SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by samuel alp on Jun 13

Hi People

Found a XSS on german Paypal website last week and reported it exactly 7
days ago.
Their response was one we very well know
Another researcher already discovered the bug.

So, someone else found the Vulnerability before me and reported it.
Fine, looks like I was too slow. I can live with that.

Now, i received an answer exactly 7 Days ago. That means they had more than
a week to fix this...

Posted by Justin Ferguson on Jun 13

There is nothing anywhere in any of US law, whether it be the bill of
rights or case law/judicial review which *modifies* those rights. More
over, you probably mean to reference the 4th amendment, not the 1st,
as having a given type of speech monitoring does not inhibit its
expression, but may/may not constitute an illegal search and seizure.

This will eventually be reviewed by SCOTUS, to which we will determine
whether its constitutional or...

Posted by Marcos Agüero on Jun 13

But no everyone makes that public :)
I think that their teacher is fine not being on that report. (Hi Alex!)

El 12/06/13 16:05, Paul Ammann escribió:

Posted by Marcos Agüero on Jun 13

##############################################################

- S21Sec Advisory -

##############################################################

Title: NextGEN Gallery 1.9.12 Arbitrary File Upload
ID: S21SEC-046-en
CVE ID: CVE-2013-3684
Severity: High
Status: Fixed
History: 27.May.2013 Vulnerability discovered
28.May.2013 Vendor informed
12.Jun.2013 Fix...

Posted by Jeremy Bauer on Jun 13

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

OpenJPA 1.0.0 to 1.0.4
OpenJPA 1.1.0
OpenJPA 1.3.0
OpenJPA 1.2.0 to 1.2.2
OpenJPA 2.0.0 to 2.0.1
OpenJPA 2.1.0 to 2.1.1
OpenJPA 2.2.0 to 2.2.1

Description: Deserialization of a maliciously crafted OpenJPA object can
result in an executable file being written to the file system. An
attacker needs to discover an unprotected server program to exploit the
vulnerability....

Posted by Alexander Arlt on Jun 13

Am 06/12/2013 01:08 AM, schrieb Justin Ferguson:

Ah, I have the joy of knowing some of the fellows over there in Pullach
and actually... I'd really like to know, what they're doing for their
living... indeed... since it's mostly my tax money at work over there.

Guys, take a look from my perspective: At least you know what your tax
dollars are spent on...

Posted by Fernando Gont on Jun 12

Folks,

FYI, the slideware of two recent presentations is available online:

* "Security Assessment of IPv6 Networks and Firewalls", presented at the
German IPv6 Kongress (http://www.ipv6-kongress.de/) in Frankfurt/Main,
June 6-7, 2013.

Slideware available at:
<http://www.si6networks.com/presentations/ipv6kongress/mhfg-ipv6-kongress-ipv6-security-assessment.pdf>

We did this talk together with Marc Heuse. First time we presented...

Posted by Ivan .Heca on Jun 12

Thw commercial espionage angle is another interesting aspect of this

http://www.techdirt.com/articles/20130611/10014923405/is-us-using-prism-to-engage-commercial-espionage-against-germany-others.shtml

Posted by security-news on Jun 12

View online: https://drupal.org/node/2017933

* Advisory ID: DRUPAL-SA-CONTRIB-2013-052
* Project: Display Suite [1] (third-party module)
* Version: 7.x
* Date: 2013-June-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting

-------- DESCRIPTION
---------------------------------------------------------

Display Suite allows you to take full control over how your content is...

Posted by Michael Hallgren on Jun 12

http://www.internetsociety.org/news/internet-society-statement-importance-open-global-dialogue-regarding-online-privacy

mh

Le 12/06/2013 16:05, William Reyor a écrit :

Posted by Vitor Ventura on Jun 12

Did you report your findings to the vendors?

Posted by William Reyor on Jun 12

* are protected <-- fixed that for ya.

- William Reyor

Posted by Paul Ammann on Jun 12

Doesn't everyone?

Posted by Andrew Smith on Jun 12

Yikes.....

Posted by laurent gaffie on Jun 12

Freedom of speech and freedom of anonymous speech is protected by the first
amendment..

https://www.eff.org/issues/anonymity

2013/6/11 Philip Whitehouse <philip () whiuk com>

Posted by Leif Nixon on Jun 12

Javier Repiso Sánchez <javier.repiso () hotmail com> writes:

So, as part of your Master's Thesis, you exploited surveillance cameras
belonging to random people on the Internet?

Posted by security on Jun 12

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:172
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : June 12, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

Posted by Zenny on Jun 12

This has been came into public attendtion recently, but it has been
published earlier in March 2013 by Bruce Schneider (the twofish crypto
algo developer).

Read here:
https://www.schneier.com/blog/archives/2013/03/fbi_secretly_sp.html

Posted by Javier Repiso Sánchez on Jun 12

Dear sirs,

We are a group of students from the European University of Madrid who have made a security analysis of IP video
surveillance cameras as the final project of Security and Information Technology Master.

In total, we analyzed 9 different camera brands and we have found 14 vulnerabilities.

**Note that all the analysis we have done has been from cameras found through Google dorks and Shodan, so we have not
needed to purchase any of...

Posted by Pedro Worcel on Jun 12

Uhh, discount! That guy, what's his name, was a traitor anyway.

You just cannot believe people.

2013/6/12 Ivan .Heca <ivanhec () gmail com>