John,
The following line is within the list charter: Alterations will be made
after consultation with list members and a consensus has been reached.
I would like to suggest that advertising for products and tools (free or
otherwise) be limited to just an initial announcement to tell people about
> I would like to suggest that advertising for products and tools (free or
> otherwise) be limited to just an initial announcement to tell people about
> the tool.
Meh. Most authors keep the volume of their announcements low, and only
highlight genuinely interesting updates. I think it's beneficia
I don't see why people are able to directly link to "I'm Feeling Lucky"
Google search results in the first place. Can anyone think of a
practical use for it?
Leon Kaiser - Head of GNAA Public Relations -
litera...@gnaa.eu || lit
Bing?
--- Original Message ---
>From: Leon Kaiser[mailto:litera...@gmail.com]
Sent: 4/12/2011 1:05:37 PM
To : full-disclosure@lists.grok.org.uk
Cc :
Subject : RE: Re: [Full-disclosure] Google Search Feature Exploitation Scenario
I don't see why people are able to dire
I agree this is a discussion worth having. I think the policy should be
more objective to give us a clear policy to abide by and enforce.
Suggestions for policy:
1)No tool announcements.
Best rational I can think of for this one: Tool announcments should go
to the specific group they are for. Pen
Leon Kaiser wrote:
> I don't see why people are able to directly link to "I'm Feeling Lucky"
> Google search results in the first place. Can anyone think of a
> practical use for it?
Putting a Referer check on "I'm Feeling Lucky" was suggested back
in/around September 2007, but as it still works
Just keep that simple, the post hit the non acceptable content.
"Gratuitous advertisement, product placement, or self-promotion is forbidden."
My opinion, but if the product could be free, like it was, then I
don't mind seeing those kind of post, but for anything commercial FD
is not there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2218-1 secur...@debian.org
http://www.debian.org/security/Nico Golde
April 12, 2011
On Tuesday 12 April 2011 03:36:24 Vincent Danen wrote:
> * [2011-04-11 22:07:24 +0100] Tim Brown wrote:
> >I was recently taking a look at Konquerer and spotted an example of
> >universal XSS. Essentially, the error page displayed when a requested
> >URL is not available includes said URL. If sai
Didn't seem to wrok for me:
http://www.google.com/search?hl=en&q=easyratemortage+tax+deductible+mortgage
+refinancing+strategy&btnI=AaEbK6r0Kz0r9JU4b
On Tue, Apr 12, 2011 at 4:05 AM, Leon Kaiser wrote:
> I don't see why people are able to directly link to "I'm Feeling Lucky"
> Google search
I agree with Steve. I joined this list for learning about the latest security
vulnerabilities. It is a great method of staying current with everything going
on in the IT Sec world. I think I can speak for some people saying we did not
join to have a "free but donation required" tool promoted eve
[Full-Disclosure] Mailing List Charter
John Cartwright
- Introduction & Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with security issues and the
The question is, do we really need this feature ? How many people really use
"I'm feeling Lucky".
Can't Google implement something more 'useful' on the search home
page..thoughts ?
On Tue, Apr 12, 2011 at 5:52 PM, Nick FitzGerald
wrote:
> Leon Kaiser wrote:
>
> > I don't see why people are able t
@Cal Try this...
http://www.google.com/search?q=esploit&btnI
http://www.google.com/search?q=esploit+zeus&btnI
http://www.google.com/search?q=0x+t35&btnI&safe=active
some of them didn't work aswell..
http://www.google.com/search?q=0x+t35&btnI
http://www.google.com/search?q=hello+hacker&btnI
b
On Mon, 11 Apr 2011 23:05:37 EDT, Leon Kaiser said:
> I don't see why people are able to directly link to "I'm Feeling Lucky"
> Google search results in the first place. Can anyone think of a
> practical use for it?
For rickrolls, or course.
pgpchpfWmHgdw.pgp
Description: PGP signature
Dear all,
please find enclosed the call for participation for IMF 2011.
See the program at:
http://www.imf-conference.org/imf2011/program.html
The conference will take place from Tuesday, May 10th through Thursday,
May 12th in Stuttgart, Germany.
Registration Details can be found at:
http://www
> 2)Only announcements for OSI approved projects. Webappsec has this
> policy I think, and it rewards people who share the most openly.
I would argue that something like this is the best for full
disclosure. Afterall, if you release a tool, your techniques are not
really fully disclosed if you k
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2011:074
http://www.mandriva.com/security/
_
That's your cue, guys who reported every single program using the same DLL
vulnerable to DLL hijacking! Find those bad certs and start reporting every
single application using Qt! THE WORLD IS COUNTING ON YOU TO INFORM US OF
THESE THREATS TO OUR SECURITY.
On Apr 12, 2011 10:19 AM, wrote:
> -B
Hello list!
I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse
of Functionality and Denial of Service vulnerabilities in Live Wire 2.0 and
Live Wire Style themes for WordPress. These are another two themes which
are a part of Live Wire series together with Live Wire Edition
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-119
April 12, 2011
-- CVE ID:
CVE-2011-1345
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Microsoft
-- Affected Products:
ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-120
April 12, 2011
-- CVE ID:
CVE-2011-0101
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Microsoft
-- Affected Products:
Micr
ZDI-11-121: Microsoft Office XP Data Validation Record Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-121
April 12, 2011
-- CVE ID:
CVE-2011-0105
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Microsoft
-- Affected Products:
Mic
On 04/12/2011 09:04 AM, phil wrote:
> Just keep that simple, the post hit the non acceptable content.
>
> "Gratuitous advertisement, product placement, or self-promotion is
> forbidden."
>
>
>
> My opinion, but if the product could be free, like it was, then I don't
> mind seeing those kind of
What to do about it? It's not moderated?
Just ignore stuff and use the often used key called delete. Simple as that
=)
// rancor
Den 12 apr 2011 21.16 skrev "Steve Pinkham" :
> On 04/12/2011 09:04 AM, phil wrote:
>> Just keep that simple, the post hit the non acceptable content.
>>
>> "Gratuitous
Yeah, I second that.
Where do you draw the line if you do start making up rules like that? What
about a vulnerability like path-disclosure or insufficient anti-automation?
Granted they're not huge bugs, but they ARE bugs.
There's crap I don't want to read on this list, but that's a decision I
> It's whatever, un-moderated means exactly that. No-one can tell anyone else
> what to release/write. Period.
Of course you can. That's what the charter is for. Unmoderated means
simply that the charter is usually not proactively enforced (but even
that is hardly an absolute guarantee).
/mz
__
ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-122
April 12, 2011
-- CVE ID:
CVE-2011-1426
-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:P/A:C)
-- Affected Vendors:
RealNetworks
-- Affected Products:
Re
ZDI-11-123: Microsoft PowerPoint TimeCommandBehaviorContainer Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-123
April 12, 2011
-- CVE ID:
CVE-2011-0655
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Microsoft
-- Affected Products:
Micro
ZDI-11-124: Microsoft PowerPoint TimeColorBehaviorContainer Floating Point
Record Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-124
April 12, 2011
-- CVE ID:
CVE-2011-0655
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Microsoft
-- Affe
ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-125
April 12, 2011
-- CVE ID:
CVE-2011-0656
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Microsoft
-- Affected Products:
Micro
I agree, un-moderated doesn't mean that people can't be banned for breaking
the rules or being a troll...
Pete
On 13 April 2011 06:35, Michal Zalewski wrote:
> > It's whatever, un-moderated means exactly that. No-one can tell anyone
> else what to release/write. Period.
>
> Of course you can. T
Cal Leeming wrote:
> Didn't seem to wrok for me:
>
> http://www.google.com/search?hl=en&q=easyratemortage+tax+deductible+mortgage
> +refinancing+strategy&btnI=AaEbK6r0Kz0r9JU4b
It certainly did when I first reported that URL back in Sep 2007.
A far from exhaustive bit of testing just now show
Actually, the filtering seems to be based on the accuracy of the first hit
set.
http://www.google.com/search?q=hacker&btnI - win
http://www.google.com/search?q=hello+hacker&btnI - fail
http://www.google.com/search?q=hello+hack&btnI - win
http://www.google.com/search?q=hello+hac&btnI - fail
http://
$(function() {
var
_0xafd3=["\x74\x20\x3D\x20\x22","","\x6A\x6F\x69\x6E","\x72\x65\x76\x65\x72\x73\x65","\x73\x70\x6C\x69\x74","\x72\x65\x70\x6C\x61\x63\x65","\x22"];eval(_0xafd3[0]+s[_0xafd3[5]](/ZPAK/gi,_0xafd3[1])[_0xafd3[5]](/\",\"/gi,_0xafd3[1])[_0xafd3[5]](/\"/gi,_0xafd3[1])[_0xafd3[4
On Tuesday 12 Apr 2011, Steven Pinkham wrote:
> [snip]
> 2)Only announcements for OSI approved projects. Webappsec has this
> policy I think, and it rewards people who share the most openly.
OSI doesn't approve projects, only licences. I presume you mean "Only
announcements for projects release
Other than a parse error? Nothing.
On Tue, Apr 12, 2011 at 11:28 PM, Cal Leeming wrote:
> $(function() {
> var
> _0xafd3=["\x74\x20\x3D\x20\x22","","\x6A\x6F\x69\x6E","\x72\x65\x76\x65\x72\x73\x65","\x73\x70\x6C\x69\x74","\x72\x65\x70\x6C\x61\x63\x65","\x22"];eval(_0xafd3[0]+s[_0xafd
37 matches
Mail list logo
