[Full-disclosure] Using Ajax for better and more convincing scams
Interesting use of Ajax/ Web 2.x by scammers hxxp://scanner.malwarealarm.com/5/scan.php Please replace hxxp by http It detected around 18 infections of Windows Malware on my GNU/ Linux machine for the following and more malware listed in this file: http://scanner.malwarealarm.com/5/fileslist.js And reported the following http://scanner.malwarealarm.com/5/images/popup.gif It was very helpful to offer the following remedies as well http://scanner.malwarealarm.com/5/images/Activex.gif It also detected around 15 open ports, hmmm, throughout my career I never came across that much BS. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UK ISP threatens security researcher
- Dr. Neal Krawetz, PhD <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED BS- All I can utter after reading your post is, "It's so simple to be wise. Just think of something stupid to say and the opposite should have been said." Ummm... the above applies to me as well. Sorry, hope you wont mind, we all act funny sometimes. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS and SQL Injection in Election Commision of India website (now fixed)
Election Commission of India website had XSS and SQL injection vulnerabilities. The vulnerabilities were reported on 2nd of March to ECI and on 4th March to CERT-IN, for the following URL: http://search.eci.gov.in/maps/eci_se2007/detailResult.asp The above script is used to display detailed results of a given constituency. On 9th March 2007 Election Commission of India Fixed (disabled parts of) their website to avoid XSS and SQL injection vulnerabilities after intervention of CERT-IN. Still a bit of usually harmless data insertion is possible. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Keylogger
Gah... What did he say, he finished learning how to program yesterday... - Jeb Osama <[EMAIL PROTECTED]> wrote: > Yesterday I finished programming a keylogger > How nice :) > > , and have decided to sell it > online for a small price. > How very nice :) > > I have posted here because I believe people would > be interested in a hacking tool such as this - keyloggers are the > easiest > and quickest way to obtain an email password. Here are its features: > Cant wait! > > -> Undetectable by ALL antivirus products in use today . > Isnt any new one? Or maybe you do morphine. (and UPX?) > > -> Remains on victim's computer permanently (adds to startup). > My stuff usually lasts no more than 2 days :( > > -> Bypasses Windows Firewall. > Ha > > -> Sends logs via email to your chosen email account. > stupid smtp! > > -> Logs include computer information, current window name, and of > course > logged keystrokes. > stupid GetForegroundWindow, GetAsyncKeyState! > > -> Logs are sent hourly. > stupid Timer > > -> Displays fake error message to user. > This one beats me.. how do you do it? > > My pricing plans are: > > -> $11 = Keylogger. > -> $16 = Keylogger + Source code. > -> +$5 to either for access to all future updates. > What about bug fixes? > > I only accept paypal/credit card. > Base? > Buying this product is simple - simply fill in the template below and > email > it to me at the below address (replace [at] with @): > > richard.williams140 [at] googlemail.com > > wasnt that supposed to be [EMAIL PROTECTED] or were > you trying to obfuscate it? > > > -- > Jeb -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fallacies on Truths in Caller ID scam
Getting back to some very small points here... - J. Oquendo <[EMAIL PROTECTED]> wrote: > So with let's say a vendor getting back to me on a problem I have, let > the company be Dell for this example. Dell has their outsourced vendor > from Ralwapindi India or somewhere in the vicinity call me, my caller > ID shows 1800GO2DELL, in this scenario either way you want to cut it, > Dell is circumventing the "Truth in Caller ID Act". Correction: Rawalpindi is not in India. If the call is from Dell, then does it matter, if the office is in India or Rawalpindi. 1800GO2DELL represents dell. Please read before you speak: http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.05126: And in that case www.talkety.com is doing something similar from Germany (?). And you can misuse their service to have fun making prank calls to people from their own numbers. > Just something for though... ahem.. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Orkut Phishing Attack
Old bug in old bottle This is an often discussed bug in FD - Pranay Kanwar <[EMAIL PROTECTED]> wrote: > orkut is an on line community that connects people through a network > of > trusted friends. > The login url looks like this > > https://www.orkut.com/GLogin.aspx?done=http://www.orkut.com/ > > After successfully logging in the user is redirected to > http://www.orkut.com > The url in the done argument can be changed to redirect to arbitrary > website. > for example > https://www.orkut.com/GLogin.aspx?done=http://www.metaeye.org > after logging in the user will be directed to metaeye.org > -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft product vs Microsoft patch
Ahhh well maybe we are forgetting the actual **for_real_men** technique for patching vulnerabilities and problems that can only be applied to GNU/ Linux like systems. The diff files (aka patch files), applied directly to the source code, can you match their efficiency in terms of bandwidth. Sincerely Ajay Pal Singh Atwal - Valdis Kletnieks <[EMAIL PROTECTED]> wrote: > On Thu, 24 Aug 2006 20:14:03 BST, n3td3v said: > > > I believe for their operating system and their web browser Microsoft > patches > > take up half or all the original size of the Microsoft product. > > So? What's that actually *prove*? > > > I don't have the resources to carry out this study on my own, and I > know > > some folks do have those resources to release such information to > the > > security community. > > > > We need this information to be published professionally so its > suitable for > > media outlet consumption. > > No, you don't. > > Part of the problem is that the size of the "patch" is *highly* > dependent > on the details of the packaging system. If you want to go *that* > route, > you shouldn't hope to *ever* get Linux accepted. Let's take a look at > how > Redhat/Fedora package kernel "patches": > > The original Fedora Core 5 kernel for a single-processor 686: > > -rw-r--r--1 263 263 14070190 Mar 14 23:23 > kernel-2.6.15-1.2054_FC5.i686.rpm > > Updates so far: > > -rw-r--r--1 2220 2220 15433301 Jul 15 00:13 > kernel-2.6.17-1.2157_FC5.i686.rpm > -rw-r--r--1 2220 2220 15442084 Aug 10 14:22 > kernel-2.6.17-1.2174_FC5.i686.rpm > > Oh my *GOD*, the patches are twice the size of the original. And it's > even worse > over on RHEL 4, where they've shipped: > > kernel-2.6.9-5.EL > kernel-2.6.9-5.0.5.EL > kernel-2.6.9-11.EL > kernel-2.6.9-34.EL > kernel-2.6.9-34.0.2.EL > kernel-2.6.9-42.EL > > Plus others I've possibly missed. Size of patches is 5x the size of > the > original. > > Why? Because the RPM format includes a replacement of *all* the files > in the > package (so that it's easily slipstreamed and install the "latest and > greatest"). IBM AIX's "installp" format only ships updated files - > but this > ends up making updates a lot more challenging (it's possible to need > as many as > *4* or even more separate installp files to install a particular > patchlevel of > a product). > > Trying to count the size of the patch also runs astray when you have a > patch > that changes an API (for instance, adding a parameter to a function > call). > Most of the time, this ends up meaning that software tools like 'make' > will > recompile most of the package, even if only 1/5 of the recompiled > files > *really* need it. And trying to trim down the list by hand to find > that 1/5 is > *dangerous*, because if you miss one, you *will* have problems. Given > the > relatively cheap nature of both bandwidth and disk, most software > developers > end up erring on the side of caution. > > The metric you *want* to measure is what percentage of patches are > themselves > defective and require patching. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LOL HY
- darren kirby <[EMAIL PROTECTED]> wrote: > +1 > > The signal/noise ratio here has really gotten unbearable in the last > few > months. We can deal with most undesired mail from repeat posters with > a > filter, but the crapfloods need to be dealt with in a more drastic > fashion. > > -d > -- > darren kirby :: Part of the problem since 1976 Sounds like **drastic** search for WMD has begun Mr President, with **drastic** efforts to deter childish activities. Hmmm... Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Are consumers being misled by "phishing"?
Here is one phishing site for paypal http://www.yourfreespace.net/users/payal/webscr_cmd=_login-run.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] abnormal behavior Gmail logon
Should'nt the behaviour of a proxy in case of both RST and FIN should be same, i.e always a FIN. As proxy should close the connection **properly** even in case of a failure on the other side. Sincerely Ajay Pal Singh Atwal - David Farinic <[EMAIL PROTECTED]> wrote: > >Servers are supposed to send RST packets when they do that, but not > all > >servers do it, and not all clients recognize those RST packets as > >indicating that the document they just downloaded is incomplete > > Most of the clients do recognize and most web servers do correctly > apply > use of RST and FIN for TCP/IP HTTP connection ending. > > Problem is that some (most?)Proxy servers (nontransparent and > probably > also transparent) DO NOT. > > I tested 4 different proxy servers if they pass RST to client's > browser > when original web server sent RST. All sent FIN instead of RST :(. (I > Did this test as I found other web apps. problems resulting from this > proxy behavior) > > If anybody knows proxy which behaves 'correctly,' pls let me know. > > > Regards David Farinic > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
