 Full Disclosure Mailing List
An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.
List Archives
Latest Posts
Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.
Michael Holstein (Nov 20)
Vladis .. not sure about that school since it was K12, but in both your
case and mine .. we *are* the ISP (insofar as we have our own ASN and
valid info on whois).
If K12 is done there like I've seen in a lot of other places, they
probably have a consortium that provides connectivity and each
institution has a CIDR block within the consortium's AS .. and I'm sure
the school had some web-nazi appliance that made it a few-clicks of a
mouse...
VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
VMware Security Team (Nov 20)
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---...
Pussy and the right to free speech.
yuri . nate (Nov 20)
This whole thing is ridiculous. Kurt Greenbaum is an idiot. What
kind of question is that in the first place? Only and idiot would
post “what’s the strangest thing you’ve ever eaten” and not expect
some obvious remarks. And what’s wrong with pussy? Eating pussy
is good! I LOVE eating pussy! All they guys I know, along with
several women I know love to eat pussy. I eat pussy. You eat
pussy. Everyone eats pussy. That’s...
Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.
Valdis . Kletnieks (Nov 20)
On Fri, 20 Nov 2009 01:42:08 +0100, netinfinity said:
Unfortunately, that's exactly what *did* happen. Although for *home*
users, the 'ISP' is the person to complain to, for organizations that run
their own networks (like many businesses and schools, etc) the proper place
to complain is the network management of that organization. He contacted
the admins of the school's network, and said "One of your users is being
a bozo". The...
PHP "multipart/form-data" denial of service
Bogdan Calin (Nov 20)
Description
------------
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).
When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from...
n3td3v / Andrew Wallace's psychological profile
Sam Haldorf (Nov 19)
Earlier this year, a very well educated FD member posted the psychological profile of Mr. Wallace. (Found here:
http://seclists.org/fulldisclosure/2009/Jan/415 ) Interesting to view in retrospect, because I find it depicts him to a
T.
This profile is almost like an instruction set for n3td3v's life. A self-fulfilling prophecy if you will.
An eery example: Anyone here remember how n3td3v posted as full-censorship a few months ago claiming to...
Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.
Sam Haldorf (Nov 19)
No problem regarding the personal post, I have made the same mistake myself.
I also see what you mean regarding the language of the privacy statement.
"unauthorised use" could be interpreted as any use that has not been given explicit approval before the fact.
Weasel words imho.
And Mr Holstein if this was the point you were trying to make, I accept it.
regards
mrx
dramacrat wrote:
Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.
netinfinity (Nov 19)
Mr. Kurt Greenbaum made a mistake. Privacy violated, because there
are other mechanism's like baninig the IP, email or whatever is
necessary to submit the post. If this fails then you should conntact
the ISP of the "spammer" based on the IP.
SecurityReason: KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arciemowicz (Nov 19)
[ KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- KDELibs 4.3.3
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/74
--- 0.Description ---
KDELibs is a collection of libraries built on top of...
SecurityReason: Opera 10.01 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arciemowicz (Nov 19)
[ Opera 10.01 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- Opera 10.01
- Opera 10.10 Beta
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/73
--- 0.Description ---
Opera is a Web browser and Internet suite...
SecurityReason: K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arciemowicz (Nov 19)
[ K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- K-Meleon 1.5.3
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/72
--- 0.Description ---
K-Meleon is an extremely fast, customizable,...
SecurityReason: SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arciemowicz (Nov 19)
[ SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009
CVE: CVE-2009-0689
Risk: High
Remote: Yes
Affected Software:
- SeaMonkey 1.1.18
Fixed in:
- SeaMonkey 2.0
NOTE: Prior versions may also be affected.
Original URL:
http://securityreason.com/achievement_securityalert/71
--- 0.Description ---
The SeaMonkey project is...
Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.
mrx (Nov 19)
No problem regarding the personal post, I have made the same mistake myself.
I also see what you mean regarding the language of the privacy statement.
"unauthorised use" could be interpreted as any use that has not been given explicit approval before the fact.
Weasel words imho.
And Mr Holstein if this was the point you were trying to make, I accept it.
regards
mrx
dramacrat wrote:
Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.
dramacrat (Nov 19)
They're ORs, unfortunately. The language is unclear but it seems to be one
of those infernal boilerplate pieces of shit that basically invalidate the
assurances as to privacy.
You could still probably press the suit. "Unauthorised use" has recently
been defined and redefined, it's an evolving piece of law and if you have
the resources to get a jury trial they'll *want* to find in favor of the
plaintiff, which is more important than you...
Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.
mrx (Nov 19)
Michael Holstein wrote:
So what? Ban the IP address. Admittedly a childish comment but the site is hardly one that is frequented by children.
imho Mr K. Greenbaum should be fired and sued.
And Mr Holstein you seem to be using your quote above out of context...
Compliance with Legal Process
We may disclose personal information if we or one of our affiliated companies is required by law to disclose personal
information, or if we
believe in good...
More Lists
Dozens of other network security lists are archived at
SecLists.Org.
| 
Intro
Current Month
RSS Feed
About List
All Lists