An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.

List Archives

Latest Posts

Re: Hash Fionnbharr (Nov 08)
ahahahahaha <3

You seem to open your mouth fine without finding kernel remotes, must
be practise from all those dicks you put in it.

2009/11/9 Pete Licoln <pete.licoln () gmail com>:

Re: Hash Pete Licoln (Nov 08)
Just find a remote kernel on vista or seven (not an XSS bitch, just a
kernel remote)
Then you'll be able to open your big cunt ass fuck mouth .
Fuck your e-diner, "sympathy",redneck face
You're a fool, go suck a lemon bitch.

[ MDVSA-2009:295 ] apache security (Nov 08)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:295
http://www.mandriva.com/security/
_______________________________________________________________________

Package : apache
Date : November 8, 2009
Affected: 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0...

[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution Moritz Muehlenhoff (Nov 08)
------------------------------------------------------------------------
Debian Security Advisory DSA-1932-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
November 08, 2009 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : pidgin
Vulnerability : programming error
Problem type :...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 08)
--On November 7, 2009 4:06:42 PM -0600 mikelitoris () hushmail com wrote:

Sure. I agree with that. I think it's also important that law
enforcement activities have much more stringent requirements than military
intelligence has. The former is directed toward citizens, the latter
toward enemies the military has to deal with.

Of course. I've never said they didn't. In fact I've stated that people
in government have the same range of...

[SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities Moritz Muehlenhoff (Nov 08)
------------------------------------------------------------------------
Debian Security Advisory DSA-1931-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
November 08, 2009 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : nspr
Vulnerability : several
Problem type : local(remote)...

Re: How to receive SPAM mail dramacrat (Nov 07)
If you want to be spammed, join full-disclosure.

2009/11/7 Michael Holstein <michael.holstein () csuohio edu>

Re: How Prosecutors Wiretap Wall Street mikelitoris (Nov 07)
if a US citizen is involved, should not require a warrant.

This is all well and good, until the definition of terrorist is
changed and you become labeled a "terrorist" because your "reason"
is suddenly counterproductive to someone else's "opinion". You
must apply the warrant requirement consistently. Otherwise, when
interpretation of the word "terrorist" changes, it affects the
meaning of the law....

[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities Steffen Joeris (Nov 07)
------------------------------------------------------------------------
Debian Security Advisory DSA-1930-1 security () debian org
http://www.debian.org/security/ Steffen Joeris
November 07, 2009 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : drupal6
Vulnerability : several...

Linux 2.6.x fs/pipe.c local root exploit (CVE-2009-3547) Edward D. Teach (Nov 07)
For those who were not yet aware, there is at least 3 public exploits
since 11/05/2009 for CVE-2009-3547 targeting *all* linux kernels from
2.6.0 to 2.6.31 included. Since spender and fotis have already release
their own, there is not need for us to keep this on our hd.
ImpelDown.c is a poc trying to exploit null ptr dereference in fs/pipe.c
for *all* linux kernel from 2.6.0 to 2.6.31 and ImpelDown-2.6.31only.c
target only linux kernel version...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 07)
--On November 7, 2009 11:24:55 AM -0600 Valdis.Kletnieks () vt edu wrote:

No, actually I don't. I just did a lousy job of wording it.

That's only true if they can get the paperwork done and obtain the warrant
within 72 hours. Otherwise, at the 72 hour mark all monitoring must
cease. And guess who knows that? We don't exactly keep our operational
strictures secret, you know. And to think that terrorists aren't aware of
the rules within...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 07)
--On November 7, 2009 11:20:31 AM -0600 Rohit Patnaik
<quanticle () gmail com> wrote:

Why? If they were pursuing criminal charges against you, then, by all
means, they should have to comply with all the strictures that protect our
rights. But to gather intelligence about what terrorists are up to, even
if a US citizen is involved, should not require a warrant.

Intelligence works best in a world of secrecy. The more people that are...

Re: How Prosecutors Wiretap Wall Street Valdis . Kletnieks (Nov 07)
On Fri, 06 Nov 2009 23:42:45 CST, Paul Schmehl said:

Actually Paul, you have that bass-ackwards, and it's important.

They are allowed to start wiretapping immediately, and then have 72 hours
*after they already started listening* to find a FISA court judge and
do the paperwork. So yes, the terrorists don't wait for a warrant, and
the NSA doesn't need to wait either.

So let's see.. You're the NSA. You develop a person of interest. You start...

Re: How Prosecutors Wiretap Wall Street Rohit Patnaik (Nov 07)
The direction of the association doesn't matter. It doesn't matter if the
"terrorist" is contacting me, or if I'm contacting the terrorist. In either
case, the US government should get a warrant before they spy on me. Also,
this executive opinion doesn't just apply to the CIA and the NSA. It
applies to the entire executive branch, including law enforcement.

Secondly, we seem to have a general disagreement about the intent of the...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 06)
--On November 6, 2009 10:10:56 PM -0600 Rohit Patnaik
<quanticle () gmail com> wrote:

First of all, the NSA and CIA don't pursue criminal cases against US
persons. That's the job of law enforcement. The NSA is a military
agency. Their job is to protect the US against its enemies by providing
the military with intelligence that helps in planning and the conduct of
operations. The CIA is a civilian agency tasked with the job of...

More Lists

Dozens of other network security lists are archived at SecLists.Org.