Re: [Full-disclosure] [SECURITY] [DSA 2502-1] python-crypto security update

On Sun, Jun 24, 2012 at 7:35 PM, coderman wrote: > how many of you fools mix a hw entropy source into your crypto keying? > > ever hear of 82802? XSTORE? RDRAND? lava lamps? I have a server with one of these in it: http://www.entropykey.co.uk/ although I still need to find a reasonably secure w

[Full-disclosure] [ MDVSA-2012:100 ] rsyslog

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:100 http://www.mandriva.com/security/ _

[Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

Do you know? Even in DNS take down you can youcan access your favourite sites. People may think that in DNS shoutdown they can lost access to their addicted websites. But after reading this article you will know how easily you can access your websites. You can access them by typing their IP a

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

Hi, > But after reading this article you will know how easily you can access your > websites. You can access them by typing their IP address in your web-browser. > > Copy the IP addresses given below: > > tumblr.com 174.121.194.34 > wikipedia.org 208.80.152.201 partially true and not always th

Re: [Full-disclosure] server security

It depends what the attackers motive is. Is he/she trying to get as many machines infected as he/she can. Or is he/she trying to get into YOUR network. My 2c On 21/06/2012 20:20, Thor (Hammer of God) wrote: > I completely agree with Gage. The way I see it, security through obscurity > is perfec

[Full-disclosure] Root Exploit Western Digital's WD TV Live SMP/Hub (all released firmware releases)

Introduction The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.[1] The device allows customization of its user interface and limited remo

[Full-disclosure] [SECURITY] [DSA 2498-1] dhcpcd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2498-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez June 23, 2012

[Full-disclosure] [SE-2012-01] Security weakness in Apple QuickTime Java extensions (details released)

Hello All, Security Explorations decided to release technical details and accompanying Proof of Concept code for a security vulnerability in Apple QuickTime software. This move is made in a response to Apple's evaluation of a reported issue as a "hardening issue" rather than a security bug [1].

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

And you're trying to impersonate someone by using my email address as sender? I don't get it. Received: from emkei.cz (emkei.cz [46.167.245.118]) by lists.grok.org.uk (Postfix) with ESMTP id BBB2CCB for ; Mon, 25 Jun 2012 19:14:27 +0100 (BST) Received: by emkei.cz (Postfix,

[Full-disclosure] Exploit for Intel SYSRET "vulnerability" on FreeBSD

https://www.youtube.com/watch?v=1UeJXokbja0 Exploit release coming soon... ;-) Cheers, Hunger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Sunday Fodder

On Sun, Jun 24, 2012 at 4:06 PM, Thor (Hammer of God) wrote: > For the FB’ers out there, the “Hacker News” (arguably accurate) has posted > an incendiary photo alleging US soldier posing with the dead and supposedly > engaged in “The Ichabod.”  The funny part of it is to go through and count > the

Re: [Full-disclosure] Warning is about APT

Hi mustntlive could you maybe try a better translation service so that it's easier to understand the meaning of your messages? (I assume this is automated translation from your native language) thanks however for this great site about APT. it's really great !! (i'm not just saying this because i

[Full-disclosure] CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: HTTP POST interfaces in the Roller admin/editor console were not protected from CSRF attacks. This issue has been

[Full-disclosure] CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: Roller trusts bloggers to post HTML and JavaScript code in the weblog and for some sites this can be a problem be

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is that so? As far as I know if the host has multiple websites you need more info than just the IP. For example, my webpage (nakerium.com) is in a shared hosting. If I ping it it says that its IP is: 159.253.149.218 However, if I just enter that IP in

[Full-disclosure] Entropy distribution to virtual machines

On Mon, Jun 25, 2012 at 12:21 AM, BMF wrote: > ... > I have a server with one of these in it: > > http://www.entropykey.co.uk/ > > although I still need to find a reasonably secure way to share the > entropy with all of my VMs where it is really needed. check out http://www.vanheusden.com/entropy

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

quick quick nuke the co-ord [ 49°28'14" North | 16°56'48" East ] On Mon, Jun 25, 2012 at 2:49 PM, Jardel Weyrich wrote: > And you're trying to impersonate someone by using my email address as > sender? I don't get it. > > Received: from emkei.cz (emkei.cz [46.167.245.118]) >by lists

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

And don't forget lists.grok.org.uk 127.0.0.1 On Jun 25, 2012 11:15 AM, "Jardel" wrote: > Do you know? Even in DNS take down you can youcan access your favourite > sites. > > People may think that in DNS shoutdown they can lost access to their > addicted websites. > > > But after reading this art

Re: [Full-disclosure] server security

Well, even if they are trying to get into your network specifically, you make them do more work. They have to scan *and* identify the services. The more scanning, fingerprinting, posting, peeking and poking they do (see what I did there? :) ) the louder they are and the more likely the attack

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

What, no one uses the HOSTS file anymore? [Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig] Timothy "Thor" Mullen www.hammerofgod.com Thor's Microsoft Security Bible

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

> Do you know? Even in DNS take down you can youcan access your favourite > sites. > > People may think that in DNS shoutdown they can lost access to their > addicted websites. > > > But after reading this article you will know how easily you can access > your websites. You can access them by typin

Re: [Full-disclosure] How to access your favorite sites in the event of a DNS takedown ?

I like this thread =) kind of the surf'aholic disaster plan for idiots and it's amusing in its own sad way On Jun 25, 2012 9:52 PM, wrote: > > Do you know? Even in DNS take down you can youcan access your favourite > > sites. > > > > People may think that in DNS shoutdown they can lost access to

Re: [Full-disclosure] Warning is about APT

You know that was not for real, just someone making fun of one of the characters on the list. Don't waste your time On Jun 25, 2012 9:09 PM, "c-APT-ure" wrote: > Hi mustntlive > > could you maybe try a better translation service so that it's easier to > understand the meaning of your messages? (