Next Page >>
Three
Please be sure to include the following information in your submission:
- Presentation name
- A one-sentence synopsis of your topic
- A longer one to three paragraph synopsis or short outline of what
you plan on covering
- Names, email addresses and URLs of the presenter(s)
- A short (single-paragraph) biography of the presenter(s)
Once everything is ready to go, please email your submission to cfp
Hello,
I have seen many web-sites include Javascript hosted by 3rd parties
especially over the last year. It seems that 3rd parties use this fact
in their marketing to convince others that this is good. The 3rd
parties usually don't provide any security assurances or evaluations.
One should consider the 3rd party as less secure then for example a
highly federally regulated entity unless the 3rd party can produce
documentation and certified audits to the contrary.
calendar file format (which uses the '.ics' filename extension) [1] and
the CalDAV protocol for calendar sharing [2]. There is a growing number
of web sites providing calendars files and open subscription to calendar
updates [3][4][5].
Three vulnerabilities discovered in the iCal application may allow
un-authenticated attackers to execute arbitrary code on vulnerable
systems with (and potentially without) the assistance from the end user
of the application or to repeatean resource liberationdly execute a
denial of service attack to crash the iCal application.
calendar file format (which uses the '.ics' filename extension) [1] and
the CalDAV protocol for calendar sharing [2]. There is a growing number
of web sites providing calendars files and open subscription to calendar
updates [3][4][5].
Three vulnerabilities discovered in the iCal application may allow
un-authenticated attackers to execute arbitrary code on vulnerable
systems with (and potentially without) the assistance from the end user
of the application or to repeatean resource liberationdly execute a
denial of service attack to crash the iCal application.
>>> it comes
>>> to promises...
>>>
>>> So... with all this commentary, in the end, I still didn't read from
>>> the
>>> "big'uns" on whether or not a 3rd party open-source patch would be
>>> released... I sure miss the days that people back in the day who
>>> cared would
>>> :) In the end I realize, it sounds like a total over-haul of the TCP/IP
>>> stack is required; but does it really have to? Really?
>>>
state WHAT they would support, they seem to be legally free to actually get
away with this BS *sigh* gotta love insurance-salesman-tactics when it comes
to promises...
So... with all this commentary, in the end, I still didn't read from the
"big'uns" on whether or not a 3rd party open-source patch would be
released... I sure miss the days that people back in the day who cared would
:) In the end I realize, it sounds like a total over-haul of the TCP/IP
stack is required; but does it really have to? Really?
How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
> state WHAT they would support, they seem to be legally free to actually get
> away with this BS *sigh* gotta love insurance-salesman-tactics when it comes
> to promises...
>
> So... with all this commentary, in the end, I still didn't read from the
> "big'uns" on whether or not a 3rd party open-source patch would be
> released... I sure miss the days that people back in the day who cared would
> :) In the end I realize, it sounds like a total over-haul of the TCP/IP
> stack is required; but does it really have to? Really?
>
> How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
> state WHAT they would support, they seem to be legally free to actually get
> away with this BS *sigh* gotta love insurance-salesman-tactics when it comes
> to promises...
>
> So... with all this commentary, in the end, I still didn't read from the
> "big'uns" on whether or not a 3rd party open-source patch would be
> released... I sure miss the days that people back in the day who cared would
> :) In the end I realize, it sounds like a total over-haul of the TCP/IP
> stack is required; but does it really have to? Really?
>
> How effective is what Tom Grace suggests? Unless I'm misunderstanding, he's
=======
Cisco ASA 5500 Series Adaptive Security Appliances are affected by
multiple vulnerabilities as follows:
* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
information from social network sites obtained out of context, can be
used to identify a user in cases where anonymity is taken for granted.
This attack (dubbed Cross Site Identification, or CSID) assumes the
following scenario: A user that is currently logged on to her social
network account visits a 3rd party site, supposedly anonymously, in
another browser tab. The 3rd party site causes her browser to contact
the social network site and exploit the vulnerability resulting in her
identity being disclosed to the attacker. The 3rd party target site is
not necessarily controlled by the attacker. It could also be, for
example, any site allowing user provided content that includes an
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
It's only "default" for people running XP standalone/consumer that are
not even in a home network settings.
That kinda slices and dices that default down to a VERY narrow sub sub
fact that only the long versions of file and folder names will be
restricted and the alias will not match the long filename.
Referencing files using their 8.3 aliases can even change how the files
are handled, due to truncation of the file extension in the event that
the file extension is longer than three characters. This problem is
exacerbated by the fact that intermediary systems used for things like
load balancing and caching do not have access to the actual file system
being accessed and need to convert any filenames and pathnames with
restrictions to their 8.3 alias before comparing to user data, which,
given the presence of other files or folders on the system with similar
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
> Sent: Wednesday, September 16, 2009 10:16 AM
> To: Thor (Hammer of God)
> Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> It's XP. Running in RDP mode. It's got IE6, and wants antivirus. Of
> course it's vulnerable to any and all gobs of stuff out there. But
> it's
> goal and intent is to allow Small shops to deploy Win7. If you need
First of all, readers of both Bugtraq and Full-disclosure must understand,
that if you had no questions to my first advisory (from this series of
advisories (I posted three already) of vulnerabilities in browsers,
which belong to group of DoS via protocol handlers), then there must be no
questions for next advisories. Otherwise it'll be double standards (not
moaning on 1st advisory and moaning on 2nd and 3rd ones) and as I already
wrote to the lists, double standards are bad and better to not use them.
Second, I repeat one more time :-), that there can be also made attack
without using JS (as I mentioned in all my advisories). And yesterday I
posted my new advisory, where I published pure-iframe (without JS) version
>> -----Original Message-----
>> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
>> Sent: Wednesday, September 16, 2009 10:16 AM
>> To: Thor (Hammer of God)
>> Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>
>> It's XP. Running in RDP mode. It's got IE6, and wants antivirus. Of
>> course it's vulnerable to any and all gobs of stuff out there. But
>> it's
>> goal and intent is to allow Small shops to deploy Win7. If you need
Reference:
http://forum.intern0t.net/intern0t-advisories/1082-intern0t-sitecore-net-6-0-0-cross-site-scripting-vulnerability.html
Disclosure Information:
- Vulnerability found and confirmed between 1st and 3rd June 2009.
- SiteCore contacted the 3rd June 2009.
- Published at InterN0T the 3rd June 2009.
- Bugtraq contacted the 3rd June 2009.
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 8:21 AM
> To: Thor (Hammer of God); Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> I agree that the FAQ explanation in the advisory is vague about what
> protection the firewall provides. One clue I would infer about it is
> that they rated this a "Low" threat. If it were vulnerable in the
> default configuration, with the firewall (or some other firewall) on,
According to our analysis, this is probably the most comprehensive list:
HP System Management Homepage 2.1.9
HP System Management Homepage 2.1.8
HP System Management Homepage 2.1.7 (TESTED for 2nd, 3rd vector)
HP System Management Homepage 2.1.6
HP System Management Homepage 2.1.5 (TESTED for 2nd, 3rd vector)
HP System Management Homepage 2.1.4
HP System Management Homepage 2.1.3
HP System Management Homepage 2.1.2
Google Notebook is a service where it's possible to "add text, images, and links from web pages without leaving your browser window."
Google Bookmarks is a service where it's possible to save bookmarks.
II. Description:
Three cross site scripting vulnerabilities were identified inside Google Notebook. A remote attacker can make a malformed block notes and invite, through the sharing option inside Google Notebook, other users to see it to obtain their cookie. User interaction is required to exploit all three vulnerabilies.
Browser affected: Firefox 3.
Browser not affected: Internet Explorer 7, Opera 9.5, Safari 3.
One cross site scripting vulnerability was identified inside Google Bookmarks. A remote attacker can make a malformed bookmark inside his account and then share it with other users to obtain their cookie. User interaction is required to exploit this vulnerability.
Reference:
http://forum.intern0t.net/intern0t-advisories/1084-intern0t-flatnux-2009-03-27-cross-site-scripting-vulnerabilities-more.html
Disclosure Information:
- Vulnerabilities found and confirmed between 1st and 3rd June 2009.
- Published at InterN0T the 3rd June 2009.
- Bugtraq contacted the 3rd June 2009.
All of the best,
Accepted Topics/Articles
- ------------------------
* New vulnerability in PHP [1]
(not simple safe_mode, open_basedir bypass vulnerabilities)
* New vulnerability in PHP related software [1]
(popular 3rd party PHP extensions/patches)
* Explain a single topic of PHP application security in detail
(such as guidelines on how to store passwords)
* Explain a complicated vulnerability in/attack against a PHP
widespread application [1]
* Explain a complicated topic of attacking PHP (e.g. explain how to
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor
(Hammer of God)
Sent: Wednesday, September 16, 2009 11:00 AM
To: Eric C. Lukens; bugtraq@securityfocus.com
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
Thanks for the link. The problem here is that not enough information is
given, and what IS given is obviously watered down to the point of being
ineffective.
>> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-
>> disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, September 16, 2009 8:00 AM
>> To: Eric C. Lukens; bugtraq@securityfocus.com
>> Cc: full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>
>> Thanks for the link. The problem here is that not enough information
>> is given, and what IS given is obviously watered down to the point of
>> being ineffective.
>>
Summary:
HTC devices running Windows Mobile 6 and Windows Mobile 6.1 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and write or read arbitrary files, via a ../ in a pathname. This can be leveraged for code execution by writing to a Startup folder.
Description:
There exists a Directory Traversal vulnerability in the OBEX FTP Service in the Bluetooth Stack implemented in HTC devices running Windows Mobile 6 and Windows Mobile 6.1. The OBEX FTP server is located in \Windows\obexfile.dll. Microsoft states this is a 3rd party driver developed by HTC and installed on HTC devices running Windows Mobile, so the vulnerability only affects to this vendor specifically.
A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP or gnomevfs-ls from a Linux box to traverse to parent directories out of the default Bluetooth shared folder by using ../ or ..\\ marks.
The only requirement is that the attacker must have authentication and authorization privileges over Bluetooth. Pairing up with the remote device should be enough to get it; however, more sophisticated attacks, such as sniffing the Bluetooth pairing, linkkey cracking and BD_ADDR address spoofing, can be used in order to avoid this. Devices must have Bluetooth enabled and File Sharing over Bluetooth service active when the attack is performed. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.
1 Vendor Reaction
____________________________________________________
FluxBB reacted on the same day, commiting a fix with credit on April 30th.
MyBB reacted within a day, releasing a fixed version on May 3rd.
Credit was given.
Phorum reacted after the reminder on May 8th. A fix was released on
May 22nd with credit.
Reference:
http://forum.intern0t.net/intern0t-advisories/1083-intern0t-geeklog-1-5-pre-installation-vulnerabilities.html
Disclosure Information:
- Vulnerabilities found and confirmed between 1st and 3rd June 2009.
- Published at InterN0T the 3rd June 2009.
- Bugtraq contacted the 3rd June 2009.
All of the best,
Accepted Topics/Articles
- ------------------------
* New vulnerability in PHP [1]
(not simple safe_mode, open_basedir bypass vulnerabilities)
* New vulnerability in PHP related software [1]
(popular 3rd party PHP extensions/patches)
* Explain a single topic of PHP application security in detail
(such as guidelines on how to store passwords)
* Explain a complicated vulnerability in/attack against a PHP
widespread application [1]
* Explain a complicated topic of attacking PHP (e.g. explain how to
> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-
> disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, September 16, 2009 8:00 AM
> To: Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Thanks for the link. The problem here is that not enough information
> is given, and what IS given is obviously watered down to the point of
> being ineffective.
>
Reference:
http://forum.intern0t.net/intern0t-advisories/1080-intern0t-mozilocms-1-11-1-cross-site-scripting-vulnerability.html
Disclosure Information:
- Vulnerability found and confirmed between 1st and 3rd June 2009.
- Published at InterN0T the 3rd June 2009.
- Bugtraq contacted the 3rd June 2009.
All of the best,
install. There are also further checks and reminders about this built
into Geeklog.
>Disclosure Information:
>- Vulnerabilities found and confirmed between 1st and 3rd June 2009.
>- Published at InterN0T the 3rd June 2009.
>- Bugtraq contacted the 3rd June 2009.
A "Vender contacted" somewhere in between there would have been nice. We
do take security very seriously and we do give proper credits.
Next Page>>
|
