gmane.comp.security.full-disclosure

Re: Google Accounts Security Vulnerability

Kyle Creyts — 2012-05-22T10:16:03

Creating test accounts and reproducing this bug sounds like a
responsible thing to do.

On Sun, May 20, 2012 at 4:22 PM, Michael J. Gray <mgray< at >emitcode.com> wrote:

Re: FW: Curso online - Profesional pentesting - Promocion ( 25% de descuento )

Michele Orru — 2012-05-22T08:55:48

LOL, when did I say ExploitPack is cool ?
Maybe in your dreams!

And btw, the Javascript agent you sent are not the one I analyzed.
This is the one: http://pastebin.com/7j1wfB2n
After you scroll down, skipping jquery, you see the BeEF code that you included.

You were just replacing the BeEF global variable calling it "bot",
and re-using large parts of BeEF.

Anyway, everyone knows you...you're like the second MustLive.
Your Metasploit clone, apart from shitty InfoSec articles, is a
complete failure and clone.

So get a life man!

Cheers
antisnatchor

On Sun, May 20, 2012 at 8:04 PM, Juan Sacco <jsacco< at >exploitpack.com> wrote:

Failure to restrict access

Fernando Andina — 2012-05-22T03:35:22

Hi everybody!

I won´t take much of your time: as part of a project in our University we
have developed a tool to deal with the vulnerabilty known as "Failure to
restrict access".

If you want to check it a see what do we to say about it, go to our site
and leave any comments you may have:

http://failuretorestrictaccess.wordpress.com/

It is free and open source.

Thanks a lot!

Fernando.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: FW: Curso online - Profesional pentesting - Promocion ( 25% de descuento )

Juan Sacco — 2012-05-20T19:04:33

Michele Orru.. Sorry to write you directly to the list.. But you did it
too.. So.. please allow me to answer..

Exploit Pack != Beef ... Just similar projects.. different approaches

In fact you came to a webcast where I showed the code of Exploit Pack... I
remember you saying that Exploit Pack is a cool project...

Please check out our javascript agent...
http://www.exploitpack.com/Gate/jsacco.js
http://www.exploitpack.com/Gate/PLAINdoMagic.js

I am not pointing you with a gun.. if you don not like Exploit Pack tools..
just do not use our tools...

In my personal opinion, beef is a good project, in fact I am a big fan of
it. But it doesnt work like i want it, beef cannot handle more than 10
bots.. almost all the times I run the ruby project it crashes.. also some
modules doesnt work either.. the popup persistent is old and do not work on
recent browsers.. among other things.. Also beef doesnt have any module for
defense like clientside SQLi / XSS protection...

SQLi: http://www.youtube.com/watch?v=kD2gI8giO

Re: Google Accounts Security Vulnerability

Michael J. Gray — 2012-05-20T20:22:58

That was a bit ambiguous and I apologize for that. I meant that I had
reproduced the issue several times, not created test accounts. I'm willing
to bet it's not just a few accounts being affected. 

-----Original Message-----
From: Jann Horn [mailto:jannhorn< at >googlemail.com] 
Sent: Sunday, May 20, 2012 4:39 AM
To: Michael J. Gray
Cc: 'Thor (Hammer of God)'; 'Dan Kaminsky';
full-disclosure< at >lists.grok.org.uk
Subject: Re: [Full-disclosure] Google Accounts Security Vulnerability

On Sat, May 19, 2012 at 12:04:43PM -0700, Michael J. Gray wrote:
it.

Sounds reasonable.

So, you now have a test account that doesn't reveal any secrets about you
and which is affected... so you could surely give Google the name of that
one?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: Google Accounts Security Vulnerability

Jann Horn — 2012-05-20T11:39:14

Sounds reasonable.



So, you now have a test account that doesn't reveal any secrets about you and
which is affected... so you could surely give Google the name of that one?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[ MDVSA-2012:079 ] sudo

2012-05-21T16:05:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:079
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : sudo
 Date    : May 21, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in sudo:
 
 A flaw exists in the IP network matching code in sudo versions 1.6.9p3
 through 1.8.4p4 that may result in the local host being matched
 even though it is not actually part of the network described by the
 IP address and associated netmask listed in the sudoers file or in
 LDAP. As a result, users authorized to run commands on certain IP
 networks may be able to run commands on hosts that belong to other
 networks not explicitly listed in sudoers (CVE-2012-2337
 
 The upda

Re: Google Accounts Security Vulnerability

Daniel Margolis — 2012-05-20T18:11:45

Right. I think you're entirely correct to call this out as a distinct
feature from checking the user's raw credentials. The point of this
function is, as Mike said, to try to protect against bulk use of stolen
credentials--the starting assumption is thus that the attacker already has
valid credentials.

That said, you're making a few inferences that are unfair. As Mike said,
we're not deemphasizing or otherwise discouraging use of two-step
verification--far from it. Not reusing passwords and using two-step
verification are the two things we most strongly recommend to protect your
account.

Your claim that this discourages the use of these *other* safety mechanisms
is essentially a claim about what's known as "risk
compensation<http://en.wikipedia.org/wiki/Risk_compensation>."
The most common example of this theory is the claim that antilock brakes
and seat belts cause car drivers to drive faster and less safely,
counterbalancing any safety gains through riskier behavior. (Though the
evidence for these exampl

DC4420 - London DEFCON - May meet - Tuesday May22nd 2012

Major Malfunction — 2012-05-21T15:48:08

Back at the Phoenix!!!! Sorry for the late notice, but you know the 
score by now.... :)

Speakers:

'Why Industrial System air-gaps suck.'

Eireann Leverett of IOActive

A talk on why industrial systems can increasingly be found on the 
internet, and how to work with CERTs to change it.

We've also got room for a 30min fun talk, so ping me when you get there 
if you have one...

Venue is here:

    The Phoenix
    37 Cavendish Square
    London
    W1G 0PP

    http://www.phoenixcavendishsquare.co.uk/

2 minutes walk from Oxford Circus tube.

Date:

    Tuesday 22nd May 2012

Time:

    17:30 till kicking out, talks start at 19:30

See you tomorrow!

cheers,
MM

Re: FW: Curso online - Profesional pentesting - Promocion ( 25% de descuento )

InterN0T Advisories — 2012-05-21T10:05:47

Sounds like this is a mission for Attrition.org

On Sun, 20 May 2012 11:40:04 +0100, Michele Orru <antisnatchor< at >gmail.com>
wrote:
personal

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Announcement] ClubHack Magazine Issue 28,May 2012 Released

Abhijeet Patil — 2012-05-21T06:10:22

Dear All,

Here we are with the 28th issue of ClubHack Magazine.

This issue covers following articles:-

0x00 Tech Gyan - Steganography over covert channels
0x01 Tool Gyan - Kautilya
0x02 Mom's Guide - HTTPS (Hyper Text Transfer Protocol Secure)
0x03 Legal Gyan - Section 66C - Punishment for identity theft
0x04 Code Gyan - Don’t Get Injected – Fix Your Code
0x05 Poster - "Look both side before crossing one way track"

Check http://chmag.in/ for articles.
PDF version can be download from:- http://chmag.in/issue/may2012.pdf

Send us your feedback, articles at info< at >chmag.in

Regards,
Team CHMag
http://chmag.in/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

New XSS vulnerability in Yandex.Server

MustLive — 2012-05-21T00:13:26

Hello list!

I want to warn you about new Cross-Site Scripting vulnerability in
Yandex.Server.

Earlier I've informed about other XSS in Yandex.Server (CVE-2007-3485) -
mentioned about them in my Month of Search Engines Bugs project. And in 2007
I've informed Yandex about them. Which should fix these vulnerabilities and
not allow new ones. But Yandex failed with it and last week, during another
pentest, I've found new Cross-Site Scripting vulnerability in
Yandex.Server - this time it's DOM Based XSS.

-------------------------
Affected products:
-------------------------

Vulnerable are Yandex.Server 2010 9.0 Enterprise and other versions.

----------
Details:
----------

XSS (WASC-08):

http://site/search/?text=%27);alert(document.cookie)//

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by

Re: Google Accounts Security Vulnerability

Thor (Hammer of God — 2012-05-20T23:23:05

It’s you.

[Description: Description: Description: Description: Description: Description: Description: Description: Description: TimSig]

Timothy “Thor”  Mullen
www.hammerofgod.com
Thor’s Microsoft Security Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/dp/1597495727>


From: Ferenc Kovacs [mailto:tyra3l< at >gmail.com]
Sent: Sunday, May 20, 2012 2:23 AM
To: Thor (Hammer of God)
Cc: Dan Kaminsky; Michael Gray; full-disclosure< at >lists.grok.org.uk
Subject: Re: [Full-disclosure] Google Accounts Security Vulnerability

is it me, or you aren't reading the mails that you are replying to?
On Sat, May 19, 2012 at 7:28 PM, Thor (Hammer of God) <thor< at >hammerofgod.com<mailto:thor< at >hammerofgod.com>> wrote:
I tried, and it didn’t work (couldn’t repro).

None of this matters – if you have username and password, you can check mail via POP3 or IMAP.   Last time I checked, that was “by design.”   If anyone is saying this is some sort of vulnerability because someone “happe

[SECURITY] [DSA 2477-1] sympa security update

Florian Weimer — 2012-05-20T18:54:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2477-1                   security< at >debian.org
http://www.debian.org/security/                            Florian Weimer
May 20, 2012                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : sympa
Vulnerability  : authorization bypass
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-2352
Debian Bug     : 

Several vulnerabilities have been discovered in Sympa, a mailing list
manager, that allow to skip the scenario-based authorization
mechanisms. This vulnerability allows to display the archives
management page, and download and delete the list archives by
unauthorized users.

For the stable distribution (squeeze), this problem has been fixed in
version 6.0.1+dfsg-4+squeeze1.

For the testing distribution (wheezy), this problem will be fixed
so

Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)

Call for papers — 2012-05-19T08:23:13

Call for Papers: The 7th International Conference for Internet 
Technology and Secured Transactions (ICITST-2012)

Apologies for cross-postings.

Kindly email this call for papers to your colleagues,
faculty members and postgraduate students.


CALL FOR PAPERS

*********************************************************
Papers: The 7th International Conference for Internet Technology and 
Secured Transactions (ICITST-2012)
Technical Co-Sponsored by IEEE UK/RI Computer Chapter
December 10-12, 2012, London, United Kingdom
www.icitst.org
*********************************************************

The 7th International Conference for Internet Technology and Secured
Transactions (ICITST-2012) is Technical Co-Sponsored by IEEE UK/RI 
Computer Chapter.
The ICITST is an international refereed conference dedicated to the 
advancement of the
theory and practical implementation of secured Internet transactions and 
to fostering
discussions on information technology evolution. The ICITST aims to 
provide a highly
professio

Checking out backdoor shells

Darren Martyn — 2012-05-19T13:40:21

You may be interested in this: http://code.google.com/p/web-malware-collection/

We have been "collecting" these backdoors for quite some time... Still
got loads more to sort and sync with the repos, but we always like
more samples :)

Re: Google Accounts Security Vulnerability

Michael J. Gray — 2012-05-19T19:04:43

I was not stating that it was a vulnerability in the sense of someone can
compromise your account with only your phone number. I was saying it's not
doing its job in terms of what most people expect it to do.

It provides a false sense of security. It's a security mechanism, it
prevents people from logging onto accounts when they come from a location
that is unrecognized as associated with the account. and it can be
circumvented with little effort on an individual basis. Distributed attacks
would have trouble with it, but could adapt to it. If distributed attacks
are the only component of their threat model, then it's fine. Regardless,
it's interesting and that's why it's here. 

 

On why I don't want to provide my email address to Google:

It's a different email address which I don't want associated with this email
address for various reasons. That is why I am not going to provide it.

Your assumption that it's a simple piece of information and requires no
effort to give out is correct, but the impact of t

Re: Google Accounts Security Vulnerability

Mike Hearn — 2012-05-19T12:48:08

It can! The codes that 2-step uses can be generated using the open TOTP
standard, and the Google Authenticator smartphone app is just an
implementation of that:

  https://code.google.com/p/google-authenticator/

I don't know enough about hardware OTP tokens to say for sure, but I think
if you can find a time-based code generator you can probably set it up to
accept the same keys the smartphone app does.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

PE Explorer Heap Overflow Vulnerability

Walied Assar — 2012-05-19T03:09:34

 Product link: http://www.heaventools.com/PE_Explorer_disassembler.htm

Affected version: 1.99 R6.

Type of vulnerability: Heap Overflow.

For further information:
http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html

Proof of concept:
http://ollytlscatch.googlecode.com/files/PEExplorer_HO.exe

N.B. Not much efforts have been made into this POC. It just crashes the
application but code execution is possible.

Waliedassar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: New Open Source Web Application Vulnerability Scanner Available

Dermot Blair — 2012-05-18T14:18:03

Hi Dan,

Thanks for the feedback. Yes some users seem to be having this problem. The
code works in some environments but not in others.

I will be making another release shortly and will fix the issue. I may have
to make different releases for different environment (Windows, Linux, etc.)
instead of just having the one release.

Kind Regards,

Dermot Blair

On Thu, May 17, 2012 at 3:43 PM, Daniel Hadfield <dan< at >pingsweep.co.uk>wrote:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

New Open Source Web Application Vulnerability Scanner Available

Dermot Blair — 2012-05-18T14:14:38

Hi Laurent,

Thanks for the feedback. I will be making another release shortly and I
will fix those issues.

Regards,

Dermot Blair


On Thu, May 17, 2012 at 3:41 PM, laurent gaffie <laurent.gaffie< at >gmail.com>wrote:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/