full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] [Dailydave] Vulnerabil

Re: [Full-disclosure] [Dailydave] Vulnerabilities Hashes DB needed

From: shadown <shadown_at_nospam>
Date: Mon May 07 2007 - 06:05:44 GMT
To: Dave Aitel <dave.aitel@gmail.com>


Hi Dave,

It wasn't Microsoft this time, it seems they are not the only ones that call 'buffer overrun' to 'buffer overflow' :) About the 0days thing, I think that time to time people has to report some stuff and you well know that there are so many 0days out there, more 0days than reported vulnerabilities.

This game Mao sounds like fun, so I won't read the rules. :), the problem is that somebody will have to, otherwise there won't be game to play :(

Cheers,
  Sergio

Dave Aitel wrote: > There's only one company in the whole world that says "buffer overrun" and > that's Microsoft. Everyone else says "buffer overflow" which is more > correct. I blame the Kiwi on Microsoft's insistence on using the wrong word > here. But regardless, unmask.py has a field day on that sort of thing. :> > > Anyways, if vendor monopoly disclosure annoys you, stop doing it. Why > aggravate yourself by doing work for other people for free? Life is short. > If all you really want is fame, then sell the bugs to whoever can get you > the most fame fastest. Or just post them to the list. And I don't think we > need a separate hashes list, since dailydave or full disclosure works fine > for that and, importantly, is mirrored all over the place. > Alternatively, if > you cc me the free 0day I'll tell everyone the date you sent it to me in a > GPG signed email upon request. > > When I was a kid, I played this card game named "Mao" obsessively for a few > weeks in the summer, and then completely forgot about it until today. > Mao is > an Uno variant, played silently, and the point of the game is to deduce the > rules of the game - rules which are essentially made up by the dealer or > local culture. It's a fun game. You never see anyone playing it at hacker > conventions, which surprises me. One of the standard rules, which I'll give > away here, is that if you talk, you are penalized by having to draw a card. > Of course, until you can deduce the rules, you end up drawing a lot of > cards. > > I guess my point is this: if you deal the cards, you can make the rules. > Otherwise, silence is usually the best option. > > -dave > http://en.wikipedia.org/wiki/Mao_(game) (people who have not played Mao and > plan to, should not read the rules, as it ruins the fun) > > > On 5/6/07, shadown <shadown@gmail.com> wrote:
>>
>> [Moderator: I ask you to accept this mail, so that the comunity may come
>> with a solution. Thanks in advance.]
>>
>> Hi,
>>
>> During the near past I have to confront some issues when reporting
>> vulnerabilities to the vendors, I'm not going to disclose the vendor's
>> names
>> because is not the goal of this mail, but to become with a solution. I'm
>> asking the researches comunity and whoever can help us to come with
>> the best
>> solution. In this mail I'll explain my reasons and what I think is the
>> best
>> solution (actually I've borow the idea from others) and ask the
>> comunity if
>> someone thinks that is a better one.
>>
>> Reasons:
>> --------------
>>
>> 1- I've contacted with some vendor and after getting the right security
>> contact to send the vulnerabilities I've sent the pgped PoC files.
>> Then the
>> vendor didn't come any more to me. After a month I've contacted the
>> vendor
>> again, the vendor said: 'oh, I didn't receive the mail'. I've resent the
>> mail and the vendor replayed: 'I've tryed the PoC files and none of them
>> worked, probably our internal testing team found them'. After
>> receiving that
>> answer from the vendor I've downloaded the software again and the
>> vulnerabilities were fixed. I did a binary diffing to analyze OLD vs. NEW
>> version and extraordinary...the bug I've reported + two other bugs where
>> fixed, what was a bit suspicious. I've ask about this to the vendor
>> and the
>> vendor replayed the following:
>>
>> """
>> It's hard to imagine that the respective fix would be directly
>> related to
>> your files because we haven't had them. Don't get me wrong, we have no
>> problem crediting anyone who reports bugs to us, helping us to improve
>> our
>>
>> software (just as we did e.g. in the case of version XXXXX where we
>> credited XXX YYYY - see
>> http://www. linktothecredit <http://www.linktothecredit/> ) but I
>> don't think this applies here, really...
>>
>> Sorry - maybe you can find some other overruns in the current build? (or,
>> even better, in the build that's coming out in about a week - because
>> that
>>
>> one has some new fixes in it, too [so it's theoretically possible you'd
>> hit
>> something that has already been fixed, too]).
>> """
>>
>> This was the case with one vendor, and pretty similar situation with
>> others. (ofcourse there were excelent comunication with some other
>> vendors,
>> but is out of the scope of the solution that I want to come with.)
>> 2- There are some vendors that are really dificult to deal with. It took
>> me about 4 months to get the right contact to report the bugs, and this
>> would be another think to think about, A public 'Vendor's Vulnerability
>> Reporting Contact DB/List'.
>>
>> As I do believe in responsible disclosure, I don't agree with 'giving up
>> and launchin 0days' so that vendors eat their s**t, the following is
>> what I
>> think is the best solution for it.
>>
>> Solution:
>> -------------
>>
>> First of all: I've taken this idea from matasano and Halvar, that were
>> the
>> ones I've seen that did this in the past.
>> The main mailling list should create a 'Vulnerabilities Hashes mailing
>> list' where the researches comunity can send the hashes of the PoC files
>> just before they conctact the vendors. That way if the vendors do not
>> give
>> the proper credits to the researchers, at least the researches will have
>> another proof to show that they were the ones that reported the
>> vulnerabilities, and not just the mails they've crossed with the vendors.
>>
>> Final Comments:
>> -------------------------
>>
>> I'm pretty sure that a lot of researches has this kind of problems in the
>> past and this is really frustrating.
>>
>> *** I don't want this mail to end up being a: "Oh, yes, I have this
>> problem with xxx", and so. Please don't do that because is NOT the
>> goal of
>> this mail. Just bring your ideas to improve this and to make this
>> 'Vulnerability Hashes mailling list' to happen. ***
>>
>> The following is are the MD5, SHA-1 and SHA-256 hashes of the
>> vulnerabilities that I'll be reporting to the vendors after sending and
>> seeing the post in the mailling list. This is a verdors based hashes,
>> because probably in some cases the PoC files behind this hashes may
>> affect
>> other vendors, but as I didn't try with other vendors I don't deserve the
>> credits for the vendors that I didn't spot vulnerabilities, if other
>> researcher finds the same bugs in other vendors, they are the ones that
>> deserve the credits for that.
>>
>>
>> AnhLab V3:
>> ----------
>>
>> 65d9c1f2a9f3e7cf90e814ad27c7868b
>> bf6460b08b07b9fdfc90e243e8c72b326b4070f4
>> e766ac5bedb1144a8bb0426382aec5b58d9fcbf2ac560c321e474f57124c322b
>>
>> Avira Antivir:
>> --------------
>>
>> 6be69d215a9abee4c5966243fbd074a2
>> 34ad8cd7fd38a8c6af9d6e13bd2bbe72806ceee4
>> 1094efa900cd1b0bcacbd38fa6ebee65bace529227512d25cdeede4dadbaef7b
>>
>> 770206b8b023069913315bc0ad15fa7f
>> a1c5a301e1898e5749eb8bdb477f7ff786142a6d
>> ecc1a63d3c7e1c21a6d92d8b5d7889038861bf09f43c5ab81d84ff6f3a9c166c
>>
>> cd180ca57fccb2611eded02789830803
>> 25d610387e7a7c2a372e8cc612b495c3145e9768
>> 6d4ddde75ecaddd0780420485d4a973cb1d9ba0df2c1fef15ca8a1a29d67f640
>>
>> c40a37cd215c7cca64310984b6b7a848
>> 4c09a09683328f4a0a56f4ca523b5d25e4a9f618
>> dbb89a4f297a050df445cb8a0e81b5753f32a4fe0d8b40f648572152215977da
>>
>> 76105c8caf97785c9fa330481b13713d
>> 0ee01fa4ab0f9a3504201ce02a4c53547a8efbb4
>> eae7a347cbd805bce87ca8303d4de98729034228a1a94b999c01bb132f4738f2
>>
>> AntivirusKit:
>> -------------
>>
>> f308330ddc4fe26c0458a148f9594759
>> 36a5feb922e8163be67a85018294d9e179cbcec7
>> 6da70b2be86525ae5fc654cc293a44437ee6ca912668eff7501ef529a5be4196
>>
>> f9a42de55118798f2920a2b1072c8444
>> f62f63ac4aee1295cbf7a636e13e5cba7f6474a5
>> 8d8be8e6bd765c8822696d2af58f53f386987129c7ceca43f051f026d4073a7a
>>
>> 56865f1768d2a646ce0e9e8d436ec67b
>> 0dfcb3a5c004665821f58afe3ddc7aca52411919
>> fd66434954edd4e07265660a37be5737e08414b033901905e5e535a4431aee7b
>>
>> 6511e2fdc0f721a47c4e8a1d626108f2
>> 9fc5010703bcccdab67f4c61b2144f06c1ed6679
>> 0c42ceba2e181cc943a330ea7d9e9ed7b05cb2602b50c10693ab3515d0d3776c
>>
>> e2927d23417de42c00f6570179fa0ab4
>> 5a654b60b4e5d7b971393993bf74bff6b7babf4c
>> a0b47cb536e58f060fd193e44cad1c282964bf02d743eeb375496d96e9852492
>>
>> e29cf7b7613bfdbb9a0c1b4114527251
>> 712e1835f88a75b50b902b5aeb8c63199d634da8
>> 0b8b843e0e123464275b75fd1d21a808233389204df10accca0d9b29884d8c27
>>
>> 99558b6186c3af5415dac0488b0f4a0d
>> fb6504beb4934e9c4656121d0efd224b3e12da04
>> b339d6e1ea6d76a297b691b989a650c47392d063a7ee8394ac3a104e831cd97b
>>
>> 136eeda72cff4ce605424dd4566b5c5b
>> d79e8ece11468fffadd9ce0f24d6904544882979
>> 2fb06f226571cb9f097d2ebcdef89898d70033bdd092233fea048fb345d318ad
>>
>> a8f265a5d767f40a942a93be4ace83f4
>> 1aee982c67d3557dcb77989c36ff4c35115eb8c7
>> 957da7450f57781ac32f3a7ff7dcb5c975f5039f7684482706f1cd2dc61bc732
>>
>> Avast Antivirus:
>> ----------------
>>
>> 24b53bacfa2f6aeba6226466d6a96758
>> 7bccb6233ae8356928f49ece594af2ec05654ec7
>> e07652d14834e267a661892a240be7185035942224c9386e68cbdeb1e636369a
>>
>> df88c0d9489a877eca251f6977f07d0b
>> dca5faa757d3a7d72bf37873db8dae7e0f002cd1
>> 65271e3d3a5e4f70f337b19b661f8ed5521777715c3c7223c5bde05f5ab826b9
>>
>> 649666668e1f0a219c0bd9619aff5d91
>> 839c714d4b28bf903c6ccd0b1b7a6fdf5c46c01a
>> 41c263ea1ce75411792f5853c8c02bf1ccf06708f09cd874490ef11623b85d55
>>
>> 0f16d47de15ebbcd30ecad2b3ba9aea2
>> 51f859523e3d1d7eb8549ac27bc0ce292dfb940d
>> 54806f6d3c6d193ea874057bc1d04e403c99c51fcf46dacbf3fdffc8a7033244
>>
>> f1f4ac1d188c020f8e9a651555279227
>> dd2cd2fafe3d98b099a7504bd94089c1deec680a
>> cb5e46bb6abe10a8bc35dbb24991770f6433d7b5981998604164bb43ec2676bc
>>
>> 4696e1bb5e73620c6e715d9c727ac7f6
>> a240b8bdd748a15ef6e451e4a327258367e7c07c
>> 2181db5345a3d04c83cbf5ca8442fecfeb1f3825ec0a7516f07eaebd03ee234a
>>
>> 40a82d15fcb2cd982fde52b5d90e7d49
>> b5248dd45ff405a0c75e7771c25ce1d8cdc2dfd2
>> cdedcb945de7855b9ff791ce1d0dff0bacccd715eaf61942676b4153f9783cda
>>
>> df519bca64476f0f7e0a973c31e0828a
>> b46ac3f62a1dd0b9f1dc99d822913cd588f6ee68
>> 003f657a4451b1e34de81862af10eac5cb25950406925e1f837ffc5f2ff2d4a3
>>
>> 193a39e6e57c5fe1e673cd60fc9f838d
>> d2bdb2e33a3c0922918d0badbec70d830228586c
>> dcbeefec4bb40fc39523284073ef5d1f6773786e286949d588e182de490ed74f
>>
>> 835899502d90cf4a435aa4392b2b03f4
>> ec81ee8d7239a89346e1e17ad4f018da180d5310
>> b019d4dcfd6db786ee13ed80f6e90b0faeb23f90b8dcb1061a718f9446e39e22
>>
>> 2ec5e7d881bd4792fe63992a052aa054
>> 3bc58e9f7f1d9efc2d2a599b430ca745b810fbcc
>> bd5d5e96fc091a21ac3c1e1e24276fb22cd42dc7b56569de23811ab7196df5e1
>>
>> df519bca64476f0f7e0a973c31e0828a
>> b46ac3f62a1dd0b9f1dc99d822913cd588f6ee68
>> 003f657a4451b1e34de81862af10eac5cb25950406925e1f837ffc5f2ff2d4a3
>>
>> 193a39e6e57c5fe1e673cd60fc9f838d
>> d2bdb2e33a3c0922918d0badbec70d830228586c
>> dcbeefec4bb40fc39523284073ef5d1f6773786e286949d588e182de490ed74f
>>
>> 835899502d90cf4a435aa4392b2b03f4
>> ec81ee8d7239a89346e1e17ad4f018da180d5310
>> b019d4dcfd6db786ee13ed80f6e90b0faeb23f90b8dcb1061a718f9446e39e22
>>
>> 2ec5e7d881bd4792fe63992a052aa054
>> 3bc58e9f7f1d9efc2d2a599b430ca745b810fbcc
>> bd5d5e96fc091a21ac3c1e1e24276fb22cd42dc7b56569de23811ab7196df5e1
>>
>> 7f1dfbef6cbb128480a89c518ef5e7b6
>> 86dfabefece6ced61521cca7a8d573214bacc61d
>> abf0a439abadd50cf7871e14f7b0fecf6d24b0257679e186b4a8cfa5c95db26f
>>
>> 2c799b6dd1a95ac3f7ae9cb6550145ef
>> e509214a69108485821a370d48a22ae519feda42
>> fc204ac5f18b04a36570273035300004d16ab38b990e7c699743f4bbe1c8cd73
>>
>> 8505d6f3bb638c47a51c1e954945219d
>> 0923321102a3a6ef606a54ea6375118e5003e7d2
>> f5103f808ba9e227ebf8f16f361a1710f6f083757d56d40a2c6dcd64f4578499
>>
>> Grisoft AVG:
>> ------------
>>
>> 7ed40b565903c3788157f1b7facd3e8c
>> d95141a18c0d49e3ef4da4ae4164460c04df571a
>> 018f888c8f9a280c2a546d70646cfdfb002127f786777036190227f82438e99f
>>
>> 4cf5ea82eeb3526584bbc0e648859f28
>> 4872d5a93ce3caafd2398b948a17c535fe1c178d
>> fc528e338ff779041cd7d43d5175461cbec51476bc83bab993930c894b4ab27f
>>
>> 3f30645d19a29120e3ed6667023f9b26
>> d8e468bb9b6d224e322a08e6b813d9a891a7a37c
>> e88ad4becf6ba0917e9187b7dcc907e2f0d1789e71dd8328f455662405afcacc
>>
>> 9723df4678b88056e18727fadfc523f5
>> 21823e87f72ae6268f67f27dda6e1fd97162baa0
>> 22c7987f4c9f0ae996e322547afd8f70dd0c1e579bebd9505d1d8106c6a8c47f
>>
>> CA eTrust:
>> ----------
>>
>> b1ad7836c4c5f13acd39a7554cb4a74c
>> b21fdf4ac22cb040ceb060a5ce9369344a012ea5
>> 3c39bf686d8cfa8d5901c10b6faff8e15f53eb5a7b09226893c5ec0add63e819
>>
>> bb41ecd6340ddadf1b342569f545e0b3
>> 38405393b9145bf92c3ce2b9f887bbb200578c15
>> cc933471d8a8c1ff2216209b5063b5ebc77e86846d0b5d4809763af1277fcf93
>>
>> 830b9443c1d9a2c3a3c22a61e141ff67
>> a5eb5a4bfab519db6db1270dda12a3eed36e99e6
>> ef3a5733a48728564781c3d5d7bf364f7c6b8c2dc9f62fbf7abd07c361e1078b
>>
>> e29cf7b7613bfdbb9a0c1b4114527251
>> 712e1835f88a75b50b902b5aeb8c63199d634da8
>> 0b8b843e0e123464275b75fd1d21a808233389204df10accca0d9b29884d8c27
>>
>> F-Secure Antivirus:
>> -------------------
>>
>> 8029afc917c99b76211376677bec7025
>> 0e8b7674771c1cbd8860f73b1ce53aa88720c7d3
>> 107b3efdeab6e622cc164c4cdde5366ca1d4aac7e263217e0b41c7dcbff3b025
>>
>> 2c4c3f6b89c7c395842b41a697cad411
>> b7d769358b594770d392bd57cbc9e56ece99b422
>> 548b4b246be5ed4cf962d556c20c96c35994269f06b5ddedd7aa7e7248e9e250
>>
>> 657d39f36ac3f09f46ec30ed25a66a48
>> 3ca8a75f157cecb89ab8a9cf29b5589536428d50
>> 1fd43a88cf07ef8f5f1f35f656fbb08b2d16ad273363e88fa2efe4a056937f4a
>>
>> d27a2fb4a40b785e25a450bb3acfd793
>> 6b1d6d0754711ff5bafd84b1ed5a9ceeb88f3a53
>> e50e14059f17895efcfb7f60ff0be061cf49fa4a288c63ec494991555667da32
>>
>> McAfee VirusScan:
>> -----------------
>>
>> a8f265a5d767f40a942a93be4ace83f4
>> 1aee982c67d3557dcb77989c36ff4c35115eb8c7
>> 957da7450f57781ac32f3a7ff7dcb5c975f5039f7684482706f1cd2dc61bc732
>>
>> ee44ef6cf5cb0a8debae2adf18a33579
>> a4a386f2b911b7bb9fc3572935032bb56c9a5d85
>> c8d017c4f095b2f45623117d80433339b16b48de9fc8a7362eb13116bdd29c5b
>>
>> ee44ef6cf5cb0a8debae2adf18a33579
>> a4a386f2b911b7bb9fc3572935032bb56c9a5d85
>> c8d017c4f095b2f45623117d80433339b16b48de9fc8a7362eb13116bdd29c5b
>>
>> 3fb13db5928235fce3f6e65aa7ea4e86
>> 83f6ef1b222ad55fd87967e3089f554a33ae5a06
>> be927665d2d44f0958b7c8070ea4cc77444cdfe3ada3d8398dd1cb8f6b9f6192
>>
>> a8f265a5d767f40a942a93be4ace83f4
>> 1aee982c67d3557dcb77989c36ff4c35115eb8c7
>> 957da7450f57781ac32f3a7ff7dcb5c975f5039f7684482706f1cd2dc61bc732
>>
>> ESET NOD32:
>> -----------
>>
>> cfd37b81fd0dbc62653032a4166173ff
>> 3c69c0e8979237bf4af66f4b93a7ada0d0d81211
>> e8853ba6967db030d54805899525ba20fb03c4b4786e1c1b97f1666e316052e3
>>
>> 440c492b01a8fb46a28d210345c180ed
>> d0db253944fdc24f81df3cd0c1fb63c1a700e240
>> 8a3a6be38a55a341b2bba13bb4af453ca408edc29f1ee1f3f091e921250d28f1
>>
>> 02dc846a5388b9c3b6021208761e6f5a
>> 600420f8f3c7d438533817d64e0bef92462a614e
>> 5ad94d4d445d48f1ef5d87d492e0213c7af20bebb053621418375c09412d8e4a
>>
>> b6f1955690dcfc804fae032216507430
>> 65cf6c31c4c103c296c937520964d6dd7442d86f
>> f2401d9d3a5c3be0b9eec88eacf493ad6d83942ce0f566129cba929e398efc59
>>
>> c52853d1d0ada84dd432aff2eacea04e
>> 1f11427a3c5620dff36ef4056901bd3e1a209eeb
>> d51bbacd4b2b540266b793ee2735d729844c0476a648d3dd7fc683d6eef13db4
>>
>> 0107600c8612ff2ad4f22865768d407c
>> 845391b0311305dadbed0aa41c2028e65516bfc1
>> 40eb114d0b472d35850fcdde4bba6bdf36f067ba55a7c2df67d65dcaa4592dec
>>
>> Norman Antivirus:
>> -----------------
>>
>> fc7743cda0033f81d5c7d969542ea33b
>> 0e4ffac982168a0aa73f529d830dc656a747a6dc
>> ca371fd64625efb50a0f3bb403bd922fc7081fc8966df7b0fd40b40586624188
>>
>> a9bd4536a1966c0dde8ba718c658e854
>> f4adb4bfac96954a93c8e9d001630540af4a3fea
>> 32caf66cd837949bfff32d4c2365cb3519d908e56dd3684e8ddc107ba25cc873
>>
>> d5d020485df8ead5192042da9f32bb0d
>> 95ead5b4fe26e5dff98a7fa95168f41713878f4c
>> e6a19e24893ad87a7c0c299f35fc2010af5a7a4a926e0fa5113946cb80dc1ea5
>>
>> b9a8a5063abf31f53f6f7d2e35a8f7ee
>> 3640d55abbd155ea22a2a68f9d15f27e5307a048
>> 7cc06d3d8ceb341d6735c57c42288b067605a1fdeb8753729e4dddd0b435ad64
>>
>> 5397061f4268bdcc106ada8724d2cc21
>> 3ddd04f4d4c2a1b2e91630ea909b74e9f8607554
>> 9a9eec3f5fa24f1ccf7cf47effc0a5d1f5dad12e22b61c8e4a6552dc4345a4c1
>>
>> 13fc7553b8e2979942a95f6ff6f16f20
>> d74a4f36bead45008d826b3e2b5d9959a2394226
>> 769ca66067e3fedff804f454a0b5a9d54dbf85f140de43b8c115f3f0bcdaf74a
>>
>> 40aefe65ef2371df256a5a17be5c08a2
>> dfc4110d62cb9a36f27b2269f3adfa1cee0ee190
>> 17ff4d9f7dd44101544023dcd6554c2280f0cf2c779cb7a1f26717467eea25c7
>>
>> 7d9f52171e286d022e8c2605cab69db7
>> a2f3ef73dd41348131a4fc83bb269552c50e8a24
>> 91c53eed8ab2e06e46d7e2d2f5fecfa65d29ec4cf9832b3b1690b724a25b10bf
>>
>> Symantec Norton Antivirus:
>> --------------------------
>>
>> 05ee29971ad88e895fe3fbb2a931cb64
>> 344724a09b87ebb0901b4a110855840440b5dd35
>> 40494ee480bd1eb946a82d87cdbbad2a55471942b513c7986f1ef07a6a860de8
>>
>> 5aa3942cfb2854ace70434ffbbaf83ad
>> 3b07b9cdbce21fa7c018ffe49ec3e4fb26898e7a
>> d9b0d079ee5d79d4791aed1465cf2b5cb69e953bfee6b39a51727bab6bfe0562
>>
>> Panda Antivirus:
>> ----------------
>>
>> c1ef9b02aa230410db5384b60c43737f
>> 6cdbec98c6b2dae754c835cddfd7510a27d6971d
>> c7d9e6b1b1a6a99d15bdbc199584a82629b8c2696e052835832c9cdba6575827
>>
>> a086d36416b40da2556f708ec7839091
>> 4dd0d6efea6335af8b49e76a8629cd575f56917a
>> 9051df4e9eca261e051097a877aa68c3de568e85e24eb70c4424693018f9cbdb
>>
>> fb2b41a7c8a25c835052ec788250c285
>> 2583a038e47e85a9669f8bb944ccffcf11c21518
>> eeb614054a4cc99bb4aa3ac4b5f09f74c630a56ca7931a10b54a8f678eb59e67
>>
>> Sophos Antivirus:
>> -----------------
>>
>> ac07ed7520c4ff1ae93be01c2dc0a91b
>> 69f941d81f8ed9d2a21ff7421d8f658b8bdef67a
>> 60471004837929f83c0cd5fa58c51505d0182891b656216b67d2ffa3792371ac
>>
>> e51333b8106e0cdc7c28e1d360470933
>> d3ea44047fde6792e0d451404133dfe37c2701ae
>> 8363eb9f3db54839e10edbb5b0f0214425f42a5a67fa7a7f572d161dc6fe4ecb
>>
>> 1e33c49f7c86d23217f46927d17fcf84
>> 75491f057ef1f7b69ef5431bf1a61ad0ff5765e8
>> 68d66831aab022bac9e96e23ba8e1a55b49c392ed54fab9efe0f95d64ddb747c
>> Cheers,
>> Sergio
>>
>> --
>> Sergio Alvarez
>> Security, Research & Development
>> IT Security Consultant
>> email: shadown@gmail.com
>>
>> This message is confidential. It may also contain information that is
>> privileged or otherwise legally exempt from disclosure. If you have
>> received
>> it by mistake please let us know by e-mail immediately and delete it from
>> your system; should also not copy the message nor disclose its
>> contents to
>> anyone. Many thanks.
>>
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave@lists.immunitysec.com
>> http://lists.immunitysec.com/mailman/listinfo/dailydave
>>
>>

> -- Sergio Alvarez Security, Research & Development IT Security Consultant email: shadown@gmail.com This message is confidential. It may also contain information that is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by e-mail immediately and delete it from your system; should also not copy the message nor disclose its contents to anyone. Many thanks. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/