Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Is www.sco.com hacked?

from [Elia Florio] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Is www.sco.com hacked?
Date: Mon, 29 Nov 2004 15:56:08 +0200 
There are these two JPG files on www.sco.com :

(the good one)
http://www.sco.com/images/landing_pages_new/webinar_land2.jpg

(the supposed hacked one)
http://www.sco.com/images/landing_pages_new/webinar_land2-1.jpg

These are the JFIF headers of the images:

(the good one)
0100  FF D8 FF E0 00 10 4A 46-49 46 00 01 02 01 00 48   ......JFIF.....H
0110  00 48 00 00 FF E1 0C 22-45 78 69 66 00 00 4D 4D   .H....."Exif..MM
0120  00 2A 00 00 00 08 00 07-01 12 00 03 00 00 00 01   .*..............
0130  00 01 00 00 01 1A 00 05-00 00 00 01 00 00 00 62   ...............b
0140  01 1B 00 05 00 00 00 01-00 00 00 6A 01 28 00 03   ...........j.(..
0150  00 00 00 01 00 02 00 00-01 31 00 02 00 00 00 14   .........1......

(the supposed hacked one)
0100  FF D8 FF E0 00 10 4A 46-49 46 00 01 02 00 00 64   ......JFIF.....d
0110  00 64 00 00 FF EC 00 11-44 75 63 6B 79 00 01 00   .d......Ducky...
0120  04 00 00 00 3C 00 00 FF-EE 00 0E 41 64 6F 62 65   ....<......Adobe
0130  00 64 C0 00 00 00 01 FF-DB 00 84 00 06 04 04 04   .d..............
0140  05 04 06 05 05 06 09 06-05 06 09 0B 08 06 06 08   ................
0150  0B 0C 0A 0A 0B 0A 0A 0C-10 0C 0C 0C 0C 0C 0C 10   ................

....mmmm I remember the "Ducky Adobe" strings in the
crafted JPEGs of GDI+ bugs.....maybe just a coincidence?

EF

________________________________________________
Messaggio inviato da
Edizioni Master Webmail
http://mbox.edmaster.it

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Is www.sco.com hacked?, Danny
Next by Date:  Re: [Full-Disclosure] Is www.sco.com hacked?, adf--at--Code511.com
Previous by Thread:  RE: [Full-Disclosure] Is www.sco.com hacked?, Randal, Phil
Next by Thread:  Re: [Full-Disclosure] Is www.sco.com hacked?, dk
Indexes:  [Date] [Thread] [Top] [All Lists]