Full Disclosure

Vulnerability Httpdx v1.5.3b

Fri, 19 Mar 2010 14:47:36 GMT

Posted by Mehdi Mahdjoub - Sysdream IT Security Services on Mar 19

Program : Httpdx v1.5.3b
PoC : Remote Crash Service (if http.log=1)
Homepage : http://sourceforge.net/projects/httpdx/
Found by : Jonathan Salwan
This Advisory : Jonathan Salwan
Contact : j.salwan () sysdream com

//----- Application description

Single-process HTTP1.1/FTP server; no threads or processes started per
connection, runs with only few threads. Includes directory listing,
virtual...

CA20100318-01: Security Notice for CA ARCserve Backup

Thu, 18 Mar 2010 22:03:45 GMT

Posted by Kotas, Kevin J on Mar 18

CA20100318-01: Security Notice for CA ARCserve Backup

Issued: March 18, 2010

CA's support is alerting customers to security risks with CA ARCserve
Backup. The version of JRE shipped with ARCserve Backup is
potentially susceptible to multiple vulnerabilities and has also
reached end of life. Support is providing JRE 1.6 upgrades as
remediation.

Risk Rating

High

Platform

Windows

Affected Products

CA ARCserve Backup r12.5
CA ARCserve Backup...

Re: Fingerprinting Paper with Laser

Thu, 18 Mar 2010 20:02:42 GMT

Posted by Rafael Moraes on Mar 18

I have no doubt, just give them some time to think about it.

2010/3/18 Fetch, Brandon <bfetch () tpg com>

Re: SecurityFocus to partially shut down

Thu, 18 Mar 2010 19:51:41 GMT

Posted by Georgi Guninski on Mar 18

hope you are right.
i doubt i will cry much if i bother to go to their funeral :)

Re: Fingerprinting Paper with Laser

Thu, 18 Mar 2010 19:02:54 GMT

Posted by Fetch, Brandon on Mar 18

But wait! That "paper fingerprint" can be captured and added to the RFID data already saved!

*tongue firmly in cheek*

No one would be devious enough to duplicate or forge "secured" RFID data in our passports now would they?

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of T
Biehn
Sent: Thursday, March 18, 2010 2:15 PM
To: james...

Re: Fingerprinting Paper with Laser

Thu, 18 Mar 2010 18:15:00 GMT

Posted by T Biehn on Mar 18

So your proposition is that the passport manufacturers all use laser
beams on each passport they create and that this whitelist be somehow
distributed to each and every airport and border check-point?

lol.

How bout we just let them get PKI right first.

-Travis

[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference

Thu, 18 Mar 2010 17:28:44 GMT

Posted by Raphael Geissert on Mar 18

------------------------------------------------------------------------
Debian Security Advisory DSA-2018-1 security () debian org
http://www.debian.org/security/ Raphael Geissert
March 18, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : php5
Vulnerability : DoS (crash)
Problem type : remote...

AboCMS SQL injection (abocms.ru)

Thu, 18 Mar 2010 17:07:05 GMT

Posted by Владимир Воронцов on Mar 18

[ONSEC-10-003] AboCMS SQL inj
Target: AboCMS <= 5.4 (fixpack unknown)
Type: SQL инъекция
Rist: Medium
Find date: 12.03.2010
Report date: 12.03.2010
Fix date: 17.03.2010
Author: Vladimir Vorontsov
OnSec Russian Security Group (onsec [dot] ru)
Original links: http://onsec.ru/vuln?id=19

In the popular content management system AboCMS version 5.2 found a
critical vulnerability. Errors allow an attacker to modify the query syntax
to the...

Re: Fingerprinting Paper with Laser

Thu, 18 Mar 2010 17:05:39 GMT

Posted by Byron Sonne on Mar 18

All technology and software is crap... it can't prevent anything from
happening as long as humans are involved.

If a man can make it, a man can break it... and if not, there's always
rubber-hose cryptanalysis.

Security _is_ snake oil

Re: Fingerprinting Paper with Laser

Thu, 18 Mar 2010 16:04:08 GMT

Posted by james o' hare on Mar 18

They used false British passports, and you wonder why we want to have
these technologies?

Andrew

[USN-915-1] Thunderbird vulnerabilities

Thu, 18 Mar 2010 15:37:45 GMT

Posted by Marc Deslauriers on Mar 18

===========================================================
Ubuntu Security Notice USN-915-1 March 18, 2010
thunderbird vulnerabilities
CVE-2009-0689, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075,
CVE-2009-3077, CVE-2009-3376, CVE-2009-3983, CVE-2010-0163
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This...

Re: Fingerprinting Paper with Laser

Thu, 18 Mar 2010 15:36:23 GMT

Posted by T Biehn on Mar 18

Ridiculous.
Generate some valid, non-far-fetched use-cases to justify this if I'm wrong.

-Travis

Re: Fingerprinting Paper with Laser

Thu, 18 Mar 2010 15:21:30 GMT

Posted by james o' hare on Mar 18

As long as it stops The Mossad going to Dubai and assassinating people
in hotel rooms, then I'm all for it.

Andrew

Fingerprinting Paper with Laser

Thu, 18 Mar 2010 15:17:41 GMT

Posted by Gadi Evron on Mar 18

I saw this release today, and just had to share it with anyone I could find.

"Every paper, plastic, metal and ceramic surface is microscopically
different and has its own 'fingerprint'. Professor Cowburn's LSA system
uses a laser to read this naturally occurring 'fingerprint'. The
accuracy of measurement is often greater than that of DNA with a
reliability of at least one million trillion."

I love it when old technologies and...

Re: FW: Your email has been selected (n3td3v/andrew wallace spam) lulz.

Thu, 18 Mar 2010 15:15:06 GMT

Posted by james o' hare on Mar 18

Thanks for letting me know, I've forwarded it to SOCA.

Andrew