Full Disclosure

Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

Fri, 20 Nov 2009 21:39:07 GMT

Posted by Michael Holstein on Nov 20

Vladis .. not sure about that school since it was K12, but in both your
case and mine .. we *are* the ISP (insofar as we have our own ASN and
valid info on whois).

If K12 is done there like I've seen in a lot of other places, they
probably have a consortium that provides connectivity and each
institution has a CIDR block within the consortium's AS .. and I'm sure
the school had some web-nazi appliance that made it a few-clicks of a
mouse...

VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Fri, 20 Nov 2009 20:57:09 GMT

Posted by VMware Security Team on Nov 20

-----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2009-0016
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---...

Pussy and the right to free speech.

Fri, 20 Nov 2009 19:55:49 GMT

Posted by yuri . nate on Nov 20

This whole thing is ridiculous. Kurt Greenbaum is an idiot. What
kind of question is that in the first place? Only and idiot would
post “what’s the strangest thing you’ve ever eaten” and not expect
some obvious remarks. And what’s wrong with pussy? Eating pussy
is good! I LOVE eating pussy! All they guys I know, along with
several women I know love to eat pussy. I eat pussy. You eat
pussy. Everyone eats pussy. That’s...

Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

Fri, 20 Nov 2009 14:11:40 GMT

Posted by Valdis . Kletnieks on Nov 20

On Fri, 20 Nov 2009 01:42:08 +0100, netinfinity said:

Unfortunately, that's exactly what *did* happen. Although for *home*
users, the 'ISP' is the person to complain to, for organizations that run
their own networks (like many businesses and schools, etc) the proper place
to complain is the network management of that organization. He contacted
the admins of the school's network, and said "One of your users is being
a bozo". The...

PHP "multipart/form-data" denial of service

Fri, 20 Nov 2009 12:10:45 GMT

Posted by Bogdan Calin on Nov 20

Description
------------
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).

When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from...

n3td3v / Andrew Wallace's psychological profile

Fri, 20 Nov 2009 03:47:50 GMT

Posted by Sam Haldorf on Nov 19

Earlier this year, a very well educated FD member posted the psychological profile of Mr. Wallace. (Found here:
http://seclists.org/fulldisclosure/2009/Jan/415 ) Interesting to view in retrospect, because I find it depicts him to a
T.

This profile is almost like an instruction set for n3td3v's life. A self-fulfilling prophecy if you will.

An eery example: Anyone here remember how n3td3v posted as full-censorship a few months ago claiming to...

Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

Fri, 20 Nov 2009 02:32:53 GMT

Posted by Sam Haldorf on Nov 19

No problem regarding the personal post, I have made the same mistake myself.

I also see what you mean regarding the language of the privacy statement.
"unauthorised use" could be interpreted as any use that has not been given explicit approval before the fact.

Weasel words imho.

And Mr Holstein if this was the point you were trying to make, I accept it.

regards
mrx

dramacrat wrote:

Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

Fri, 20 Nov 2009 00:52:35 GMT

Posted by netinfinity on Nov 19

Mr. Kurt Greenbaum made a mistake. Privacy violated, because there
are other mechanism's like baninig the IP, email or whatever is
necessary to submit the post. If this fails then you should conntact
the ISP of the "spammer" based on the IP.

SecurityReason: KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 00:51:03 GMT

Posted by Maksymilian Arciemowicz on Nov 19

[ KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- KDELibs 4.3.3

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/74

--- 0.Description ---
KDELibs is a collection of libraries built on top of...

SecurityReason: Opera 10.01 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 00:48:53 GMT

Posted by Maksymilian Arciemowicz on Nov 19

[ Opera 10.01 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- Opera 10.01
- Opera 10.10 Beta

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/73

--- 0.Description ---
Opera is a Web browser and Internet suite...

SecurityReason: K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 00:47:13 GMT

Posted by Maksymilian Arciemowicz on Nov 19

[ K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- K-Meleon 1.5.3

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/72

--- 0.Description ---
K-Meleon is an extremely fast, customizable,...

SecurityReason: SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)

Fri, 20 Nov 2009 00:45:46 GMT

Posted by Maksymilian Arciemowicz on Nov 19

[ SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- Dis.: 07.05.2009
- Pub.: 20.11.2009

CVE: CVE-2009-0689
Risk: High
Remote: Yes

Affected Software:
- SeaMonkey 1.1.18

Fixed in:
- SeaMonkey 2.0

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/71

--- 0.Description ---
The SeaMonkey project is...

Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

Fri, 20 Nov 2009 00:15:37 GMT

Posted by mrx on Nov 19

Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

Thu, 19 Nov 2009 23:57:25 GMT

Posted by dramacrat on Nov 19

They're ORs, unfortunately. The language is unclear but it seems to be one
of those infernal boilerplate pieces of shit that basically invalidate the
assurances as to privacy.

You could still probably press the suit. "Unauthorised use" has recently
been defined and redefined, it's an evolving piece of law and if you have
the resources to get a jury trial they'll *want* to find in favor of the
plaintiff, which is more important than you...

Re: Meet Kurt Greenbaum, Director of Social Media, St. Louis Post-Dispatch, Reports commenter to employer.

Thu, 19 Nov 2009 22:27:43 GMT

Posted by mrx on Nov 19

Michael Holstein wrote:

So what? Ban the IP address. Admittedly a childish comment but the site is hardly one that is frequented by children.
imho Mr K. Greenbaum should be fired and sued.

And Mr Holstein you seem to be using your quote above out of context...

Compliance with Legal Process
We may disclose personal information if we or one of our affiliated companies is required by law to disclose personal
information, or if we
believe in good...