headers
n3td3v | 8 Oct 05:24

n3td3v group members important notice

Those of you who are members of the n3td3v group take heed of this notice:

--
You cannot view the group's content or participate in the group
because you are not currently a member.  Anyone can join.

Description: a discussion group for security researchers and ethical hackers.

You must be signed in and a member of this group to view its content.
--

Because of this notice, you may experience your RSS / Atom feed no
longer updates, unless you are authenticated with Google.

The reason for this step to reclose the group is because of the following:

n3td3v has reason to believe there is a new enemy forming, a threat
has been made against n3td3v and there is a new enemy.

A security conference has been held according to the threat where
n3td3v was discussed. n3td3v has taken this intelligence very
seriously, and is coordinating efforts to find out who made the threat
towards n3td3v.

In order to get a bigger picture of those reading the n3td3v group,
the Google group has been shuttered for non-subscribed members. This
allows me to gather a better intelligence picture and numbers of folks
interested in n3td3v.

They and you may use a random email address to gain access to the
(Continue reading)

Permalink | Reply | 1 comment |
headers
n3td3v | 8 Oct 03:17

Re: Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous

On Tue, Oct 7, 2008 at 10:02 PM, mark seiden <mis <at> yahoo-inc.com> wrote:
>
> On Oct 7, 2008, at 11:48 AM, n3td3v wrote:
>>
>>
>> I don't want to read/listen to anything by people who threaten people
>> with violence on mailing lists or on irc channels.
>>
>
>
>
> if only you stopped talking to them also on mailing lists that would be a
> major contribution
> to world peace.
>

mark,

bring me the name of the person who threatened me, i know you have
contacts in the intelligence community who have access to that
information.

all the best,

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tobias Heinlein | 7 Oct 20:10

[ GLSA 200810-01 ] WordNet: Execution of arbitrary code

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200810-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: WordNet: Execution of arbitrary code
      Date: October 07, 2008
      Bugs: #211491
        ID: 200810-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities were found in WordNet, possibly allowing for
the execution of arbitrary code.

Background
==========

WordNet is a large lexical database of English.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
(Continue reading)

Permalink | Reply | 0 comments |
headers
M.B.Jr | 7 Oct 19:27

What Lexical Analysis Became in The Web-Slave New World

What Lexical Analysis Became in The Web-Slave New World

The point here is XSS, but rather than talking about the Internet
weaknesses it exposes, this text goes against the poor algorithms
being used to "detect" and/or avoid it.
Hazardous XSS. Hazardous low-quality-XSS-filtering. These are critical
times for Internet users, undoubtedly. We face negligence‑oriented
services at each new click.

It's a contradiction seeing so many efforts (RFCs) being made and
concomitantly, the only "user-friendly" (oh yeah, that expression)
place offered by the industry to regular end users, remaining the same
application layer, the top of the iceberg.
But regular end users don't know that. Paraphrasing Josh Homme, they
just "go with the flow", victimized by a doctrine that makes them
believe those practices and technologies are the only ones available,
this way forming the new industry‑led slave mass. And it becomes a
severer issue by the moment one realizes this commercially called "Web
2.0" and its risks disclose, more than vulnerabilities, web apps
programming laziness, also known as XP or Agile methodology. Hail,
Kent Beck!
One way or another, a jungle presents itself to users, into the
highest layer and preoccupations rise faster as indolent techniques
are applied to XSS‑filtering.
So, let's discuss it.

You know Google? Well, check this out, there's this Google corporation
stating that their BETA releases represent a new web-based BETA
concept. As if their web apps weren't client-server software.
Two of their free BETA services, Google Calendar and Orkut, are going
(Continue reading)

Permalink | Reply | 0 comments |
headers
Matteo Beccati | 7 Oct 18:57

[OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability

========================================================================
OpenX security advisory                                OPENX-SA-2008-002
------------------------------------------------------------------------
Advisory ID:           OPENX-SA-2008-002
Date:                  2008-Oct-06
Security risk:         Moderately critical
Applications affetced: OpenX
Versions affected:     <= 2.4.8, <= 2.6.1
Versions not affected: >= 2.4.9, >= 2.6.2
========================================================================

========================================================================
Vulnerability:  Blind SQL injection in ac.php
========================================================================

Description
-----------
A blind SQL injection vulnerability has recently been found by
d00m3r4ng. The vulnerability affects the OpenX delivery engine, which
does not require any kind of authentication.

Input passed to the "bannerid" parameter in www/delivery/ac.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution
--------
 - Upgrade to OpenX 2.4.9 or 2.6.2

References
(Continue reading)

Permalink | Reply | 0 comments |
headers
jose achada | 7 Oct 16:24

Report: PC Tools Spyware Doctor v6.0 flaw

Report: PC Tools Spyware Doctor v6.0 flaw
Set 7, 2008

-- Affected Vendors:
PC Tools

-- Affected Products:
Spyware Doctor v6.0

-- Download at:
http://www.pctools.com/mirror/sdasetup.exe

http://rapidshare.com/files/151742881/bd.rar.html
http://rapidshare.com/files/151742881/bd.rar.html?killcode=192850860729954980
Password: forspywaredoctortest

-- Vulnerability Details:
A flaw exists in PC Tools Spyware Doctor while deleting a particular
Backdoor. The mechanism used to clean an infected machine will crash
the machine. (Blue Screen of Death might appear)

-- Step by Step
1) Instaled Windows XP.

2) Created the trojan (with ejection in IE) with the client.

3) Executed the trojan.

6) Instaled PC Tools Firewall Plus 4.0 and made a reboot.
(Continue reading)

Permalink | Reply | 0 comments |
headers
wishi | 7 Oct 18:19

Nameless but interesting podcast

Hi fellows!

Found an interesting podcast, which is quite new:

%%
Adam Shostack, a well-respected voice on privacy and security issues,
joins Dennis Fisher in this episode of the Nameless Security Podcast to
discuss the data breach epidemic, the untimely demise of Zero Knowledge
Systems and his new book, “The New School of Information Security.”
%%

http://securitywireweekly.blogs.techtarget.com/2008/10/03/adam-shostack-on-privacy-data-breaches-and-“the-new-school-of-information-security”/

Found this accidently ;)

Have fun,
wishi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 0 comments |
headers
n3td3v | 7 Oct 14:58

Comments on: D-Day for RFID-based transit card systems

by Elinor Mills October 6, 2008 5:35 PM PDT

Want to ride the subway for free without having to jump the
turnstiles? Well, as of Monday, you'll be able to do that by making a
fake transit card.

http://news.cnet.com/8301-1009_3-10059605-83.html

by n3td3v October 6, 2008 6:44 PM PDT

Can Cnet News please do a Youtube video showing one of their
journalists getting a free ride, to prove it works?

by elinormills October 6, 2008 7:41 PM PDT

Great idea! We'll try to do that.
Elinor

http://news.cnet.com/8601-1009_3-10059605.html?communityId=2114&targetCommunityId=2114&blogId=83&tag=mncol;tback#5014907

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Permalink | Reply | 3 comments |
headers
Thijs Kinkhorst | 7 Oct 08:51

[SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities


------------------------------------------------------------------------
Debian Security Advisory DSA-1647-1                  security <at> debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
October 07, 2008                      http://www.debian.org/security/faq
------------------------------------------------------------------------

Package        : php5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-3658 CVE-2008-3659 CVE-2008-3660
Debian Bug     : 499987 499988 499989

Several vulnerabilities have been discovered in PHP, a server-side,
HTML-embedded scripting language. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2008-3658

    Buffer overflow in the imageloadfont function allows a denial
    of service or code execution through a crafted font file.

CVE-2008-3659

    Buffer overflow in the memnstr function allows a denial of
    service  or code execution via a crafted delimiter parameter
    to the explode function.

CVE-2008-3660
(Continue reading)

Permalink | Reply | 0 comments |
headers
Devin Carraway | 7 Oct 08:09

[SECURITY] [DSA-1646-1] New squid packages fix array bounds check


------------------------------------------------------------------------
Debian Security Advisory DSA-1646-1                  security <at> debian.org
http://www.debian.org/security/                           Devin Carraway
October 07, 2008                      http://www.debian.org/security/faq
------------------------------------------------------------------------

Package        : squid
Vulnerability  : array bounds check
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-1612

A weakness has been discovered in squid, a caching proxy server.  The
flaw was introduced upstream in response to CVE-2007-6239, and
announced by Debian in DSA-1482-1.  The flaw involves an
over-aggressive bounds check on an array resize, and could be
exploited by an authorized client to induce a denial of service
condition against squid.

For the stable distribution (etch), these problems have been fixed in
version 2.6.5-6etch2.

We recommend that you upgrade your squid packages.

Upgrade instructions
--------------------

wget url
        will fetch the file for you
(Continue reading)

Permalink | Reply | 0 comments |
headers
n3td3v | 6 Oct 20:20

Fwd: Security Flaw in Mifare Classic

---------- Forwarded message ----------
From: n3td3v <xploitable <at> gmail.com>
Date: Mon, Oct 6, 2008 at 7:08 PM
Subject: Security Flaw in Mifare Classic
To: n3td3v <n3td3v <at> googlegroups.com>

On March 7, 2008, research by the Digital Security group has revealed
a security vulnerability in Mifare Classic RFID chips, the most
commonly used type of RFID chip worldwide, that affects many
applications using Mifare Classic.

We have demonstrated that the proprietary CRYPTO1 encryption algorithm
used on these cards allows the (48 bit) cryptographic keys to be
relatively easily retrieved. Especially for RFID applications where
the same common shared key is used on all RFID cards and card readers,
which may be the case for instance in access control to buildings,
this constitutes a serious risk.

This attack recovers the secret key from the MIFARE reader. To mount
the attack we first need to gather a tiny amount of data from a
genuine reader. With this data we can compute, off-line, the secret
key within a second. There is no precomputation required, and only a
small amount of RAM. Moreover, when one has an intercepted a "trace"
of the communication between a card and a reader, we can compute all
the cryptographic keys from this single trace, and decrypt it. We have
implemented and executed these attack in practice, and managed to
recover the secret keys.

The movie on the right shows a demonstration of the attack on the
access control system for our university building.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane