Domain: vulnwatch.org
Stories and comments across the archive that link to vulnwatch.org.
Comments · 11
-
Re:Looking for good/current Lynx for Windows/XP
I have used this one in the past:
http://www.fdisk.com/doslynx/wlynx/lynx_w32.2.8.2r el.1.zip
from this page:
http://www.fdisk.com/doslynx/lynxport.htm
No Cygwin libraries required. It worked fine for me, though it has not been updated in some time. I doubt you need to worry much about vulnerabilities in a text browser, especially if you only use it to examine your own pages. If you simply intend to scrape text from other people's web pages using a windows box, might I recommend using the QueryTables.Add method in an Excel macro, which has worked fine for scraping sites for me in the past and allows for relatively easy manipulation of the results.
Alternative Lynx windows binaries are posted here. The current release will compile with Borland C or Visual C++ 6 (with some tweaks), though I imagine it would take some major edits to get it to compile properly with the newer Visual C++ compilers.
Though for the command line usage you desire, Netcat would probably get the job done with a little fiddling. The official page is here, though the latest source release is no newer than Vulnwatch's WinNT binary.
Another alternative is simply to turn off images, javascript, java and css in Firefox, though I don't think there is any command line option for non interactive operation, but scripting acquisition of text from it wouldn't be that hard to do.
But being a GnuWin32 guy then a scripted combination of Wget and Sed or Gawk might be the best solution for you.
You could also just write a PHP or Perl script to do the job just fine, which might be the most sensible approach.
Anyway, the version of Lynx I mentioned above worked fine for me and did not result in any attacks, though I have only visited totally legit sites with it. -
Arsenal of Tools
Funny, I also carry a thumb-drive with a removable memory card slot. It's this generic one floating around online: http://www.supermediastore.com/supermedia-handy-4
i n1--usb-20-flash-memory-card-reader-yellow.html
I think they're a great idea, because I can move with the SD card market as flash memory becomes denser and denser. Speed hasn't been a problem, either. The thumbdrives support USB 2.0 and my SD card seems to be capable of a very decent data transfer rate.
I have a collection of Windows tools on the drive. Not Linux tools, because I can usually accomplish whatever it is I'm doing in the Linux environments I encounter day to day.
Network Tools:
* Raw TCP/IP transfer -> netcat ( http://www.vulnwatch.org/netcat/ )
* SSH/Telnet -> putty ( http://www.chiark.greenend.org.uk/~sgtatham/putty/ )
* Port Scanner -> SuperScan4 ( http://www.foundstone.com/resources/proddesc/super scan.htm )
* Classic Port Scanner -> nmap ( http://insecure.org/nmap/download.html )
* Packet Capture and Analysis -> WireShark setup ( http://www.wireshark.org/download.html )
Editors:
* General -> vim 7.0 ( http://www.vim.org/download.php )
* Hex Editor -> xvi32 ( http://www.chmaas.handshake.de/delphi/freeware/xvi 32/xvi32.htm#download )
Development:
* Tiny C Compiler ( http://fabrice.bellard.free.fr/tcc/ )
* nasm ( http://sourceforge.net/project/showfiles.php?group _id=6208 )
Misc:
* Lightweight Windows md5sum -> md5summer ( http://www.md5summer.org/download.html )
* Process Explorer ( http://www.sysinternals.com/Utilities/ProcessExplo rer.html )
* MP3 Encoding -> RazorLame with lame ( http://www.dors.de/razorlame/download.php )
* Terminal Emulator -> TeraTerm Pro ( http://hp.vector.co.jp/authors/VA002416/teraterm.h tml )
The folder is 26.7MB. -
Re:All I could get of the article (page 1 and 2)Yes it is
Opera 0.32%
from here
http://www.currybet.net/articles/user_agents/4.php
I prefer it too, seems quicker and more stable than FF. Probably at 0.32% market share it should be a non tempting target too for exploits too. And it's free now, the Google ads in the old versions have been disabled.
Incidentally, even when its told to identify as IE, it still mentions Opera at the end of the user agent string. It's kind of cool really, the old Mozilla would identify as Mozilla. Internet Explorer would identify as
Mozilla X.XX ( compatible; MSIE X.XX; Windows NT X.XX; YY)
where YY is a language code, e.g. en for English
So now Opera identifies as
Mozilla X.XX ( compatible; MSIE X.XX; Windows NT X.XX; YY) Opera X.XX
i.e. Opera pretending to be IE pretending to be Netscape.
If you use netcat nc -l -p 80 and go to 127.0.0.1 in Opera, you see these headers -GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.50
Host: 127.0.0.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;
q=0.1
Accept-Language: en
Accept-Charset: windows-1252, utf-8, utf-16, iso-8859-1;q=0.6, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Connection: Keep-Alive -
Re:Notable quote
Not just near the president, near anyone who is somehow related to politics: Free speech zones at DNC, for example.
-
Re:please report to the nearest Free Speech Zone
I was "conserned [sic]" about this as well.
-
Re:What was he charged with?
Good points there. There is, however, one other very important reason why the DNC apparently wasn't protested as much as the RNC, perhaps the most important reason:
Democrats kept protestors in a cage called the "Free-Speech Zone" during the DNC. The RNC isn't limiting free speech to a cage.
Republicans were allowed no such convenience since anti-Republican protestors claimed a law prohibits such caging of dissenters. I bet they'd use it if they could. Having all your vocal opposition locked up in a barbed wire cage makes it much less of an annoyance.
Interestingly, google searches of both the web and the news didn't provide any immediate proof that the RNC can't use the cages, or that DNC organizers apparently violated the law that prevents the RNC from using cages. This is the only reference to the issue I found, and it leaves out a lot of info, but it's worth a read. And, anyone in NYC can confirm that, indeed, there are no cages in use as there were at the DNC. At the RNC protesters mostly go wherever they want except for some excluded areas, where at the DNC protestors had to stay in a small caged area. A "free speech zone."
Moreover, the relative ugliness and chaos of the RNC protestors are helping Bush get re-elected, IMHO. When footage of what the "anti-Bush" nuts are shown on the nightly news in middle America, those swing states are more likely to go Bush because they tend to value niceness and fear chaos. Of course, we know the stuff that will be shown don't represent the majority of the anti-Bush people, but when Ma and Pa Jones see the clip I saw last night of the guy holding the Kerry sign punch the Bush-sign guy in the face, they're going to associate Kerry with these nuts, and it will hurt him in the campaign.
So maybe the RNC is glad they're not allowed to cage protestors, so the protestors can run wild and the wildest of them will be on the news holding a Kerry sign while acting like a nincompoop. Hmmm, are they that smart? -
Re:I would have busted him, too...
The Republicans are fascists. I get tired of that old line. Look here. Now tell me your precious Dems are wearing unstained white. For the record, I adhere to neither agenda. They both piss me off these days. I just hate hypocrisy, and seeing as they're all awash in it, I'm pretty sure we're farked no matter who gets the nod.
-
That's because...
.. in Boston, they caged the protesters before they had a chance to do anything... how's that for the freedoms of speech and assembly!
-
New XBOX vulnerability
This vulnerability was posted a couple hours ago on VulnWatch. Here's the summary:
Advisory: XBOX Dashboard local vulnerability
Release Date: 2003/07/04
Last Modified: 2003/07/04
Author: Stefan Esser [se@nopiracy.de]
Application: Microsoft XBOX Dashboard (up to today)
Severity: A vulnerability within the XBOX Dashboard allows to totally compromise the security features of the XBOX.
Risk: Critical
Vendor Status: Vendor is not willing to talk about XBOX vulnerabilities.
-
Vulnwatch
Someone's already done this and it's called VulnWatch.
-
This exploit brought to you by the letters ISS
It is becoming increasingly discouraging when the 'security consultants' are releasing more exploits than any group of crackers ever could. It seems that BugTraq and NTBugTraq are full of more and more exploit traffic by these companies that are supposed to be protecting us from the threats. It looks to me like these companies are actively engaging in the process of breaking software, pointing to the offending buffer, then proclaiming "See! We help you by protecting you from someone who might have discovered this! By the way, here is the code for 'proof of concept' that any moron with gcc can load on his 1337 box for a little Friday night shenanigans!"
When is the security end-user community going to come together and fight this as a united front? Make the repurcussions for releasing exploit code so financially devastating, that companies will tremble in fear of releasing -anything- without following proper disclosure.
Perhaps litigation and financial awards would be a good start. I know eEye should owe me some money for their wonderful disclosure prinicipals last summer.. It was a long weekend rebuilding all our ftp servers.