On 04/06/2014 11:54 AM, Jeffrey Walton wrote:
On Sun, Apr 6, 2014 at 4:24 AM, Henri Salo wrote:
Basic examples, which I have personally encountered:
1) Not allowed to port scan. Some ISPs are already monitoring and warning users
in case they do port scanning, but the reason for alerting might
Hey Salo.
I know that the act of port scanning without permission
is illegal even though easily done thanks to Fyodor's nmap.
The thing is that I find it really funny that I can not distribute
nmap legally to a friend at some other point of the Internet
and ask him to port scan my IP address.
T
MacOSX/XNU HFS Multiple Vulnerabilities
Maksymilian Arciemowicz
http://cxsecurity.com/
http://cifrex.org/
===
On November 8th, I've reported vulnerability in hard links for HFS+
(CVE-2013-6799)
http://cxsecurity.com/issue/WLB-2013110059
The HFS+ file system does not apply strict
"fun; i keep waiting for these vulns to get old, but it's just still
funny, every time!"
And seems to me that not all XSS vulnerabilities are being dealt with
in an extensive manner. So, albeit dealing with this specific
vulnerability in 5 days, looks like ASUS is dealing with XSS
vulnerabilities
On Fri, Apr 4, 2014 at 2:25 PM, Craig Young wrote:
> SOHO router security is quite bad. This is far from an isolated ping
> injection as most home routers don't bother to sanitize input going to
> ping functionality.
in case that wasn't clear, multiple international SOHO router hardware
shops ar
On Fri, Apr 4, 2014 at 11:08 AM, Palula Brasil wrote:
>...
> Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web
> Interface
> ...
> * Impact: This vulnerability allows for performing attacks against third party
> users of the ASUS RT-AC68U web management platform, by
bump; recent relevance:
On Sat, Jan 4, 2014 at 3:35 PM, scadastrangelove
wrote:
> ... a collection of our 30C3 releases in one post.
>
> ICS/SCADA/PLC Google/Shodan Cheat Sheet
> THC Hydra with Siemens S7-300 support
> Slides and video from SCADA Strangelove 2 talk.
> "A Hacker Disneyland" by @yg
On Fri, Apr 4, 2014 at 3:58 AM, Bryan Bickford wrote:
> ...
> I am a security researcher who is working on a project in my free time,
> without going into details - the project will end with a powerful tool
> being publicly released.
yes, but released under what license? :)
> Obviously most cy
On Sun, Apr 6, 2014 at 2:02 AM, Bryant Smith wrote:
> I am out of the office until 04/08/2014.
please send pwndroid fedex malware trojan hardware care of Bryant
Smith where it will sit on his desk pwning away uninterrupted for
days.
full disclosure: auto-responders on public lists is bad opsec.
On Sun, Apr 6, 2014 at 4:24 AM, Henri Salo wrote:
> On Sat, Apr 05, 2014 at 01:23:51PM +0300, Toni Korpela wrote:
>> Greetings from Finland.
>>
>> I know that here it is illegal to import, manufacture, sell
>> or otherwise distribute such machine or software which
>> are designed to endanger or ha
On Fri, Apr 4, 2014 at 3:29 PM, John Young wrote:
> Would you suggest it is time to license security professionals like
> architects, engineers, doctors and others lawfully empowered to
> police hazardous systems in the public interest?
the industry itself is the problem; no more security differe
On Sat, Apr 05, 2014 at 01:23:51PM +0300, Toni Korpela wrote:
> Greetings from Finland.
>
> I know that here it is illegal to import, manufacture, sell
> or otherwise distribute such machine or software which
> are designed to endanger or harm information and
> communication systems.
Basic examp
12 matches
Mail list logo
