Re: [Full-disclosure] Moderated?

[Glenn Hamblin]

Maybe I'm way off base here, (I'm sure you'll let me know) but if you 
don't even bother
opening the full-disclosure folder, How did you find something so 
offensive in it??
Kinda like I never watch porn but I'm totally offended by the 
#$%@&^%$#$@ stuff!


Pretty curious to me.

Well dude(s) and(dudet?(s)?) Maybe if this list was being sponsored 
by or somehow
funded by you. I suppose perhaps you could have stock raving mad and 
angry "opinions"
about what is said or isn't said on the "Un-Moderated" "Full 
Disclosure" list(s). But, until or
unless this is true. Either don't read stuff you don't want to (DUH) 
or delete stuff you don't
like (Or don't want to hear??) and shut up. Or unsubscribe. Why 
continue subscribing to a
list when "fuck i dont even bother opening my full-disclosure folder 
". Double DUH!!


No Flaming intended and I apologize if it's taken wrong. It just 
seems obvious to me.


--Glenn





;)On Fri, Sep 09, 2005 at 10:11:43PM +1200, VeNoMouS said something 
to the effect of:

> Nah I'm sorry,  But I gotta agree with Enrico, this list has way to many
> kids on it now, fuck i dont even bother opening my full-disclosure folder
 ...snip...
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.19/94 - Release Date: 9/9/2005


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] IE SP2 MHTML way to local intranet

[Alex Smith]

Simple http redirection
http://www.mssx.ws/mhtml_localintranet.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Revised paper on "ICMP attacks against TCP"

[Fernando Gont]

At 04:08 p.m. 05/09/2005, alex wrote:


Russian version (22.08.2005, with some analysis):

http://www.securitylab.ru/contest/239695.php


IIRC, those Cisco products that are not vulnerable to the PMTU just don't 
implement PMTUD, right?


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit

[Berend-Jan Wever]

(Just a little heads up, no details or PoC attached)
 
The security vulnerability in Mozilla FireFox reported by Tom Ferris is exploitable on Windows.
I developed a working exploit that seems to be 100% stable, though I've only tested it on one system.
The exploit will not be released publicly untill patches are out.
 
On a side note: it took only about 3 hours and 30 minutes to develop the exploit, so I might not be the only one able to write it.
 
Cheers,
SkyLined-- Berend-Jan Wever <[EMAIL PROTECTED]>http://www.edup.tudelft.nl/~bjwever
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] multilinks.com security contact ?

[Aditya Deshmukh]

One of domains is getting a *very* high number of 419 spams from an address
delegated to multilinks.com.

Where do I send the spam reports ? I have already send everything to
spamcop.net but that has not stopped anything yet 



Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow

[Roberto Gomez Bolaños]

And how exactly do you propose to "leave out the details and PoC" when the presence of the bug and the steps taken to fix it can not be concelaed from public view given that the source code and the entire CVS entries are freely available for anyone to browse?
Mozilla users are getting the consideration they deserve. They deserve to know what code they are running whenver the feel like doing so and to know what the mozilla team is doing with the code. That's probably one of the reasons why they run Firefox in the first place (but not necesarily the only or more important one).
The proposal for obscurity serves well closed-source innitiatives and development processes that have limited or no public visibility but it fails in the presence of OSS. The "responsible disclosure" advocates act as if Linux,*BSD,Mozilla and a zillion other open source projects did not exist in reality.
Perhaps what was needed was to report the IE and SP2 vulnerabilities in a similar fashion and not the opposite, but alas the reported probably did not want the MSRC meat-grinding PR machinery going after him.
Two interesting points: 1) It took several minutes and more browsing elsewhere (in Bugzilla) beforemy browser blew up after testing the POC.2) When you reported a "Windows XP SP2 IE 6.0 Vulnerability"
(http://security-protocols.com/modules.php?name=News&file=article&sid=2891)and a "Windows XP SP2 Remote Kernel DoS"
(http://security-protocols.com/modules.php?name=News&file=article&sid=2783)you left the details of the bug and the POC out. Personally, I generally
approve of that, but why don't Mozilla users deserve as much consideration?Larry SeltzereWEEK.com Security Center Editorhttp://security.eweek.com/
http://blog.ziffdavis.com/seltzerContributing Editor, PC Magazine
[EMAIL PROTECTED] 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Revised paper on "ICMP attacks against TCP"

[Florian Weimer]

* Fernando Gont:

> IIRC, those Cisco products that are not vulnerable to the PMTU just don't 
> implement PMTUD, right?

You can explicitly enable PMTUD if you want ("ip tcp
path-mtu-discovery").  It's recommended to reduce CPU overhead for
processing BGP message (no kidding, apparently it id make a difference
in the past).
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] multilinks.com security contact ?

[Lee Quinton]

Go here also,

http://www.spamhaus.org/
_ 
Lee Quinton, CISSP.
Key:  0x2F6DF7B4
FP:   E841 44EA F7AC E53D 3577 A5EF AA83 65BC 2F6D F7B4
On 9/10/05, Aditya Deshmukh <[EMAIL PROTECTED]> wrote:
One of domains is getting a *very* high number of 419 spams from an addressdelegated to 
multilinks.com.Where do I send the spam reports ? I have already send everything tospamcop.net but that has not stopped anything yet
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)___
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - 
http://secunia.com/-- 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow

[Larry Seltzer]

>>And how exactly do you propose to "leave out the details and PoC" when the
presence of the bug and the steps taken to fix it can not be concelaed from
public view given that the source code and the entire CVS entries are freely
available for anyone to browse?

You really don't think it woudl slow them down?

>>The proposal for obscurity serves well closed-source innitiatives and
development processes that have limited or no public visibility but it fails
in the presence of OSS. The "responsible disclosure" advocates act as if
Linux,*BSD,Mozilla and a zillion other open source projects did not exist in
reality.

The Mozilla team obviously disagrees with you, since they do try to hide
unresolved security problems, at least until (as in this case) the beans get
spilled in some other way.


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit

[Przemyslaw Frasunek]

Berend-Jan Wever napisał(a):
> The security vulnerability in Mozilla FireFox reported by Tom Ferris is
> exploitable on Windows.

It's also easly exploitable on Linux -- no problems with jumping to arbitrary
address:

(gdb) x/i $eip
0x867926c <_ZN16nsTypedSelection5ClearEP14nsIPresContext+2236>:
call   *0x4(%eax)
(gdb) info reg eax
eax0x61616161   1633771873

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE *
* JID: [EMAIL PROTECTED] ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Drama: Venomous and his F-D folder

[n3td3v]

"My full-disclosure folder"

Venomous, you're full of yourself. By trying to isolate yourself from
"kids" makes you more guilty of being directly involved in the "kid
scene" of the security community. You're already known to be a regular
of such channels as "#hackphreak" and others. Enough said.

You open your "Full-Disclosure folder" every minute of everyday,
infact I doubt it rarely gets closed. Script kids who try and justify
themselves as not being one is funny to watch. Lets get real, you're
no hacker.

Venomous will be "walking" from this list I suspect when "the kids"
get a half term Holiday from College/university. More bullshit.

No one is walking, no one cares about the immature shit, you and
others class as "the kids". Everyone is happy with the way this list
is. Final thought, this thread is a random bitch about nothing.

Do you think because "the kids" are at school, they don't have
internet access? This thread, no credibility.

Speaking of kids Venomous, I heard you run porn sites where you try
and attract female script kids from IRC to post their naked pictures
on, half of those females barely looked the age to be on a porn site.
You haven't been seen on "#hackphreak" since. Explain to F-D your
actions in regard to your underage IRC porn ventures or STFU on F-D.

I have more ammo to post on your internet activities later.

Have a nice day,

n3td3v
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Revised paper on "ICMP attacks against TCP"

[Łukasz Bromirski]

Florian Weimer wrote:

IIRC, those Cisco products that are not vulnerable to the PMTU just don't 
implement PMTUD, right?

You can explicitly enable PMTUD if you want ("ip tcp
path-mtu-discovery").  It's recommended to reduce CPU overhead for
processing BGP message (no kidding, apparently it id make a difference
in the past).


It's still making a difference and not only on Cisco products. When
You have MTU sized down to 576 it's quite harder to push full BGP
table fast. When MTU is 1500, or something around that, you're just
synchronizing faster, because You may pack more information in one
packet.

There's a bunch of presentations freely available that show performance
of BGP sessions with various network-level tweaks.

--
this space was intentionally left blank|Łukasz Bromirski
you can insert your favourite quote here   |lukasz:bromirski,net
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Drama: Venomous and his F-D folder

[str0ke]

n3td3v,

Its funny how you pick 1 person out of the bunch that complained on the
list.

Your child porn blah is kind of funny since VeNoMouS used to host
Condemned.org, I would hope you know what condemned.org is since your
webpage states you have Extensive on hands hacker scene experience (6+
years) (Knowing your enemy). lmfao

Shit if you dont like VeNoMouS send him a private email no one cares about
your little ego trip you have going on.  Just because you joined a board

(http://forum.crime-research.org/profile.php?mode=viewprofile&u=8)

and think you are a private eye now.

And then you stated, "I have more ammo to post on your internet activities
later.".  Who gives a flying shit.

VeNoMouS is full of himself, look in the mirror.

/str0ke

On 9/10/05, n3td3v <[EMAIL PROTECTED]> wrote:
> "My full-disclosure folder"
>
> Venomous, you're full of yourself. By trying to isolate yourself from
> "kids" makes you more guilty of being directly involved in the "kid
> scene" of the security community. You're already known to be a regular
> of such channels as "#hackphreak" and others. Enough said.
>
> You open your "Full-Disclosure folder" every minute of everyday,
> infact I doubt it rarely gets closed. Script kids who try and justify
> themselves as not being one is funny to watch. Lets get real, you're
> no hacker.
>
> Venomous will be "walking" from this list I suspect when "the kids"
> get a half term Holiday from College/university. More bullshit.
>
> No one is walking, no one cares about the immature shit, you and
> others class as "the kids". Everyone is happy with the way this list
> is. Final thought, this thread is a random bitch about nothing.
>
> Do you think because "the kids" are at school, they don't have
> internet access? This thread, no credibility.
>
> Speaking of kids Venomous, I heard you run porn sites where you try
> and attract female script kids from IRC to post their naked pictures
> on, half of those females barely looked the age to be on a porn site.
> You haven't been seen on "#hackphreak" since. Explain to F-D your
> actions in regard to your underage IRC porn ventures or STFU on F-D.
>
> I have more ammo to post on your internet activities later.
>
> Have a nice day,
>
> n3td3v
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Drama: Venomous and his F-D folder

[n3td3v]

The n3td3v alias is purely a rants and random bullshit ID.

The fuller picture is out there, somewhere.

On 9/10/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> n3td3v,
>   Just because you joined a board
> 
> (http://forum.crime-research.org/profile.php?mode=viewprofile&u=8)

> /str0ke

-- 
http://www.geocities.com/n3td3v
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV

[security curmudgeon]

Hi Jerome,

: It is possible to remotely view the source code of web script files 
: though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be 
: vulnerable. The web script file must be on a FAT or a FAT32 volume, web 
: scripts located on a NTFS are not vulnerable.
: 
: The information has been provided by Inge Henriksen 
: . The original article can 
: be found at: 
: 
http://ingehenriksen.blogspot.com/2005/09/iis-51-allows-for-remote-viewing-of.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0778

IIS 5.0 allows remote attackers to obtain source code for .ASP files and 
other scripts via an HTTP GET request with a "Translate: f" header, aka 
the "Specialized Header" vulnerability. 

--

This appears to be the same issue?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit

[Paul]

Skylined, is there anything that you can't 
exploit? ;-)
 
On a side note, an article quoting Ferris saying 
that "Microsoft takes too long to patch stuff so that's why I'm going public" 
recently was slashdotted (regarding a vulnerability he found in Internet 
Explorer). Now he goes public with this thing. Does he think that Mozilla and 
Microsoft have the lengthy patch process in common, or is he just being 
hypocritical, something that I have found to be quite common among anti-MS 
zealots.
 
Paul
Formerly of Greyhats Security
http://greyhatsecurity.org

  - Original Message - 
  From: 
  Berend-Jan Wever 
  To: full-disclosure@lists.grok.org.uk 
  ; bugtraq@securityfocus.com ; [EMAIL PROTECTED] 
  Sent: Saturday, September 10, 2005 6:52 
  AM
  Subject: [Full-disclosure] Mozilla 
  Firefox "Host:" Buffer Overflow Exploit
  
  (Just a little heads up, no details or PoC attached)
   
  The security vulnerability in Mozilla FireFox reported by Tom Ferris is 
  exploitable on Windows.
  I developed a working exploit that seems to be 100% stable, though I've 
  only tested it on one system.
  The exploit will not be released publicly untill patches are 
  out.
   
  On a side note: it took only about 3 hours and 30 minutes to develop the 
  exploit, so I might not be the only one able to write it.
   
  Cheers,
  SkyLined-- Berend-Jan Wever <[EMAIL PROTECTED]>http://www.edup.tudelft.nl/~bjwever 
  
  
  

  ___Full-Disclosure - We 
  believe in it.Charter: 
  http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored 
  by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/