Next Page >>
feel free
by its unusual freedom and spirit. HES is a 100% non profit conference,
mainly supported by the /tmp/lab Parisian hackerspace and generous
sponsors (who in exchange for their sponsoring, don't get their say
on any of the organisation, format or content of the conference :).
If you are unsure of wether you'll like it, feel free to have a look
at the content of previous editions. Talks included topics such as
SS7 phone networks hacking, satellites take overs via x25, kernel land
exploits against grsecurity hardened kernels, or the pwnie awards
winner Tarjei Mandt for his first presentation on this topic (note
to Dave Aitel: yeah man, face it, it was first seen at HES !!) and
The HITB crew have put slides of our conference on their web site:
http://conference.hitb.org/hitbsecconf2010ams/materials/D1T1%20-%20Laurent%20Oudot%20-%20Web%20in%20the%20Middle.pdf
If you want to get more details & technical secrets from
TEHTRI-Security, feel free to join us "in real life" during our next
trainings sessions & talks, or feel free to contact us for specific
needs. We have public events planned next months (Asia, Europe).
Check-out our public agenda here:
http://www.tehtri-security.com/en/agenda.php
> > > We published a remote/local proof of concept for the COM
> > Server-Based
> > > Binary Planting exploit presented at the Hack in the Box
> > conference in Amsterdam.
> > >
> > > Feel free to try it out online if WebDAV works through your
> > firewall,
> > > or download it and test it in your local network or simply
> > on your computer.
> > >
> > >
Final Submission for Accepted Presentation Material (Speakers) – 8th May
2009.
*OTHER INFORMATION *
Please feel free to visit SyScan website to get a feel what this
conference is all about – SHARE AND HAVE FUN!
By agreeing to speak at the SyScan'09 you are granting Syscan Pte. Ltd.
the rights to reproduce, distribute, advertise and show your
presentation including but not limited to http://www.syscan.org, printed
> In my eyes this is definitely a security issue. But I cannot imagine a
> way to exploit this issue at the moment. First you have to find a suid
> binary which fork()'s. Next thing is that you need access to that
> binary. And then? If both conditions are really met, what's next? The
> possibilities are depending a little bit on the suid binary, am I right?
> Please feel free to correct me if I am wrong.
You do not need suid that forks, you do the fork then child execves victim
suid which then setuids and your parent execves another suid that exits or
dies and thus the parent process death signal gets delivered to victim
suid. It's all in my advisory.
* Updated for FreeBSD 5.x, added alternate hash types, added optional
* relaxed pattern matching - 2005/04/21.
*
* This program is meant to be used in controlled environments only.
* If found in the wild, please return to ... wait, this is public now,
* and this program is hereby placed in the public domain. Feel free to
* reuse parts of the source code, etc.
*
* Password hashes will be dumped to stdout as they're being obtained.
* There may be duplicates.
*
presented at the conference and make it available to the public under
a Creative Commons license.
Unfortunately, PlumberCon will not be able to cover travel expenses.
However, if you're coming in from out of state and are looking for a
place to stay during the conference weekend, feel free to get in touch.
P.S.: Our apologies in case you received this message multiple times
through different channels.
Notification of Acceptance – 16th July 2010.
Final Submission for Accepted Presentation Material – 3rd September 2010.
*OTHER INFORMATION *
Please feel free to visit SyScan website to get a feel what this
conference is all about – SHARE AND HAVE FUN!
By agreeing to speak at the SyScan'10 you are granting Syscan Pte. Ltd.
the rights to reproduce, distribute, advertise and show your
presentation including but not limited to http://www.syscan.org, printed
During my (in)security research, I've discovered what appears initially to be
a design oversight and not necessarily a vulnerability, affecting ZoneAlarm
and various other security vendors. I've tested this on various XP platforms
successfully, please feel free to notify the vendor as you wish and/or to
publish whatever you feel appropriate under the circumstances.
NOTE:
Certain vendors (including ZoneAlarm) implement self-defence/self-protection
> global uptake in the financial sector. Trusteer also seems
> quite adamant that their software is bullet-proof, their
> website pretty much sums it up. However, on having a closer
> look and some tinkering, I discovered a complete no brainer
> vector for circumventing Trusteer's security. I've tested
> this on various XP platforms successfuly, please feel free to
> notify the vendor as you wish and/or to publish whatever you
> feel appropriate under the circumstances.
>
>
> http://www.trusteer.com/solutions
Please find attached the Call for Papers for EC2ND 2010,
the sixth European Conference on Computer Network Defense,
which will be held in Berlin, Germany, October 28-29, 2010.
Please feel free to distribute this announcement. We apologize
if you receive multiple copies of this message.
Best Regards,
The EC2ND 2010 Organization Committee
/******************************************************************************/
/* */
/* nhrp-dos - Copyright by Martin Kluge, <mk@elxsi.de> */
/* */
/* Feel free to modify this code as you like, as long as you include the */
/* above copyright statement. */
/* */
/* Please use this code only to check your OWN cisco routers. */
/* */
/* Cisco bug ID: CSCin95836 */
'practical security'. Thanks to Eleytt Inside-Out Program you
will see that your security is seriously improved and you don't
waste your money.
Feel free to contact us:
business <at> eleytt <dot> com
Embedded Devices
Industrial Networking
Security in Carrier Environments
Secure Coding
If you think your talk could be appropriate for the "Defend Track" feel free to apply for that one. Be aware the audience will be different from the one you have at - say - CCC (and we've very few speaker slots left there, too). Of course you can apply for a sole late-night talk as well. Note that - given the attractiveness of Munich's night life - you might have a very small audience there.
Obviously heavy vendor-pitching will not be welcomed warmly and we reserve the right to ask for modifications of confirmed talks if we have the impression there's too much of that in a talk. If you have to offer another "Web 2.0 cross browser unicode overflow" talk you may submit it. However chances will be bigger if you have some more innovative stuff to talk about...
CFP submissions must include the following information:
FYI, this document is heavily based on the document "Security
Assessment of the Internet Protocol" that I wrote for CPNI a couple of
years ago, and that is available at:
http://www.cpni.gov.uk/Docs/InternetProtocol.pdf
Any comments will be more than welcome! -- feel free to post them
here, or send them unicast to me at: fernando@gont.com.ar
Thanks!
Kind regards,
and for this issue, we have interviewed two well known experts from
France for their thoughts on the state of computer security.
Finally, we are always looking for feedback from our readers. It's very
important for us to know how we can improve in terms of content and
design. Please feel free to drop us an email if you have some
constructive feedback or ideas that will help us to raise the bar even
higher.
See you in the summer (Issue 003 will be released at HITBSecConf2010 -
Amsterdam)
> security testing tool at http://www.ismymailsecure.com. [ ... ]
> If you have any concerns about having to enter a full email address,
> please be advised that this address is never stored anywhere. The only
> reason that the site asks for an email address rather than a domain is
> that it makes it easier for end-users to enter the correct information.
> Feel free to enter anything you like as the left hand part of the
> address, as it will be immediately stripped off by the tool anyway.
Your tool doesn't implement RFC-822 (2822/3696) address-checking properly; it returns:
"cswiger+test@mac.com is an invalid email address"
Hi,
Trusteer is an innovative software to combat fraud, thus it's global uptake in the financial sector. Trusteer also seems quite adamant that their software is bullet-proof, their website pretty much sums it up. However, on having a closer look and some tinkering, I discovered a complete no brainer vector for circumventing Trusteer's security. I've tested this on various XP platforms successfuly, please feel free to notify the vendor as you wish and/or to publish whatever you feel appropriate under the circumstances.
http://www.trusteer.com/solutions
http://www.trusteer.com/product-0
http://www.trusteer.com/product/technology
Trusteer Rapport locks down your browser once you connect to a sensitive website such as your bank. Any malicious software that tries to ride on the browser is left out of the locked down browser, and cannot access your sensitive information and transactions. Rapport also locks down communication between your browser and the bank, preventing any network-based attack from diverting traffic to fraudulent locations.
Presentation proposals will be reviewed by members of The Shmoo
Group. A list of the reviewers will be posted on the ShmooCon 2008
web site.
If you feel you have a presentation that would be appropriate but
that does not meet these guidelines, feel free to submit it anyway
but be sure to include information explaining your reasoning so we
can better evaluate your proposal.
All questions regarding this call for papers should be addressed to
cfp@shmoocon.org. Feel free to contact us if you have an idea for a
The aforementioned I-D is available at:
<http://tools.ietf.org/id/draft-gont-6man-stable-privacy-addresses-00.txt>.
Any feedback will be really appreciated.
P.S.: Also, feel free to discuss the I-D on the ipv6hackers mailing-list
<http://lists.si6networks.com/listinfo/ipv6hackers/>
Thanks!
Best regards,
> opening files in that directory too, but if you let others to traverse
> that directory and open your believed to be secure files from the origin,
> it's your fault.
I can do the example with fd passing and 700 directory, but it would
be lot of C code. Feel free to play, my example was not nearly the
only way to demonstrate it, and no, it was not racy.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Final Submission for Accepted Presentation Material (Speakers) – 8th May
2009.
*OTHER INFORMATION *
Please feel free to visit SyScan website to get a feel what this
conference is all about – SHARE AND HAVE FUN!
By agreeing to speak at the SyScan'09 you are granting Syscan Pte. Ltd.
the rights to reproduce, distribute, advertise and show your
presentation including but not limited to http://www.syscan.org, printed
>>> that directory and open your believed to be secure files from the
>>> origin,
>>> it's your fault.
>>
>> I can do the example with fd passing and 700 directory, but it would
>> be lot of C code. Feel free to play, my example was not nearly the
>> only way to demonstrate it, and no, it was not racy.
>
> Here is an example that shows the behavior where a passed read-only fd
> can become read-write by reopening it through /proc, when file
> permissions allow it (but directory permissions do not):
*IMPORTANT DATES *
Final CFT Submission – 28th February 2010.
*OTHER INFORMATION *
Please feel free to visit SyScan website to get a feel what this conference is all about – SHARE AND HAVE FUN!
By agreeing to speak at the SyScan'09 you are granting Syscan Pte. Ltd. the rights to reproduce, distribute, advertise and show your presentation including but not limited to http://www.syscan.org, printed and/or electronic advertisements, and all other mediums.
--
Thank you
> > > > We published a remote/local proof of concept for the COM
> > > Server-Based
> > > > Binary Planting exploit presented at the Hack in the Box
> > > conference in Amsterdam.
> > > >
> > > > Feel free to try it out online if WebDAV works through your
> > > firewall,
> > > > or download it and test it in your local network or simply
> > > on your computer.
> > > >
> > > >
as to no overload the SMTP servers with lots of pointless connections.
If you have any concerns about having to enter a full email address,
please be advised that this address is never stored anywhere. The only
reason that the site asks for an email address rather than a domain is
that it makes it easier for end-users to enter the correct information.
Feel free to enter anything you like as the left hand part of the
address, as it will be immediately stripped off by the tool anyway.
Future plans for the tool include additional checks like supported
ciphers and also an option to check IMAP and POP3 servers for security
as well.
Final Submission for Accepted Presentation Material (Speakers) – 15th
June 2008
*OTHER INFORMATION*
Please feel free to visit SyScan website to get a feel what this
conference is all about – SHARE AND HAVE FUN!
By agreeing to speak at the SyScan'07 you are granting SyScan Pte. Ltd.
the rights to reproduce, distribute, advertise and show your
presentation including but not limited to http://www.syscan.org, printed
that is presented at the conference if not otherwise agreed upon, and
make it available to the public under a Creative Commons license.
Unfortunately, B-Sides Vienna | NinjaCon will not be able to cover
travel expenses. However, if you're coming in from out of state and are
looking for a place to stay during the conference weekend, feel free to
get in touch.
P.S.: Our apologies in case you received this message multiple times
through different channels.
2008-06-23
This is the first version of RSGallery2 that runs in Joomla 1.5 native mode.
Special thanks goes to all the translators providing the updated language
files and the testers of the nightly builds.
Download it and enjoy. Feel free to report any bugs or problems in the forum
at the RSGallery2 main web site
Vendor notified:
I tried. Not very hard though. joomlacode doesn't seem to have a security
contact and links to joomla.org as if they are the same crowd. I'm sending
In my eyes this is definitely a security issue. But I cannot imagine a way to exploit this issue at the moment. First you have to find a suid binary which fork()'s. Next thing is that you need access to that binary. And then? If both conditions are really met, what's next? The possibilities are depending a little bit on the suid binary, am I right?
Please feel free to correct me if I am wrong.
best regards,
x82
Next Page>>
|
