search/document.asp?docid=4208
Hm.. Actually it's signed in very interesting way...
--
~/ZARAZA
Таким образом этот путь дешевле и к нему легче добраться
тому, кто в состоянии до него добраться. (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] House approves spyware legislation
From: Gregory Gilliss (ggillissnetpublishing.com)
Date: Wed Oct 06 2004 - 07:03:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Great, Not that I'm any fan of spyware, but this is just another law
against hacking. Think - what's the difference between this and someone
using XSS to "take control" of a computer? If you r00t a box and deface
the home page, then you've broken this law.
<sigh> Instead of fixing the problem (poor software security) we pass
laws to punish the people who do the things that illustrate the problem.
Basic philosophical differences, blah blah blah ...
Worst of all, do you really think that the spyware rackets will slow down
or cease because of this? Nope - they'll just migrate out of the jurisdiction.
-- Greg
On or about 2004.10.06 06:03:18 +0000, RandallM (randallmfidmail.com) said:
>
>
> The U.S. House of Representatives voted late Tuesday to restrict some of the
> most deceptive forms of spyware.
>
> By a 399-1 vote, House members approved legislation prohibiting "taking
> control" of a computer, surreptitiously modifying a Web browser's home page,
> or disabling antivirus software without proper authorization.
>
> http://news.com.com/House+approves+spyware+legislation/2100-1028_3-5397822.h
> tml?tag=nefd.top
>
>
> thank you
> Randall M
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Gregory A. Gilliss, CISSP E-mail: greggilliss.com
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Re: real spam from secure
microsoft.com ?
From: Feher Tamas (etomcatfreemail.hu)
Date: Wed Oct 06 2004 - 07:26:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>>Microsoft Security Response Center has generated a new PGP key
>
>looks like spam from securemicrosoft.com ... lamers.
Dear Georgi,
Your attitude towards M$ reminds me of an old joke told by a
late hungarian humorist:
The hare walks in the forest. There comes the wolf and the bear.
They say let's beat up that rabbit.
- But for what reason?
- If he wears a hat, we'll kick him and if he doesn't, we'll
beat him.
So they go to the hare and see he has no hat, so they beat
him badly.
Next day the hare appears again.
The wolf say let's beat him up one more time.
- But for what reason?
- Ask him for a cigarette, if he gives you one without a
filter, we'll knock him out, if he gives you one with a
filter, we will beat him even harder.
So they surround the rabbit and tap him for a cig.
- Would you like a filter cigarette or an unfiltered one, sirs?
- Look 'da motherfucker has no hat!
Bang...
Sincerely: Tamas Feher.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] [SECURITY] [DSA 559-1] New net-acct packages fix insecure temporary file creation
debian-security-announcelists.debian.org
Date: Wed Oct 06 2004 - 07:39:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 559-1 securitydebian.org
http://www.debian.org/security/ Martin Schulze
October 6th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : net-acct
Vulnerability : insecure temporary file
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0851
Debian Bug : 270359
Stefan Nordhausen has identified a local security hole in net-acct, a
user-mode IP accounting daemon. Old and redundant code from some time
way back in the past created a temporary file in an insecure fashion.
For the stable distribution (woody) this problem has been fixed in
version 0.71-5woody1.
For the unstable distribution (sid) this problem has been fixed in
version 0.71-7.
We recommend that you upgrade your net-acct package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1.dsc
Size/MD5 checksum: 562 72c93549d6dd86d7365d206706ff9a62
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1.diff.gz
Size/MD5 checksum: 9950 ab1dd923a4e18d520793c34738d2a8f4
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71.orig.tar.gz
Size/MD5 checksum: 44741 87daae6d4b06144534205b3fc201c058
Alpha architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_alpha.deb
Size/MD5 checksum: 52922 339d98c59e34655dc8762e076251fbd3
ARM architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_arm.deb
Size/MD5 checksum: 50096 f7a21521634202264dacfae238716bf5
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_i386.deb
Size/MD5 checksum: 49346 c90d2f7b3f777905c5f8f90f8edd6b57
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_ia64.deb
Size/MD5 checksum: 58530 df761be43caec7fa543d37279c265afd
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_hppa.deb
Size/MD5 checksum: 51702 145f469e3c2bfae125ff4e0a23729a0a
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_m68k.deb
Size/MD5 checksum: 46882 e1dabe763136c5cfd0b04de8fd691fb7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_mips.deb
Size/MD5 checksum: 49332 7393517e4ac4f83e0fbc6efda5118a2f
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_mipsel.deb
Size/MD5 checksum: 49380 60ae8a7d4c1265fb07adaaf6d49cbe2f
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_powerpc.deb
Size/MD5 checksum: 49824 3442f397b0db858aa4bfb9e4d418a5f4
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_s390.deb
Size/MD5 checksum: 47688 69c06b385a4ff25df34dd60052c88fc4
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_sparc.deb
Size/MD5 checksum: 51684 083a1078e261fd3621f37f17c8305885
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announcelists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBY+dmW5ql+IAeqTIRAuOjAKCcFfAtJBrSdp8RoUiPHkvlmWU3GQCgjJdI
FwMrf2WeGJ47K7dtO5IwHfI=
=Lv9/
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SV: [Full-Disclosure] Truth is stranger than fiction ... Bill Gates was right
From: Peter Kruse (krusekrusesecurity.dk)
Date: Wed Oct 06 2004 - 07:40:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey Feher,
>Mr. William H. Gates III, the legendary co-founder of
>Microsoft Corp. has recently talked about the viral nature
>of the GPL, which spreads open source software like a flu.
>
>Now it has been confirmed that he was right all the time!
>The free ClamAV software already detects the GNU Public
>Licence file as a virus!
Oh yes, I got myself a good laugh!
>This revelation clearly shows how and why Mr. Gates came to
>be the richest man on Earth: he has incredible foresight and
>can tell the signs of time well in advance.
Might be a new heuristic feature or a super advanced sandbox function that
caugh this nasty text file!
I tried uploading this malware to http://www.virustotal.com but still only
ClamAV detects it ;-)
Regards
Peter Kruse
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] real spam from secure
microsoft.com ?
From: Georgi Guninski (guninskiguninski.com)
Date: Wed Oct 06 2004 - 07:47:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 06, 2004 at 02:21:25PM +0200, Vincent Archer wrote:
> On Wed, Oct 06, 2004 at 02:17:32PM +0300, Georgi Guninski wrote:
> > got this in my mailbox.
>
> And for good reason: it was sent to full-disclosure...
>
the forwarded email was not from full disclosure.
the full headers clearly show only m$ servers and final server - no list.
also the FD warez put [Full Disclosure] which clearly is missing from the
subject.
--
georgi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RE: [Full-Disclosure] House approves spyware legislation
From: Todd Towles (toddtowlesbrookshires.com)
Date: Wed Oct 06 2004 - 08:07:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Why make more computer laws...when the current computer laws can not be
enforced correctl? We all know that the CAN-SPAM Act really cut the spam
out of our e-mails *sigh* Then the INDUCE act will make half the stuff
in a normal person's house illegal.
Making laws is just playing around...paper on top of paper doesn't stop
anything. It all falls back to the old saying - Action speaks louder
than words.
> -----Original Message-----
> From: full-disclosure-adminlists.netsys.com
> [mailto:full-disclosure-adminlists.netsys.com] On Behalf Of
> Gregory Gilliss
> Sent: Wednesday, October 06, 2004 7:04 AM
> To: full-disclosurelists.netsys.com
> Subject: Re: [Full-Disclosure] House approves spyware legislation
>
> Great, Not that I'm any fan of spyware, but this is just
> another law against hacking. Think - what's the difference
> between this and someone using XSS to "take control" of a
> computer? If you r00t a box and deface the home page, then
> you've broken this law.
>
> <sigh> Instead of fixing the problem (poor software security)
> we pass laws to punish the people who do the things that
> illustrate the problem.
> Basic philosophical differences, blah blah blah ...
>
> Worst of all, do you really think that the spyware rackets
> will slow down or cease because of this? Nope - they'll just
> migrate out of the jurisdiction.
>
> -- Greg
>
> On or about 2004.10.06 06:03:18 +0000, RandallM
> (randallmfidmail.com) said:
>
> >
> >
> > The U.S. House of Representatives voted late Tuesday to
> restrict some
> > of the most deceptive forms of spyware.
> >
> > By a 399-1 vote, House members approved legislation prohibiting
> > "taking control" of a computer, surreptitiously modifying a Web
> > browser's home page, or disabling antivirus software
> without proper authorization.
> >
> >
> http://news.com.com/House+approves+spyware+legislation/2100-1028_3-539
> > 7822.h
> > tml?tag=nefd.top
> >
> >
> > thank you
> > Randall M
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> --
> Gregory A. Gilliss, CISSP
> E-mail: greggilliss.com
> Computer Security WWW:
> http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83
> D9 B4 14 0E 8C A3
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Re: [Full-Disclosure] real spam from secure
microsoft.com ?
From: Vincent Archer (varcherdenyall.com)
Date: Wed Oct 06 2004 - 07:21:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 06, 2004 at 02:17:32PM +0300, Georgi Guninski wrote:
> got this in my mailbox.
And for good reason: it was sent to full-disclosure...
> looks like spam from securemicrosoft.com
>
> they don't even provide "unsubscribe" instructions.
You can unsubscribe easily from the list.
--
Vincent ARCHER
varcherdenyall.com
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RE: [Full-Disclosure] real spam from secure
microsoft.com ?
From: Todd Towles (toddtowlesbrookshires.com)
Date: Wed Oct 06 2004 - 08:00:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, the e-mail did say this... "You are receiving this email because
you have communicated with the Microsoft Security Response Center using
PGP in the past." Therefore it would make sense that they tell you about
their new PGP key..as long as the sender is real...but that is another
story.
> -----Original Message-----
> From: full-disclosure-adminlists.netsys.com
> [mailto:full-disclosure-adminlists.netsys.com] On Behalf Of
> Georgi Guninski
> Sent: Wednesday, October 06, 2004 6:18 AM
> To: full-disclosurelists.netsys.com
> Subject: [Full-Disclosure] real spam from securemicrosoft.com ?
>
> got this in my mailbox.
>
> looks like spam from securemicrosoft.com
>
> they don't even provide "unsubscribe" instructions.
>
> lamers.
>
> --
> georgi
>
> ----- Forwarded message from Microsoft Security Response
> Center <securemicrosoft.com> -----
>
> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
> Subject: New Microsoft Security Response Center PGP Key [pgp]
> Date: Tue, 5 Oct 2004 15:40:01 -0700
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: New Microsoft Security Response Center PGP Key [pgp]
> Thread-Index: AcSrLElFE3KUx/ffQnuyvPfsYOdiBg==
> From: Microsoft Security Response Center <securemicrosoft.com>
> Cc: Microsoft Security Response Center <securemicrosoft.com>
> X-OriginalArrivalTime: 05 Oct 2004 22:40:30.0206 (UTC)
> FILETIME=[512D71E0:01C4AB2C]
> X-MailScanner-Information: Please contact the ISP for more information
> X-MScanner: Clean
>
> Hello!
>
> The Microsoft Security Response Center has generated a new
> PGP key. We use this key to sign all security bulletin
> notifications and encourage others to use this key when
> sending sensitive information to us. Our new key is available at:
>
> - https://www.microsoft.com/technet/security/bulletin/pgp.mspx
> - ldap://keyserver.pgp.com/ and other public PGP key servers
> - At the bottom of this message
>
> You can verify the fingerprint of our key at:
>
> - https://www.microsoft.com/technet/security/bulletin/pgp.mspx
>
> A revoked copy of our former key is available at:
>
> - ldap://keyserver.pgp.com/ and other public PGP key servers
> - At the bottom of this message
>
> If you would like to submit an encrypted security
> vulnerability report, please email us at securemicrosoft.com.
>
> Sincerely,
> Microsoft Security Response Center
>
>
> New Key (0xAA55BC66):
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: PGP 8.1
>
> mQINBEFi+0EBEACgvngZV4wYosOvN9ZngVtuAK+pasNuLIIv/mmu1NdIMA59d5RB
> QUkx5ZUcN+C3tpSZAhj6u5+oeYH9u5JBsgA+V68kW6Xc1KDeOxDBM4k0yN8SeGt1
> 2Svh8bJoS4XpM2p29eBtCc7Q2vyI+Na4DTkJn0Hmx6tqt1Ey0/KrBs9aacL10ZIM
> ZeHk4VuhZ17eu1BuOzLhWy3Njm+t9rM/EIb3fkfeCrZVLhKXFkPRLdshMFuSkSEz
> cUYiETQfe1D9mAy+VHM3KAkpseal2tRQhVlCqA0vWIZW6J/J/IgS+Nj6IBD3TH75
> ASpLXfYYi7sBJJ01Vpg0kC39/TENIauyKtxtkjjYRTLzzHUR39ZsAD7HtP41K8Co
> MsxHgvMPpqyKrxZk5ydDNf/AbBDQ3I9BhM3awuAeN7QFuNVs0UM+mIAAGpdBFbDf
> ICes60Xa8Q8u36l3U73gaqKb6/eAF/540A2+8T/DANhvq1Q6cOEoqjVMJcp+Fxhf
> zlp6e2MPfMyNg2Uakgrji6fIKqZSVpLFVB+Gi38mJUkmc27RhBp3qNzUnhuVQ3w4
> r7mtOERCo3ueUxkHnlQk5ZLpmBh91k6Z7kZn3ahUABfsLxxJXExjXmp7MKLvoqwy
> pk6Ive5bTIFUdIYL6EUZCUHoTxy/Mzlt17GveceglNxZ5Q6RJwLrCy5eLQARAQAB
> tDlNaWNyb3NvZnQgU2VjdXJpdHkgUmVzcG9uc2UgQ2VudGVyIDxzZWN1cmVAbWlj
> cm9zb2Z0LmNvbT6JAjoEEAECACQFAkFi+0EFCQJBcQAICwkIBwMCAQoCGQEFGwMA
> AAAFHgEAAAAACgkQit4SBqpVvGbgfQ//SiDrz73ASvIa9AC5brB+vV8qZ4fRzlq2
> TS1Q1rjho/KNWCnjbAD8UXQA+Sn7BClm4cclwCYt1wYZEQCfoNXlAp3ebdUgv2iu
> +yYOW9CeUjGqe0BBcnHDNeNzexsAfybxPfSYjSBLwg8k+nZABGlXiVxf+Mg7uHwr
> pFickGFTx9ZpCaxrnhwkHtCO6hgD1Tkmt7hFEX7PT1CHO86BwtKAY2Y/NvyH5pFA
> 7RpUYyXST7iA1P9sxTJq9Vo89ehEePn/DrIqzyvVm3GTBsgjuDlCXilGemyEljHh
> DuM0PWDqqOdUJWiXRcbA8GfbSpxw/aekBxBNMRO7svozY2egbLtf0HjWHNlZWdRT
> kKsbThURK9IehLaN5IbOSfxvEgsm/g7zc8r4X1Et95Nk3svzczbgTlYv8h5lbhcr
> jb5CkB1AwlMYIbjbzACwHKTHI7I/dd+cNk+j1t6cM6g7l23re9TSDdJaGbPJTwDF
> bpx8X9IcMhrz8qBxQI8sYhqQPUwlNAAycfzcz5NjyiSPQp6u0ZQ1RKyqQ3vfzCr0
> ycAISzF3MeUDBe+AXYC5hnNyfIk1R85vJG02Uki0M9P0sGrSkq+WyMtL07xb11S2
> R1N7blFBpme8t/5tuiI/uIFAK0oeX0JJIoXP2PNRiCvSiArkD1B9iqrWX8EeAwhk
> GbKvDhRGyxKJARUDBRBBYvvBjRlJFDED9SsBAaWpB/9lE9bCHI0Tl+Wuq3nc9Mdv
> xJMNo9T79eTl2Dc9iN3XutGA43mifZYjvZtDtu0IJStw3WkU9ONGMGsgOabk1Gs6
> ZSLCWR3pZAIiWUTYkjns/2GsPv5Nr4yWAZYIQM3Z9YpKYRNIo/xmHyuxxFOQ76j8
> 9zmH9O8oOYM+PrrHEgr4i5VJrx3dwt3XCqQCuyBPVVMOz+r01CNeQzPI6EU9k9DZ
> MVfPqn+XxJIwA0Dpm6oM0tj8CwPBgHu6Vh0y4GepWS0E6Go64KGeTs0JkrsCV0mp
> wdIzsLrwrRbwPKPeXSmDObL4htNWpv0yk2Bq81/A46vuCXryeacmtP+kzd1eDXW5
> uQINBEFi+0gBEACXCJy1mdqMCLRg7s5FUHA5M7+pfmAeVlKs8tmTvjocwXcPJxpR
> HcfYzzInuVXYTDpPJMl7rTXi12lFBteHQBi3WZnQKrP+uSlDk0B4l62jiMK9BsGs
> +i9LnRUDPjP9CZBENr3vdfVuVOCZJlV4rIeBCcFYdOWCzj7Q9LGWmmZvD4+1d29J
> Lq/M1jurZsmqLcdLdKd8/OqRxT26bWTZQfC1RgWHeJxAmqMSqAS24d0Yu192+wPK
> PojyrkSAp89Q4PWRZIV8mklY7S+EOtYSoIsK+FKcHt05t9Xcz/3Y5HPVpesJ7YqB
> M1QV/znqtOJSzxfIOdUSRsSvIoI0JGhm3gZn6MqC8aMKZUNx2vxd2e+BpoPkMgML
> uemzGz6hy3JyC6EKnkprSvu7V9h8kNnTSQaMg5E6lgG9SRaANlv59Z+KkT+CPmk6
> 1I6ULJQED1N4KIMW7tnVPUyj4PJVvIjCkUISk+M0aisTidnw6fmPbpxZw18hT48n
> 1sNk0scQbJ/SEt2dMBVre4puQYoQGg89dm1OayvFkujvJPYebj+0FfL+no3VsNdY
> tgmqJ6I2Q3XTv7d7paj1upTB6Tulg8mCiu/MMMRdZ/KtOlWZLSfN6j+TFN+yjE5T
> DmAzKXjUxWVN1ilQg90VFui/NLgRconHaADp0hhNer8FbLt1KnJOSXvyuQARAQAB
> iQIoBBgBAgASBQJBYvtIBQkCQXEABRsMAAAAAAoJEIreEgaqVbxmaVUP/RxWAJHd
> FZETOSc/NRNJ/iHPuBjLjIxiEMkUSKJPpWQa1CS47yryWY9qJsYSfDX+b18LLEJU
> D4jeu4e5I4Ob5fDtOc4yuAK+/+t7pnGJ0J0HL+YYFERrXhXJEZnLyyWAF/cCcV8d
> 9oLMbP0OW1pPjeBk5xOAE5YWNtTXo+T2RjSkBTLbgiDaPqFt9dSXxn3DepBTBlKd
> xc/TX9hxlfoR7skaMtJiE27Y9E1zp0aIadeX7IlVvWKJMPyz8mFrliKdpSeTa+N4
> aEx5F2qEmnBm80zoAquas7vTnHOwpOuH+AeIYCODh8PZRzepKWmu5ZL+heWyYr6Y
> IaKeHYB4gL2xvQykrYlq498ypno7M6dDpUY2fbrh11zVwt1jXQR5VsiqWEE2Amug
> uPsTdQOeDWxfKQkwLAgCo8teyKD0hXTLgQBz0VcbrFQ9U9cxIV+HX0LwkZB5DegT
> ciKIPtwM+/sMzB/KzNMssYz7jiRGRgmLzXF92M2agALOkdb47O8JaYFbI4hqi6as
> t3ov9GTNx+wCI4ki2B0OO46rMkO+YVtEOF+8rEDh0XY0jDa4SG6agWirlVqosgzY
> BjeSbGL8eu6uhaVvs7wctEySX7m432rYkTbKSpN8ODujwVHjUJkf/hCuaQ3/uMSc
> 1HHHG9y2Ge/WbE5hCsjYTBhrQEuIb6MInB3x
> =oTL8
> -----END PGP PUBLIC KEY BLOCK-----
>
>
> Revoked Key (0x3103F52B):
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: PGP 8.1
>
> mQENAziJZQwAAAEIALIflq+a5TJ5+rkJl6u4NtaEgeggoufIFy2O0luplLaE+3sw
> E0MfG7Hr9b9yNLjMOD7/ZakIy4/54ph910K7qx1r3swo97gPuiDf11AhPzpmMe3m
> iP2EV3XeoL0e69GF/AwZ/KB4im+/WMMqwHmF4OjWZX4PWG7QA3YM+mRg8x4768So
> thxKx1sMO/ll1lAqryyzkWO3hODuOs7UiCPy0PgFBtlZ/qJU8VR/8z1vWX6aTDcl
> 3plT6MXiQuBGWXb/jHHfUEC7s5BtmWtA/Sdxf/oVDothMg48otI6tetzf/Rp6asa
> PmmOH99+QE2At4YYbtK3a7/ss7YTjRlJFDED9SsABRGJARUDBSBBYvxIjRlJFDED
> 9SsBAbW2B/4ttsEK/Tqi7aADS8IEUZK0Apum68kclT4VbTzuunQBFLqfiR2NiCNO
> xMA4ar4BIw5q37gl+V90hhwe2tSBBVvnHhCJwvSG8egEj2jq+m73Ov2wrMw7Lef7
> o5OfPeBkZEopZSlJoofceOS6E08rQF6VGWsoYMhiF45M3vhI1gdTYoX8SEcRUtqx
> 0A4a6eCh1AMl+/1KtyWfslmkUY2hIhsb3mdo+H3dkJZ5oD5ANlmcdsxdrCO5dqrz
> fZTsp5UieCajSD7tUhhU0yFu5q90IGvbeTZ7fS6j+CKhDkeFTstT0WIUmoq/gvb3
> Gsk8VeM2tzn5eZgJMcEzvtXHiQ0zd5GotDlNaWNyb3NvZnQgU2VjdXJpdHkgUmVz
> cG9uc2UgQ2VudGVyIDxzZWN1cmVAbWljcm9zb2Z0LmNvbT6JARUDBRA4iWUMjRlJ
> FDED9SsBAZgpB/0XmLeOzIS0PJZPrYaTcJ8FqRTGJ4YtdfPbGcvhh6eOKQnUO3X7
> m0dvyYgiI5V6rUejLuTc0p47d5dte7LNdf1/ormUeH4zkzRc9W++zPzsEzzTZGU8
> S+ZydwSAXEwykWhK05OaGbeZ11D6cyMDPxkNewPaJC+qjhXK3jUf2unDvA4jwYG7
> 4K7OetPjaRJNpQQT+8r2hyasKkJ0UAmdebqobSJfwZcRGBN9l1oLvpNUca0Ubltz
> V/UNHBF5oqEoiPtVd9RNB+j2vHu1cvxDkbDaKUYIma/yQTjdLwqw31E5cI1Ln6Qp
> zNlQbzYvztwtgYSaC/YRBdF9K80DfO49cKTuiQBGBDARAgAGBQI/r7EHAAoJEEcx
> dTMMgeE8SV8AoIhhcp6kBFp3qFmORDsmxA9BcXX+AKDArVN9Wekum9MY4jRMtAqO
> vctzzIkARgQwEQIABgUCP5dh+wAKCRBitBUwiu7kNkv2AJ9ov2PBRjYnfSoORZj2
> hea+77qqXgCeLLIrmE5i2JlYd/jBsqWBKSFMbCiJAEYEMBECAAYFAjt6gGUACgkQ
> GQzQFUWcpu/oHwCffBoKzX1fsoIteC4kSxd5KuhbblcAoMKaVkk0XNCDnSMIdgAh
> YB7GYgLJiQBJBDARAgAJBQI9OraaAh0gAAoJEM6A1gBt+KUHH0sAnipXgrBpKGWB
> NW2vbnAVIRtyLATuAJ9OHv5JtWxKFAryOxcn0sB2C/FjyIkARgQwEQIABgUCPxZv
> aQAKCRBvBMNExA+h3B9JAJ0WQHPK0UCp8JM+1Y2xziHWHTU9iACglWGGssKpzDbq
> B9475tTeL/+i2zY=
> =Ff87
> -----END PGP PUBLIC KEY BLOCK-----
>
>
> You are receiving this email because you have communicated
> with the Microsoft Security Response Center using PGP in the past.
>
> ----- End forwarded message -----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] SUSE Security Announcement: mozilla (SUSE-SA:2004:036)
From: Sebastian Krahmer (krahmersuse.de)
Date: Wed Oct 06 2004 - 08:16:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Announcement
Package: mozilla
Announcement-ID: SUSE-SA:2004:036
Date: Wednesday, Oct 6th 14:36:39 MEST 2004
Affected products: 8.1, 8.2, 9.0, 9.1
SUSE Linux Enterprise Server 8, 9
SUSE Linux Desktop 1.0
Vulnerability Type: various vulnerabilities
Severity (1-10): 5
SUSE default package: yes
Cross References: http://www.mozilla.org/security/
Content of this advisory:
1) security vulnerability resolved:
- various vulnerabilities
problem description
2) solution/workaround
3) special instructions and notes
4) package location and checksums
5) pending vulnerabilities, solutions, workarounds:
- openmotif
6) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion
During the last months a number of security problems have been fixed
in Mozilla and Mozilla based brwosers. These include:
- CAN-2004-0718: content in unrelated windows could be modified
- CAN-2004-0722: integer overflow in the SOAPParameter object constructor
- CAN-2004-0757: heap-based buffer overflow in the SendUidl of POP3 code
- CAN-2004-0758: denial-of-service with malicious SSL certificates
- CAN-2004-0759: read files via JavaScript
- CAN-2004-0760: MIME code handles %00 incorrectly
- CAN-2004-0761: spoofing of security lock icon
- CAN-2004-0762: manipulation of XPInstall Security dialog box
- CAN-2004-0763: spoofing of SSL certificates by using redirects and
JavaScript
- CAN-2004-0764: hijacking the user interface via the "chrome" flag and
XML User Interface Language (XUL) files
- CAN-2004-0765: spoofing SSL certificates due to incorrecting comparsion
of hostnames
- CAN-2004-0902: Several heap based buffer overflows in Mozilla Browsers.
- CAN-2004-0903: Stack-based buffer overflow in the writeGroup function
in vcard handling.
- CAN-2004-0904: Overflow in BMP bitmap decoding.
- CAN-2004-0905: Crossdomain scripting and possible code execution by
javascript drag and drop.
- CAN-2004-0906: XPI Installer sets insecure permissions, allowing local
users to overwrite files of the user.
- CAN-2004-0908: Allow untrusted javascript code to read and write to the
clipboard.
- CAN-2004-0909: Allow remote attackers to trick the user into performing
dangerous operations by modifying security relevant dialog boxes.
2) solution/workaround
Since there is no workaround, we recommend an update in any case
if you use the mozilla browser.
3) special instructions and notes
After successfully updating the package(s) you need to close
all instances of the web browser and restart it again.
4) package location and checksums
Due to the large amount of updated packages and dependencies we do
not provide MD5-sums this time. The updates are cryptographically
signed and are available for download via the Yast Online Update.
______________________________________________________________________________
5) Pending vulnerabilities in SUSE Distributions and Workarounds:
- openmotif
The XPM security problems within openmotif have been fixed. New packages
are available on our ftp servers.
______________________________________________________________________________
6) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum <name-of-the-file.rpm>
after you downloaded the file from a SUSE ftp server or its mirrors.
Then, compare the resulting md5sum with the one that is listed in the
announcement. Since the announcement containing the checksums is
cryptographically signed (usually using the key securitysuse.de),
the checksums show proof of the authenticity of the package.
We disrecommend to subscribe to security lists which cause the
email message containing the announcement to be modified so that
the signature does not match after transport through the mailing
list software.
Downsides: You must be able to verify the authenticity of the
announcement in the first place. If RPM packages are being rebuilt
and a new version of a package is published on the ftp server, all
md5 sums for the files are useless.
2) rpm package signatures provide an easy way to verify the authenticity
of an rpm package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, where <file.rpm> is the
filename of the rpm package that you have downloaded. Of course,
package authenticity verification can only target an un-installed rpm
package file.
Prerequisites:
a) gpg is installed
b) The package is signed using a certain key. The public part of this
key must be installed by the gpg program in the directory
~/.gnupg/ under the user's home directory who performs the
signature verification (usually root). You can import the key
that is used by SUSE in rpm packages for SUSE Linux by saving
this announcement to a file ("announcement.txt") and
running the command (do "su -" to be root):
gpg --batch; gpg < announcement.txt | gpg --import
SUSE Linux distributions version 7.1 and thereafter install the
key "buildsuse.de" upon installation or upgrade, provided that
the package gpg is installed. The file containing the public key
is placed at the top-level directory of the first CD (pubring.gpg)
and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
- SUSE runs two security mailing lists to which any interested party may
subscribe:
suse-securitysuse.com
- general/linux/SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribesuse.com>.
suse-security-announcesuse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribesuse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-infosuse.com> or
<suse-security-faqsuse.com> respectively.
=====================================================================
SUSE's security contact is <securitysuse.com> or <securitysuse.de>.
The <securitysuse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular,
it is desired that the clear-text signature shows proof of the
authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <securitysuse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <buildsuse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQWPsxHey5gA9JdPZAQGMcwf/TCYBxw1SszOxykVCoBjSOP9/afp2f8S/
Zkf7rh+dti+C/JcqVpzNhu8C9TRsECoTWCqsV6m7+VIak1REUW0Tc6EwR43yDqUc
1G9VPbYX7+T5Wv6mE2zU7VGKqBXSYQPHqFCX5/Q+gR099QNxpWT/1QxmTefPuy/p
wKwqIaBz0OISxFs20bR3ZS9Lwr0Uu5V9SFwn9I0qiDb0fwzRxmGTzVFura8k87oH
l5ww/EKb2bgFqsu5aHanAQWsWg6S9K8l+Y6Jah72EXzPcy1QT6UBkHdj9zk2f8+f
6ENyU1qpTG2A4ZKWOWCUWl2uQ4kYZtdBX+4EP3ryM5V5xszxACQdpQ==
=S9Fr
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Full-Disclosure] Re: Thanks :)
From: Scheidell (scheidellsecnap.net)
Date: Wed Oct 06 2004 - 09:01:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]