Re: [Full-disclosure] (no subject)
In most case there are keyboards attached to computers, they provide an excellent opportunity for providing content to your mails. On 2012-11-15 13:02, mohit tyagi wrote: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploit Pack - New video - Ultimate 2.1
This is Juan Sacco's new spam puppet. He just posted the same thing using his real name elsewhere. nore...@exploitpack.com skrev: Exploit Pack - New video! Release - Ultimate 2.1 Check it out! http://www.youtube.com/watch?v=4TrsFry13TU Exploit Pack Team http://exploitpack.com _ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
have the clipboard disabled... On 01/25/2012 08:44 AM, Peter Osterberg wrote: I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
I could never lower myself to your level so I guess you win On 01/25/2012 10:32 AM, GloW - XD wrote: you are seriously more retarded than even the n3td3v+me+you together...damn army..! On 25 January 2012 19:29, Peter Osterberg j...@vel.nu wrote: Wasn't the original thread originally about VNC? On 01/25/2012 09:27 AM, GloW - XD wrote: derp, do you know what KVM IP is ? readup on how that relays ;) thats that. XD On 25 January 2012 18:44, Peter Osterberg j...@vel.nu wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. And you wouldn't be allowed to use copypaste while you edit sensitive documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 01/25/2012 10:54 AM, Mario Vilas wrote: The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. That may very well be true. I am not trying to debate that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OP5 Monitor - Multiple Vulnerabilities
Link to full advisory: http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf Vendor's official statement: http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ Remote root command execution (non-authenticated) = CVSS: 10 CVE: CVE-2012-0261 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0261 OSVDB: http://osvdb.org/show/osvdb/78064 Secunia: http://secunia.com/advisories/47417/ Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 Remote root command execution (non-authenticated) = CVSS: 10 CVE: CVE-2012-0262 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0262 OSVDB: http://osvdb.org/show/osvdb/78065 Secunia: http://secunia.com/advisories/47417/ Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 Credentials leaked in detailed error message (authenticated) CVSS: 1.4 CVE: CVE-2012-0263 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0263 Versions: 5.3.5, 5.4.0, 5.4.2 Poor session management in the web application (non-authenticated) == CVSS: 4.7 CVE: CVE-2012-0264 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0264 Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [New Security Tool] INSECT Pro 2.6.1 release
I think he should keep advertising here and drag his customers here as well so they can see how well respect he and his tool are by the security industry geeks that rant him here. It's also fun to read about his customers on his own site, they are just making fools of themselves for admitting to having bought his crap. I wouldn't even consider spending a dime on it just to try it. Makes me wonder if his customers have granted that he uses their names as references. I very much doubt that he even cares judging from how little he respect this lists opinion about him spamming here. Sadly he isn't a high profile target, otherwise lulsec could take him down... /stained hat -= Glowing Sex =- skrev 2011-06-23 11:16: Woahh... nicely picked mate... Then, they dare to then market it, (with or even withut that guys lib), i mean pros would have theyre OWn lib if they were that serious...also, somany bugs in theyre own website picked out by a...@papsy.net http://papsy.net.. i think FD just 'opened' theyre whole setup to being disclosed nice and openly, the truth will come as always does.. It is silly to assume that, the people on FD are stupid... this is the leetest group of ppl aqnywhere,simple..and you can keep ya hats. I guess thats what happens when ya force an item there is not even a valid downloadable demo, and now seems even more shifty as a product, because, it would have to have the Lic of the other guy listed as the package,or it is lisence fraud, wich i am sure the owner of the lib will...learn of this soon... but, what a really ssucks of a company!! i mean, the person spams to here, cant that be moderated ? seriously... Is bad enough he is prolly even gonna sell from this list, specially on here, because now, even more, people will be buying it to dissect it, (wish someone would sling me a copy for sure...id be happy to handle a few files to dissect) maybe if it was in an advisory, or better yet, i dont know why Adam, did not continue to fuzz it, and just find the REMOTE hole we would all love to see ;) , wich you seemed close to doin...would have put that up them... they simply neede to cc people, or some other such crap, and they will have nonstop forever spammage on FD... Why doesnt FD mods, make some FD m,ods, wich find and search for strings, im not talking about just some av bs,spam assasin bs, im talking somethin simple, wich just finds strings and blocks...this way, could just inseert some well known spam names, and nomatter what mailer, it is blocked..or make an addon for spamassis... i guess i have not installed qmail/s.assassin and sq-mail since the old FreeBSD v5.2.1 rocks-project package... but id be happy to setup and play around with some addon that would block this kind of mail from getting thru the mailer at box level.. kinda would be nice.. I dont keepup with mail systems, but i have a relative who works in mailenable.com http://mailenable.com ,i could get it pushed onto some servers if some such app or addon is made, for mailers as a whole, or as an addon... but, it would still fundamentally be the same code behind it..string-based searching, slower,but on cron.d and done at right times,then it wont hurt to bad :) About smartest thing ive said since i botched (yes i bothced my PoC for that silly backspace bug, and it exists! But, i botched that because i should have grabbed the proper Po,wich does cause some funky emails...but, is done with backspace,and it relatively still new... but i will get to it...it is documented here on my hd, i just will makesure to do better next time, and fix that b4 posting, but, i can take that crap, what i dislike is trolling thats rude... anyhow ppls...). thats enough on either story! xd no 'fd list' bonuses/discounts or demos, just straight-out spam (no anchors) yo! On 23 June 2011 16:51, Sergio 'shadown' Alvarez shad...@gmail.com mailto:shad...@gmail.com wrote: Juan, I've seen you are using Michal Zalewski's skipfish as engine, isn't it a license violation? Cheers, Sergio On Jun 23, 2011, at 3:16 AM, Juan Sacco wrote: Test your network security and audit your website using the same tools as hackers. INSECT Pro 2.6.1 is available for purchase right now worldwide through PayPal! * Run Faster: You not only want to make great security testing, you want a nice performance * Load Better: Major graphical interface and optimizations features * Module Search: Ever wondered where that module? We have a built-in search feature for you * Improvements, and Changes As always, we've added a lot of other features and optimizations * The latest exploits found in the wild We are always trying to be one step ahead of the competition, take a visual tour of some of INSECT Pro most popular features and discover INSECT Pro today! Start here:
Re: [Full-disclosure] [Security Tool] INSECT Pro 2.6.1 is here
Juan Sacco skrev 2011-05-31 04:39: We are always trying to be one step ahead of the competition, take a visual tour of some of INSECT Pro most popular features and discover why INSECT Pro has become a leader in security software and solutions around the globe. WTF? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sony: No firewall and no patches
I would also love to follow the discussion phocean skrev 2011-05-11 11:22: It doesn't sound good to me and maybe other people here. I am interested too even if I have followed it passively so far. So why going private? On Wed, 11 May 2011 00:35:41 +, Dobbins, Roland wrote: On May 11, 2011, at 7:18 AM, Thor (Hammer of God) wrote: Let's take it offline - you can share back with the group if you feel it valuable. Sounds good to me, thanks much! --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com The basis of optimism is sheer terror. -- Oscar Wilde ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] psnhack - playstation network hack
In Sweden they did that 14 days after they got hacked, and at the same time informed us that we should pay attention to weird things happening on our bank accounts... LOL, it's fucking lame to come out with that warning 14 days after it happened... Quite obvious that they wanted to bury the whole thing... Thor (Hammer of God) skrev 2011-04-30 19:13: Not that it really matters, but Sony has also directly contacted its PSN customers to inform them of the breach. They've actually suspended PSN transactions and even logging on to PSN during their incident response. t *From:*full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Benji *Sent:* Saturday, April 30, 2011 4:25 AM *To:* Cal Leeming *Cc:* full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] psnhack - playstation network hack Actually Carl, those IRC chats have been pasted more than the link to Google, so if you havent seen them yet, clearly arent reading the right things. On Sat, Apr 30, 2011 at 12:17 PM, Cal Leeming c...@foxwhisper.co.uk mailto:c...@foxwhisper.co.uk wrote: Benji, I think your usual piss taking isn't really appropriate on this occasion. The OP has posted links that (for the majority) aren't readily available without knowing what/where to look for (for example, those specific irc chat logs), and was simply trying to share information that others may not yet know. On 30 Apr 2011 01:38, Benji m...@b3nji.com mailto:m...@b3nji.com wrote: wowa when did this happen? whatre all these links? im glad you sent this email as I wouldnt have heard about this without it. On Sat, Apr 30, 2011 at 1:30 AM, satyam pujari satyam...@gmail.com mailto:satyam...@gmail.com wrote: Hello List, qu... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Pangolin spam
Thank me I saved you the seconds it took to Google the link, now all you have to do for yourself is click it and read... http://www.nosec-inc.com/en/products/pangolin/ - Ursprungsmeddelande - Is it nicer / better than sqlmap or have any extra features? On Fri, Apr 29, 2011 at 1:52 PM, TOR fulld...@tor.hu wrote: Did you just harvest emails from Full Disclosure and spam them off-list? That's kind of low. -- Pangolin is on sale on Labor Day Our distinguished customers, Pangolin is on sale now for celebration of Labor Day. This discount is available from Apr 30, 2011 to May 5, 2011. Fast Action Bonus: 1. 10% off 2. Free charge for one-year update service valued up to $300 3. Latest version of Pangolin: Pangolin 3.2.5 Order Now No risks! Full 15 days trial with full function, 30 days money back guarantee! What is Pangolin? Pangolin is an automatic SQL injection penetration testing (pen-testing) tool for website administrator or IT security analyst. Now with Pangolin Injection Digger of pangolin 3.2.5, all SQL Injection Vulnerabilities that may be exploited by hackers will be shown to you, isn't it cool? Know more or take action now: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] password.incleartext.com
I can see how it can be stored securely, but how would distribution after recovery be accomplished? In an envelope? Or by sending me a one-time random https-link where I can retrieve it myself? Sounds like more trouble compared to what can be gained from it. Wouldn't it be just as easy to send a one time password that needs to be changed... Too impracitcal to be implemented in a real-world situation... This is probably why I still wouldn't hesitate to say that it is insecure if it is in clear text. Even though I must give you credit for having shown a way to do it. ;-) I am sure someone will come and beat me with saying that they already did this. :-p Ppl do all sorts of crazy stuff just because they can... Thor (Hammer of God) skrev 2011-04-07 06:27: One way to handle this would be to take the password on signup and both hash it and encrypt it with the recovery key's public key in 2 separate fields (a hash field and an encrypted field). That way you've always got a hash of it for validation even if you lose the keys. Of course, you could still always re-encrypt it to see if the two values matched, but I would probably continue to use the hash for logon validation. The private key would be stored on a completely separate machine/instance which was only used for recovery purposes. There could be any number of ways to validate the actual recovery request, but that way you separate out the encrypted data from any on-machine ability to decrypt it. I wouldn't have the private key in memory on the same box because that makes it trivial to decrypt, but of course it all depends on what problem we are trying to solve. t *From:*Cal Leeming [mailto:c...@foxwhisper.co.uk] *Sent:* Wednesday, April 06, 2011 11:58 AM *To:* Peter Osterberg *Cc:* Thor (Hammer of God); Mario Vilas; Romain Bourdy; full-disclosure; Inc leartext *Subject:* Re: [Full-disclosure] password.incleartext.com Tbh, I'd be unhappy about any company storing a password in anything other than a hash of itself. But, like many things in life, we have absolutely no control over it, so best to just use a new pass for every external service :) On Wed, Apr 6, 2011 at 7:48 PM, Peter Osterberg j...@vel.nu mailto:j...@vel.nu wrote: Security is relative and the pwd might be handled in a secure enough fashion compared to the value of the information it is protecting, even though it is stored in a reversable fashion. But I wouldn't, generally speaking, hesitate to claim that it isn't stored securely if it is reversable. Could you givd an example? - Ursprungsmeddelande - This isn't necessarily true - without knowledge of how the data may be encrypted and what processes are involved in decrypting the data, one can't make the it isn't secure statement. That being said, it is probably safe to argue that sites that do not require PCI, SOX, HIPPA, etc would be less inclined to engage in this level of security. But that doesn't mean that it is not being done. t From: full-disclosure-boun...@lists.grok.org.uk mailto:full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mario Vilas Sent: Wednesday, April 06, 2011 9:05 AM To: Romain Bourdy Cc: full-disclosure; Inc leartext Subject: Re: [Full-disclosure] password.incleartext.com http://password.incleartext.com Actually, if they can get the data back (be it because it's stored in plaintext or in obfuscated plaintext) then it's not secure. Obfuscation doesn't make it more secure, or any less plaintext. On Wed, Apr 6, 2011 at 11:01 AM, Romain Bourdy achil...@gmail.com mailto:achil...@gmail.commailto:achil...@gmail.com wrote: Hi Full-Disclosure, Just my two cents but ... the fact they can give your password back doesn't mean it's stored in cleartext, just that it's not hashed but encrypted with some way to get the original data back, this doesn't mean at all it's not secured, even though in most case it's not. -Romain On Wed, Apr 6, 2011 at 1:36 PM, maksim.file...@fuib.com mailto:maksim.file...@fuib.commailto:maksim.file...@fuib.com wrote: Kinda plaintextoffenders.com http://plaintextoffenders.comhttp://plaintextoffenders.com? http://plaintextoffenders.com%3E? wbr, - Max full-disclosure-boun...@lists.grok.org.uk mailto:full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk wrote on 01.04.2011 02:17:24: Inc leartext st...@incleartext.com mailto:st...@incleartext.commailto:st...@incleartext.com Sent by: full-disclosure-boun...@lists.grok.org.uk mailto:full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk 01.04.2011 13:14 To full-disclosure@lists.grok.org.uk mailto:full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk cc Subject [Full-disclosure
Re: [Full-disclosure] password.incleartext.com
Security is relative and the pwd might be handled in a secure enough fashion compared to the value of the information it is protecting, even though it is stored in a reversable fashion. But I wouldn't, generally speaking, hesitate to claim that it isn't stored securely if it is reversable. Could you givd an example? - Ursprungsmeddelande - This isn't necessarily true - without knowledge of how the data may be encrypted and what processes are involved in decrypting the data, one can't make the it isn't secure statement. That being said, it is probably safe to argue that sites that do not require PCI, SOX, HIPPA, etc would be less inclined to engage in this level of security. But that doesn't mean that it is not being done. t From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mario Vilas Sent: Wednesday, April 06, 2011 9:05 AM To: Romain Bourdy Cc: full-disclosure; Inc leartext Subject: Re: [Full-disclosure] password.incleartext.com Actually, if they can get the data back (be it because it's stored in plaintext or in obfuscated plaintext) then it's not secure. Obfuscation doesn't make it more secure, or any less plaintext. On Wed, Apr 6, 2011 at 11:01 AM, Romain Bourdy achil...@gmail.commailto:achil...@gmail.com wrote: Hi Full-Disclosure, Just my two cents but ... the fact they can give your password back doesn't mean it's stored in cleartext, just that it's not hashed but encrypted with some way to get the original data back, this doesn't mean at all it's not secured, even though in most case it's not. -Romain On Wed, Apr 6, 2011 at 1:36 PM, maksim.file...@fuib.commailto:maksim.file...@fuib.com wrote: Kinda plaintextoffenders.comhttp://plaintextoffenders.com? wbr, - Max full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk wrote on 01.04.2011 02:17:24: Inc leartext st...@incleartext.commailto:st...@incleartext.com Sent by: full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk 01.04.2011 13:14 To full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk cc Subject [Full-disclosure] password.incleartext.comhttp://password.incleartext.com Hi FD, Just launched a new website to keep a list of websites storing passwords in clear text, so far the database is small but feel free to add some: http://password.incleartext.com/ Cheers, Inc Leartext___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- My daughter was asked by a little old lady in a London hotel restaurant what her daddy did - she answered, 'He's a pirate.' I was very proud of that answer. - Johnny Depp ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Launched New Tool - RAR Password Unlocker
That made my morning laugh! =) Andrew Farmer skrev 2011-03-30 00:22: Yes, but... well, JAD does a better job of explaining than I possibly could: Runtime rt = Runtime.getRuntime(); String str = 7z.exe x ; str = str + \ + _filepath + \ ; str = str + -p\ + pwd + \ ; str = str + -o\ + _destpath + \; str = str + -y; System.out.println(str); Process p = rt.exec(str); p.waitFor(); if (p.exitValue() == 0) { ret = true; } ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] nuclear plants reach software quality levels
Interesting...! Does that mean that there is a 100 percent risk of the same tsunami over 500 years? Is there a cycle? When was the last one? Risk would be a lot higher than 10 percent if it was, say, 300 years since the last tsunami Haven't dug at all into it, this is just a very spontaneous thought... Georgi Guninski skrev 2011-03-30 12:50: quote The research paper concluded that there was a roughly 10 percent chance that a tsunami could test or overrun the defenses of the Fukushima Daiichi nuclear power plant within a 50-year span based on the most conservative assumptions. But Tokyo Electric did nothing to change its safety planning based on that study, which was presented at a nuclear engineering conference in Miami in July 2007. [1] /quote on top of it their measuring devices overflowed: quote Those levels may be higher still, but authorities say 1,000 millisieverts is the upper limit of their measuring devices. [2] /quote [1] http://www.reuters.com/article/2011/03/29/us-japa-nuclear-risks-idUSTRE72S2UA20110329 [2] http://online.wsj.com/article/SB10001424052748704471904576229854179642220.html# ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] nuclear plants reach software quality levels
I know what you are trying to say about, but I don't agree with your math if this is a cyclic event that has a 500 year cycle. Risk will increase the closer you get to when it's supposed to happen. There are of course no such thing as cyclic events in a Casino. It's supposed.to be purely random. Unless you play rigged slot machines. -- Skickat från min Android-telefon med K-9 E-post. Ursäkta min fåordighet. Graham Gower graham.go...@gmail.com skrev: On 30 March 2011 21:53, Peter Osterberg j...@vel.nu wrote: Risk would be a lot higher than 10 percent if it was, say, 300 years since the last tsunami Time to go back to school. Or, perhaps you'd like to come play at my casino... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] is warning about SCADA security
Someone should go ahead and make one of those leetspeak generators, that instead generates musntlive-speak. That'd be awesome, or even better a decoder... This looks interesting but I can't translate it. Someone willing to pick it up for a Google summer code project? 15 /\/\U57 7|-|4|\|| j00Z On Thu, 24 Mar 2011 09:21:51 -0400, Григорий Братислава musntl...@gmail.com wrote: hello full disclosure is like to warn you about SCADA software. is SCADA software must run on computers and is must power machines you is rely on for daily life. is example of SCADA is electric system. in is SCADA we has connection : SCADA machine : gear : power is make sense for SCADA HMI send data to SCADA machine and is SCADA machine is tell gear 'you is gear and is you must perform'. Gear is perform and all is has power for Pravda.ru is reason for SCADA is many for to run life we need is SCADA. in is this week we has guinea whiny researcher who is blackmail company 'i find bug you is pay me' and is researcher told 'go to hell skripk1dd1e' by ZDI and is other white collar vulnerability syndicate crime organization we is confuse and call vulnerability brokers. skriptk1dd1e [luigi] is publish vulnerability and is put life in dangerous place. is not reason for this post. is reason for this post is theo is otherwise known as g...@cvs.openbsd.org is theo is dangerous whiner. for to is you not think like theo is you will not go forward. is go forward as in living a single live is no one want to marry you. is example theo to boyfriend (is no proof is theo ever is has girl): Dragos is you think OpenSSH is best in world? dragos to theo: is think random seed is not random is till PRNG is use theo to dragos: no! is you speak foolish. is you not use your brain like me. is why you not theo, and is why you not know what you talk about. i hate you and is i hate the world dragos to theo: [smooch] i is love you theo theo to dragos: is no one understand me. is people not has my brain is no worth living theo to dragos: [walking out the door of is Sugar Daddy's on Davie Street in Vancouver] dragos i is leave you gun shoot yourself. i is not can live in misery of is world not on my level is now i present new security award to is luigi and theo. is call: honorable is security researcher is feel free to is print the award is you two has earn it http://bit.ly/9Uk2v5 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] is warning about SCADA security
So you volunteer then? :-p I had a pretty good grip until I got to this part, then I lost it completely. theo to boyfriend (is no proof is theo ever is has girl): Dragos is you think OpenSSH is best in world? dragos to theo: is think random seed is not random is till PRNG is use theo to dragos: no! is you speak foolish. is you not use your brain like me. is why you not theo, and is why you not know what you talk about. i hate you and is i hate the world dragos to theo: [smooch] i is love you theo theo to dragos: is no one understand me. is people not has my brain is no worth living theo to dragos: [walking out the door of is Sugar Daddy's on Davie Street in Vancouver] dragos i is leave you gun shoot yourself. i is not can live in misery of is world not on my level It is however insanely entertaining to try to comprehend it... Maybe I should pick up Deathworld 2 then and come back and try to read it again... On Thu, 24 Mar 2011 14:34:28 +, Thor (Hammer of God) t...@hammerofgod.com wrote: It actually makes more sense if you read it like you would Harry Harrison's Deathworld 2. It works for me anyway... t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Peter Osterberg Sent: Thursday, March 24, 2011 6:31 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] is warning about SCADA security Someone should go ahead and make one of those leetspeak generators, that instead generates musntlive-speak. That'd be awesome, or even better a decoder... This looks interesting but I can't translate it. Someone willing to pick it up for a Google summer code project? 15 /\/\U57 7|-|4|\|| j00Z On Thu, 24 Mar 2011 09:21:51 -0400, Григорий Братислава musntl...@gmail.com wrote: hello full disclosure is like to warn you about SCADA software. is SCADA software must run on computers and is must power machines you is rely on for daily life. is example of SCADA is electric system. in is SCADA we has connection : SCADA machine : gear : power is make sense for SCADA HMI send data to SCADA machine and is SCADA machine is tell gear 'you is gear and is you must perform'. Gear is perform and all is has power for Pravda.ru is reason for SCADA is many for to run life we need is SCADA. in is this week we has guinea whiny researcher who is blackmail company 'i find bug you is pay me' and is researcher told 'go to hell skripk1dd1e' by ZDI and is other white collar vulnerability syndicate crime organization we is confuse and call vulnerability brokers. skriptk1dd1e [luigi] is publish vulnerability and is put life in dangerous place. is not reason for this post. is reason for this post is theo is otherwise known as g...@cvs.openbsd.org is theo is dangerous whiner. for to is you not think like theo is you will not go forward. is go forward as in living a single live is no one want to marry you. is example theo to boyfriend (is no proof is theo ever is has girl): Dragos is you think OpenSSH is best in world? dragos to theo: is think random seed is not random is till PRNG is use theo to dragos: no! is you speak foolish. is you not use your brain like me. is why you not theo, and is why you not know what you talk about. i hate you and is i hate the world dragos to theo: [smooch] i is love you theo theo to dragos: is no one understand me. is people not has my brain is no worth living theo to dragos: [walking out the door of is Sugar Daddy's on Davie Street in Vancouver] dragos i is leave you gun shoot yourself. i is not can live in misery of is world not on my level is now i present new security award to is luigi and theo. is call: honorable is security researcher is feel free to is print the award is you two has earn it http://bit.ly/9Uk2v5 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open Letter to Lee Vartan, Assistant United States Attorney in regards to the Goatse Security iPad case.
Please don't turn this mail list into something about religion. I couldn't care less about religion, and this is certainly not a religious mail list. I would be on a different list if that was something I cared about. 2010-11-18 20:46, Andrew Auernheimer skrev: Coderman, Everything I do is in service to Christ. I believe it is the opposite: if you truly believe in the life and actions of Christ and you follow his word in completeness, you will soon find yourself persecuted by the Pharisees that run the world. Following Christ and avoiding government sanction are utterly incompatible in this brave new world we live in. Who wants to bow to a lifeless, cold Jesus That all of the preachers have painted their way They hold their revivals, yet worship their idols Serve God in title but to mammon they slave. But the Jesus that I know stood up to rival And calls His disciples to come do the same. On Thu, Nov 18, 2010 at 1:10 PM, coderman coder...@gmail.com wrote: On Wed, Nov 17, 2010 at 11:16 PM, Andrew Auernheimer glutt...@gmail.com wrote: ... Inspired by a sermon I heard at a Mormon stake conference,... lol, wut? maybe if the word of wisdom inspired you more you wouldn't be under fed heaters. can't imagine this thread taking a more surreal, off-topic tangent, but surely weev will deliver! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/