Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product

To: Jason Coombs <jasonc@xxxxxxxxxxx>
Subject: Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
From: "Jay D. Dyson" <jdyson@xxxxxxxxxxxxx>
Date: Thu, 18 Aug 2005 11:34:43 -0700 (PDT)
Cc: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, info@xxxxxxxxxxxxxxx, support@xxxxxxxxxxxxxxx, security@xxxxxxxxxxxxxxx, postmaster@xxxxxxxxxxxxxxx, webmaster@xxxxxxxxxxxxxxx
In-reply-to: <1215857159-1124378678-cardhu_blackberry.rim.net-17408-@engine111>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Treachery Unlimited - http://www.treachery.net/
References: <1215857159-1124378678-cardhu_blackberry.rim.net-17408-@engine111>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 18 Aug 2005, Jason Coombs wrote:

Furthermore, the use of an IP address that is outside of the RFC 1918private subnet address range appears very irresponsible.

Especially considering that the IP address is within a Wells FargoBank class B netblock. It just gets curiouser and curiouser.


- -Jay

   (    (                                                      _______
   ))   ))  .-"There's always time for a good cup of coffee"-.  >====<--.
 C|~~|C|~~| \----- Jay D. Dyson -- jdyson@xxxxxxxxxxxxx -----/ |    = |-'
  `--' `--'  `- Pros built the Titanic; amateurs, the Ark. -'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFDBNTIxzN3WIW0edsRAuxAAJ9rg3C0L0WJGkQURqEGlsSyGqaiZgCeMe8E
neg0tBh1SQkhiIakZDYdq1I=
=87Lh
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
  - From: Zow

References:
- Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
  - From: Jason Coombs

Prev by Date: PHPFreeNews V1.40 and prior Multiple Vulnerabilities
Next by Date: DevC++ V.4.9.9.2 NULL BYTE INSERTION / OBFUSCATION FLAW (by rgod)
Previous by thread: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
Next by thread: Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
Index(es):
- Date
- Thread