coderman wrote:
> On Sun, Jun 8, 2014 at 4:03 AM, Paul Vixie wrote:
>> ...
>> i am not a lawyer either. i started MAPS, the first anti-spam company,
>> in 1997 or so, and became the most-sued person i know. i may be the
>> most-sued person you'll ever know.
>
> you have had interesting experienc
Pedro Ribeiro wrote:
> On 8 June 2014 12:03, Paul Vixie wrote:
>
>> it's generally good text other than these structural matters. you'll want a
>> real lawyer to look at it before you try to use it, and maybe before you
>> process my suggestion above. we have two non-practicing lawyers in the
>>
The link, sorry:
http://www.scadastrangelove.blogspot.com/2014/06/at-positive-hack-days-iv-www.html#more
2014-06-09 1:27 GMT+04:00 scadastrangelove :
> Slides and some details on Siemens WinCC OA, S7 1200 and S7 1500 PLC, ABB,
> SmartGrid and SCADA In da Cloud
>
Slides and some details on Siemens WinCC OA, S7 1200 and S7 1500 PLC, ABB,
SmartGrid and SCADA In da Cloud
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldiscl
Paul Vixie wrote:
> ...
>
> "i wish to enter into a no-fee relationship with you wherein you will
> receive certain valuable information at no monetary cost. the only
> requirement you would have to meet in order to receive this and future
> potentially valuable information is absolute fidelity t
codeinject.org wrote:
> any lawyer will dismiss this in court stating it was signed under duress.
in my proposed model, the only recourse a researcher has against vendor
nonperformance is future silence. in your scenario above the lawyer in
question would be trying to argue that future silence w
On 8 June 2014 09:16, Owen Tuz wrote:
> I am also not a lawyer, but think you would have serious problems getting
> this to hold up in any court.
>
> What you're describing is equivalent to the email disclaimers used by many
> businesses - "If you have received this email in error, please delete i
any lawyer will dismiss this in court stating it was signed under duress.
Also it sounds an awful lot like blackmail.
I think you should either make the gamble, or let a ZDI, Exodus, VUPEN etc
do the disclosure on your behave.
or just go full diclosure on them =)
On 2014-06-08 04:03, Paul Vixie wrote:
this is concerning, for two reasons.
first, for enforceability, a contract requires exchange of
consideration. what's yours? i can see that the vendor is receiving
something of value (the disclosure) but it's not clear what you're
getting in return beyond t
Keep in mind you can always be sued. No matter what 'legal' document you may
have. I'm the third down on that attrition list.
This brings to mind this recent blog from John Strand:
http://pen-testing.sans.org/blog/pen-testing/2014/06/04/five-things-every-pen-tester-should-know-about-working-wit
Pedro Ribeiro wrote:
> ...
>
> I am not a lawyer, so I would like everyone's opinion (lawyer or not)
> on whether this would actually provide any protection.
i am not a lawyer either. i started MAPS, the first anti-spam company,
in 1997 or so, and became the most-sued person i know. i may be the
Given that everything in that zone is public anyway, what's the problem?
I agree that locking down zone transfers is best practise, and allowing open
transfers is odd, but this one looks simple enough and straightforward enough
that I have trouble getting too excited about public information bei
Truecrypt is either stupid or its they way of telling everyone
something is wrong.
Why?
root@kali:~# fierce -dns truecrypt.org
DNS Servers for truecrypt.org:
ns1.truecrypt.org
ns2.truecrypt.org
Trying zone transfer first...
Testing ns1.truecrypt.org
Whoah, it worked - misconfigured DN
As you all know, responsible disclosure can be hard.
You want to do the right thing, give the vendor some time to fix the
issue, protect its customers, etc; but the first thing the vendor does
is to threaten to sue / arrest / beat up / kill you.
Fortunately this is happening less and less, but the
|Exploit Title: Multiple Stored XSS vulnerabilities in SpiceWorks
Ticketing system
CVE: CVE-2014-3740
Vendor: SpiceWorks
Product: SpiceWorks IT ticketing system
Affected versions: any version below||7.2.00195
Fixed version: 7.2.00195
|||
|1. About the application:|
|===|
|||
On 02/06/2014 21:13, David Fifield wrote:
> There is an HTML version of this document with screenshots at
> https://www.bamsoftware.com/sec/goagent-advisory.html.
>
> * GoAgent installs a root CA certificate with a known private key
> * Test page
> * Mitigation
> * How to remove
Hi FD,
So I got bored/felt nostalgia and decided I would go through the hotscripts
website and audit the top 10 most popular PHP scripts (PHP being my most
proficient language). Y'know, for practice or something.
Unfortunately, there were a number of factors that frustrated this effort:
* Most of
Pcredz was designed to dump useful information on the fly, from a pcap file
or from a pcap directory.
Unlike tools like, for example Breachprobe, Pcredz is highly effective and
fast just to meet your pentest needs.
What Pcredz does right now from a live interface or pcap file:
- Identify Card
18 matches
Mail list logo
