Next Page >>
full disclosure
Timeline:
***********
April 30th 2009: Contacted Vendor
April 30th 2009: Vendor reaction
April 30th 2009: Vendor commits fix
May 28th 2009: Full Disclosure
References:
***********
http://www.h-online.com/security/Risky-MIME-sniffing-in-Internet-Explorer--/features/112589
>>>
>>> -----Original Message-----
>>> From: Larry Seltzer [mailto:larry@larryseltzer.com] Sent: Wednesday,
>>> September 16, 2009 5:03 PM
>>> To: Susan Bradley; Thor (Hammer of God)
>>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>>> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>>
>>> Yes, they used the bulletin to soft-pedal the description, but at the
>>> same time I think they send a message about XP users being on shaky
>>> ground. Just because they've got 4+ years of Extended Support Period
>
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
> same time I think they send a message about XP users being on shaky
> ground. Just because they've got 4+ years of Extended Support Period
>
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 5:03 PM
> To: Susan Bradley; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> Yes, they used the bulletin to soft-pedal the description, but at the
> same time I think they send a message about XP users being on shaky
> ground. Just because they've got 4+ years of Extended Support Period
-----Original Message-----
From: Larry Seltzer [mailto:larry@larryseltzer.com]
Sent: Wednesday, September 16, 2009 5:03 PM
To: Susan Bradley; Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
Yes, they used the bulletin to soft-pedal the description, but at the
same time I think they send a message about XP users being on shaky
ground. Just because they've got 4+ years of Extended Support Period
larry_seltzer@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Susan
Bradley
Sent: Wednesday, September 16, 2009 2:26 PM
To: Thor (Hammer of God)
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Thursday, June 02, 2011 6:00 PM
> To: security@acrossecurity.com; 'Dan Kaminsky'
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] COM Server-Based Binary
> Planting ProofOfConcept
>
> But it *is* worth mentioning that you have to create the
> malicious dll file, copy it to the system, create folders
>
>> -----Original Message-----
>> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
>> Sent: Thursday, June 02, 2011 6:00 PM
>> To: security@acrossecurity.com; 'Dan Kaminsky'
>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>> Subject: RE: [Full-disclosure] COM Server-Based Binary
>> Planting ProofOfConcept
>>
>> But it *is* worth mentioning that you have to create the
>> malicious dll file, copy it to the system, create folders
>>
>>> -----Original Message-----
>>> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
>>> Sent: Thursday, June 02, 2011 6:00 PM
>>> To: security@acrossecurity.com; 'Dan Kaminsky'
>>> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
>>> Subject: RE: [Full-disclosure] COM Server-Based Binary
>>> Planting ProofOfConcept
>>>
>>> But it *is* worth mentioning that you have to create the
>>> malicious dll file, copy it to the system, create folders
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Thursday, June 02, 2011 6:00 PM
> To: security@acrossecurity.com; 'Dan Kaminsky'
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: RE: [Full-disclosure] COM Server-Based Binary
> Planting ProofOfConcept
>
> But it *is* worth mentioning that you have to create the
> malicious dll file, copy it to the system, create folders
But it *is* worth mentioning that you have to create the malicious dll file, copy it to the system, create folders etc, and all the other mumbo jumbo to "exploit" this in the "default configuration." So, the answer to Dan's question is actually, "no, you can't." Which brings into question the actual "worth" of mentioning this in the first place. :)
t
> -----Original Message-----
> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-
> bounces@lists.grok.org.uk] On Behalf Of ACROS Security Lists
> Sent: Thursday, June 02, 2011 8:42 AM
> To: 'Dan Kaminsky'; security@acrossecurity.com
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: Re: [Full-disclosure] COM Server-Based Binary Planting Proof
\\66.93.68.6\z as the name of the imported DLL, the Windows
loader will try to download the DLL file from our web server.
See http://www.phreedom.org/solar/code/tinype/.
> From: full-disclosure-bounces@lists.grok.org.uk
> [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of adam
> Sent: Thursday, September 15, 2011 3:27 PM
> To: security@acrossecurity.com
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
> Subject: Re: [Full-disclosure] Microsoft's Binary Planting Clean-Up Mission
This tool can be used, in example, to search for similar "crapwares" or to search for similar image files (not similar looking, but similar files), similar office documents, etc...
--- El mar, 5/1/10, T Biehn <tbiehn@gmail.com> escribi:
> De: T Biehn <tbiehn@gmail.com>
> Asunto: Re: [Full-disclosure] [Tool] DeepToad 1.1.0
> Para: "Dan Kaminsky" <dan@doxpara.com>
> CC: "Joxean Koret" <joxeankoret@yahoo.es>, "Full Disclosure" <full-disclosure@lists.grok.org.uk>, bugtraq@securityfocus.com
> Fecha: martes, 5 de enero, 2010 15:56
> I can see what you're saying, it
> could be useful for finding
> -----Original Message-----
> From: Larry Seltzer [mailto:larry@larryseltzer.com]
> Sent: Wednesday, September 16, 2009 8:21 AM
> To: Thor (Hammer of God); Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: RE: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> I agree that the FAQ explanation in the advisory is vague about what
> protection the firewall provides. One clue I would infer about it is
> that they rated this a "Low" threat. If it were vulnerable in the
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
> Sent: Wednesday, September 16, 2009 10:16 AM
> To: Thor (Hammer of God)
> Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>
> It's XP. Running in RDP mode. It's got IE6, and wants antivirus. Of
> course it's vulnerable to any and all gobs of stuff out there. But
> it's
>
>> -----Original Message-----
>> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
>> Sent: Wednesday, September 16, 2009 10:16 AM
>> To: Thor (Hammer of God)
>> Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
>>
>> It's XP. Running in RDP mode. It's got IE6, and wants antivirus. Of
>> course it's vulnerable to any and all gobs of stuff out there. But
>> it's
physical access as you can just take the drive out, boot from CD, etc...
t
> -----Original Message-----
> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-
> disclosure-bounces@lists.grok.org.uk] On Behalf Of Larry Seltzer
> Sent: Friday, March 07, 2008 11:51 AM
> To: Bugtraq; Full Disclosure
> Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista
>
Glenn Everhart
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk]On Behalf Of Larry
Seltzer
Sent: Thursday, March 06, 2008 3:36 PM
To: Tim
Cc: Full Disclosure; Bugtraq
Ryan Sears
----- Original Message -----
From: "dan j rosenberg" <dan.j.rosenberg@gmail.com>
To: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming@simplicitymedialtd.co.uk>, full-disclosure-bounces@lists.grok.org.uk, "Ariel Biener" <ariel@post.tau.ac.il>
Cc: "leandro lista" <leandro_lista@portari.com.br>, firebits@backtrack.com.br, bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Sent: Monday, December 13, 2010 4:08:05 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Please don't inundate me with e-mail because none of you bothered to read the exploit header.
>
> t
>
>
>> -----Original Message-----
>> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-
>> disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
>> Sent: Wednesday, September 16, 2009 8:00 AM
>> To: Eric C. Lukens; bugtraq@securityfocus.com
>> Cc: full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
larry_seltzer@ziffdavis.com
http://blogs.pcmag.com/securitywatch/
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor
(Hammer of God)
Sent: Wednesday, September 16, 2009 11:00 AM
To: Eric C. Lukens; bugtraq@securityfocus.com
Cc: full-disclosure@lists.grok.org.uk
I get the whole "XP code to too old to care" bit, but it seems odd to take that "old code" and re-market it around compatibility and re-distribute it with free downloads for Win7 while saying "we won't patch old code."
t
> -----Original Message-----
> From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-
> disclosure-bounces@lists.grok.org.uk] On Behalf Of Thor (Hammer of God)
> Sent: Wednesday, September 16, 2009 8:00 AM
> To: Eric C. Lukens; bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] 3rd party patch for XP for MS09-048?
-----Original Message-----
From: kattrap@gmail.com [mailto:kattrap@gmail.com] On Behalf Of Andrea Lee
Sent: Monday, December 13, 2010 2:12 PM
To: Thor (Hammer of God)
Cc: George Carlson; bugtraq@securityfocus.com;
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
as Cached Domain Admin Accounts (2010-M$-002)
I hope I'm not just feeding the troll...
The suggested solution is to not expose sensitive information (full paths) and
un-escaped user input in comments.
Vendor should also publish an e-mail address or other way to contact them with
such issues so that full-disclosure can be avoided before vendor notification.
Ongoing research into other products Woltlab GmbH produces is pending. Future
vulnerabilities will be posted to full disclosure as they are found unless the
vendor wishes to provide such contact info publicly.
> -----Original Message-----
> From: kattrap@gmail.com [mailto:kattrap@gmail.com] On Behalf Of Andrea Lee
> Sent: Monday, December 13, 2010 2:12 PM
> To: Thor (Hammer of God)
> Cc: George Carlson; bugtraq@securityfocus.com;
> full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching
> Allows Local Workstation Admins to Temporarily Escalate Privileges and Login
> as Cached Domain Admin Accounts (2010-M$-002)
>
> I hope I'm not just feeding the troll...
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of The
Security Community
Sent: Wednesday, December 12, 2007 3:32 PM
To: bugtraq@securityfocus.com; Full-Disclosure
Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass
Cheers,
Mitja
> -----Original Message-----
> From: full-disclosure-bounces@lists.grok.org.uk
> [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf
> Of Thor (Hammer of God)
> Sent: Thursday, September 15, 2011 10:59 PM
> To: security@acrossecurity.com; 'ChristianSciberras'
> Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Regards,
Ryan Sears
----- Original Message -----
From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming@simplicitymedialtd.co.uk>
To: "Dan Rosenberg" <dan.j.rosenberg@gmail.com>
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Sent: Tuesday, December 7, 2010 4:06:44 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Anyone tested this in sandbox yet?
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Thursday, September 15, 2011 6:11 PM
> To: security@acrossecurity.com; bugtraq@securityfocus.com;
> full-disclosure@lists.grok.org.uk; cert@cert.org; si-cert@arnes.si
> Subject: RE: [Full-disclosure] Microsoft's Binary Planting
> Clean-Up Mission
>
> From your blog:
>
>From: kattrap@gmail.com [mailto:kattrap@gmail.com] On Behalf Of Andrea
>Lee
>Sent: Monday, December 13, 2010 9:12 AM
>To: Thor (Hammer of God)
>Cc: George Carlson; bugtraq@securityfocus.com; full-
>disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows
>Local Workstation Admins to Temporarily Escalate Privileges and Login as
>Cached Domain Admin Accounts (2010-M$-002)
>
>I hope I'm not just feeding the troll...
Next Page>>
|
