Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction

That's been on tracksomebody.com forever. See http://tracksomebody.com/?p=173 William Reyor @wreyor > On Apr 3, 2014, at 12:07 PM, illwill wrote: > > did you know the second section of the filename is the users actual > facebook user id? > 6549_*16544614736*_44875_n.jpg > https://www.facebo

[FD] XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)

I. VULNERABILITY - XSS Reflected vulnerabilities in OS of FortiADC v3.2 II. BACKGROUND - Fortinet's industry-leading, Network Security Platforms deliver Next Generation Firewall (NGFW) security with exceptional throughput, ultra low latency, an

Re: [FD] Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction

did you know the second section of the filename is the users actual facebook user id? 6549_*16544614736*_44875_n.jpg https://www.facebook.com/profile.php?id=*16544614736 * -illwill illw...@illmob.org http://illmob.org On 4/1/2014 5:59 AM, Bipin Gautam wrote: > Hi List, > > I felt like

Re: [FD] CBS Sports/CBS Interactive Security Contacts?

FYI: the email address is info...@cbsinteractive.com. Also, their responsible disclosure policy discourages responsible disclosure: "CBS Responsible Disclosure Guidelines Thank you for your interest in keeping CBS systems, websites and applications secure. Please inform us immediately regarding an

[FD] Announcing sysdig: a new open source system exploration tool

I'd like to announce a new open source project called sysdig. http://www.sysdig.org/ https://github.com/draios/sysdig You can use sysdig to capture system state and activity from a running Linux instance, then save, filter and explore. Think of it as strace + tcpdump + lsof. It has a couple

[FD] Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability

Document Title: === Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1249 Release Date: = 2014-04-01 Vulnerability Laboratory ID (VL-ID): =

Re: [FD] Security flaw in Full Disclosure mailing list

On Wed, Apr 02, 2014 at 07:30:38PM -0400, Jeffrey Walton wrote: > On Wed, Apr 2, 2014 at 4:25 PM, Ron wrote: > > That doesn't change the fact that it's storing the passwords in > > plaintext, though, it just hides the 'your passwords are completely > > insecure' issue a little bit. > Mailman 3 mig

Re: [FD] [Full-disclosure] Bank of the West security contact?

On Wed, Apr 2, 2014 at 4:42 PM, Eric Rand wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > BoA has no incentive to switch, as the customers have not demanded > more secure ATMs, and it's cheaper to have 'hacking insurance' to > cover any losses than it would be to replace all their ATM