Re: [Full-disclosure] Third issue of the Zone-H Comics
On Tue, 27 Sep 2005, str0ke wrote: > If we were to say zone-h sucks then we would also state that attrition > does since they did the exact thing. (which attrition doesn't suck). Just in case anyone else needed to do the same. str0ke, which did you mean? [dictionary.com] attrition Audio pronunciation of "attrition" ( P ) Pronunciation Key (uh-trshn)n. 1. A rubbing away or wearing down by friction. 2. A gradual diminution in number or strength because of constant stress. 3. A gradual, natural reduction in membership or personnel, as through retirement, resignation, or death. 4. Repentance for sin motivated by fear of punishment rather than by love of God. > > /str0ke > > On 9/27/05, Richard Horsman <[EMAIL PROTECTED]> wrote: > > n3td3v, > > > > I would compare zone-h more to a newspaper than a terrorists site. > > Newspapers report what is happening in the world whether it's good news > > or bad news. Zone-h brings news about defacements and other security > > related issues, it does not encourage defacements. > > > > Richh > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > > Sent: 27 September 2005 17:10 > > To: full-disclosure@lists.grok.org.uk > > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > > > Hi, > > > > I have reviewed your site and it sucks. > > > > Looks like you're trying to encourage the activity of webpage > > defacement and bringing celebrity status to those who can deface/ > > submit the most defacements. > > > > You make it look legal by saying the site is useful for research, but > > really, we all know it encourages the malicious kids who submit to the > > site. I don't know why the security services in the U.S haven't closed > > you down. > > > > Your site is in comparison to asking terrorist bombers to post suicide > > bombing videos to a website and asking you to look at it. The only > > difference here is, Zone-H is about cyber terrorism, rather than > > terrorism in the real world. > > > > Do the U.S security services take cyber terrorism as seriously as real > > world terrorism? And if they do, Why is Zone-H still online? > > > > A journalist should ask that question at Bush's next news conference. > > > > Also: > > Are Zone-H admins about to expand the website to allow for suicide > > bombing video's, or is that different from the cyber terrorism that > > your site currently supports. And if you don't support cyber > > terrorism, then why is Zone-H online and why are you an admin of > > Zone-H.org > > > > Thats all for now, > > > > Thanks, > > n3td3v > > > > > > On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > > > Hello, > > > http://www.zone-h.org > > > Gerardo 'Astharot' Di Giacomo - Zone-H Admin > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > ** > > NEW: Sec-1 Hacking Training - Learn to breach network security to further > > your knowledge and protect your network > > http://www.sec-1.com/applied_hacking_course.html > > ** > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: in-line coax monitoring device
Good morning! On Tue, 27 Sep 2005 14:34:09 +0100 "Dave Korn" <[EMAIL PROTECTED]> wrote: > >>> Äîáðûé âå÷åð...looking for an in-line coax monitoring device that > >>> will give me the ability to monitor/capture and decode all traffic > > Even simpler: it's the T-shaped BNC coax adapter you use to connect > > a PC to the coax network. > > No it isn't. Do you really think it's possible to broadcast two > hundred channels of video plus supply broadband IP [...] Ah! Vocabulary mixup - so you were talking about a "Cable-TV" type of connection instead of 10base-2/5! Well, then indeed it is more complicated than grabbing into the mothball box... ;-) Does "decode all traffic" include the video part or just the IP packets? Best ask the IP access provider as there are a number of different IP access technologies in use, some using encryption (of varying quality). Bye Volker -- Volker Tangerhttp://www.wyae.de/volker.tanger/ -- [EMAIL PROTECTED]PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
> Not if the U.S security services decide to have a "war on > cyber terror sites". > > > On 9/27/05, str0ke <[EMAIL PROTECTED]> wrote: > > KF is right on the dot. There will always be a defacement site. > > Where is this going ? By your (netdev's) logic: we should shut down all the defacement sites because they promote cracking. Is this not the same as Saying : shut down the newspapers because the newpapers ( or any mass media ) promote terrorism, because they solict newitems. Look at what we will have without free media - something like the great (fire) wall of C* ! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
> SUICIDE bombers...typically DEAD. Tough to solicit videos from > them, and rather pointless to keep a top ten list as > they...well...can't exactly do it again. Now the real entertainment begins Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
On Tue, 27 Sep 2005, Bernhard Mueller wrote: > Exibar wrote: > > I didn't mean to imply that the consultants create their own exploits, > > not many I know could even begin to do that, only a couple are talented > > enough to do just that. Even for those very few, it's just not feasable > > from a time perspective. Much quick and cost effective to use what's out > > there. > > > > so what use is a pentest if the consultant isn't even talented enough to > find / create exploits for unknown vulnerabilities? > any average admin can install and run an automatic security scanner. > furthermore, a common nessus report contains 99% useless garbage. and > most of the time, you can not apply generic exploits like these from > metasploit to a specific customer situation. It should also be noted that many security flaws in Customer networks are in design and therefore implementation. The real issue comes down to client-side security. Most pentests are are trivial after an attack from Eve, even if the first person she emails in the organization sees through it ... X-From: Eve From: Bob Hi Alice! Can you get me a quote for the parts we need in the attached spreadsheet? Thank you! -Bob <> --Eric ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: in-line coax monitoring device
On Tue, 27 Sep 2005, Dave Korn wrote: > > "Dave Korn" <[EMAIL PROTECTED]> wrote: > >>> From: Alex Krycek > >> > >>> ?? ?...looking for an in-line coax monitoring device that > >>> will give me the ability to monitor/capture and decode all traffic > >> > >> The device you are looking for does exist. It's called a "cable > >> modem". > > > > Even simpler: it's the T-shaped BNC coax adapter you use to connect a PC > > to the coax network. > > No it isn't. Do you really think it's possible to broadcast two hundred > channels of video plus supply broadband IP access to a couple of hundred > people over a single 10Mb/s 10-BASE-T ethernet line of the kind that has > been obsolete for the best part of a decade? Yeah, that and BNC is much different than RG58 ... > > That's not an ethernet on that wire. > > cheers, > DaveK > -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On Tue, 27 Sep 2005 17:31:32 CDT, Todd Towles said: > Do you think they still do the pizza thing? I bet that all those > starbucks in downtown D.C. are the new intel meter. As I said, "all else is clueful application" - you pass the test. :) pgpOR0Fpwp1gW.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
That will do nicely Dominique Davis aka Mister Mojo PivX Solutions, Inc. #23 Corporate Plaza Suite 280 Newport Beach, CA. 92660 (949) 999-1635 Office (949) 903-6523 Cell www.pivx.com Ticker Symbol: pivx -Original Message- From: Todd Towles [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 3:32 PM To: [EMAIL PROTECTED]; Dominique Davis Cc: full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Third issue of the Zone-H Comics Do you think they still do the pizza thing? I bet that all those starbucks in downtown D.C. are the new intel meter. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of [EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 5:25 PM > To: Dominique Davis > Cc: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > On Tue, 27 Sep 2005 12:50:04 PDT, Dominique Davis said: > > Seven years huh ok that's pretty impressive.. > > What exactly constitutes corporate intelligence I have always been > > interested in the topic but never seem to be abel to find > anyone who > > can properly explain the concept and how the shadowy world of > > corporate intelligence works as it applies to Large scary > corporations > > like yahoo and googel. > > Homework assignment 1: Find out who Eric Schmidt is, and why > he's mad at CNet. > > Homework assignment 2: What is a "Pentagon Pizza", and why is > it important? > > That's all you need to know about corporate intelligence. > All else is the clueful application of the 2 above assignments. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
Do you think they still do the pizza thing? I bet that all those starbucks in downtown D.C. are the new intel meter. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of [EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 5:25 PM > To: Dominique Davis > Cc: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > On Tue, 27 Sep 2005 12:50:04 PDT, Dominique Davis said: > > Seven years huh ok that's pretty impressive.. > > What exactly constitutes corporate intelligence I have always been > > interested in the topic but never seem to be abel to find > anyone who > > can properly explain the concept and how the shadowy world of > > corporate intelligence works as it applies to Large scary > corporations > > like yahoo and googel. > > Homework assignment 1: Find out who Eric Schmidt is, and why > he's mad at CNet. > > Homework assignment 2: What is a "Pentagon Pizza", and why is > it important? > > That's all you need to know about corporate intelligence. > All else is the clueful application of the 2 above assignments. > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On Tue, 27 Sep 2005 12:50:04 PDT, Dominique Davis said: > Seven years huh ok that's pretty impressive.. > What exactly constitutes corporate intelligence I have always been > interested in the topic but never seem to be abel to find anyone who can > properly explain the concept and how the shadowy world of corporate > intelligence works as it applies to Large scary corporations like yahoo > and googel. Homework assignment 1: Find out who Eric Schmidt is, and why he's mad at CNet. Homework assignment 2: What is a "Pentagon Pizza", and why is it important? That's all you need to know about corporate intelligence. All else is the clueful application of the 2 above assignments. pgpMlySTh3Eyr.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On Tue, 27 Sep 2005 15:36:22 EDT, security curmudgeon said: > http://attrition.org/hosted/sexchart/ Puts a whole new meaning to UUCP bang-paths. :) pgpWRVQA9oTYP.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
On Tue, 27 Sep 2005 17:53:58 +0200, Bernhard Mueller said: > so what use is a pentest if the consultant isn't even talented enough to > find / create exploits for unknown vulnerabilities? Quite a bit, actually. Consider every pen test ever done by a consultant who wasn't that talented, but who found and reported *actual* security holes in the target network anyhow. Are you saying all those pentests were worthless? > any average admin can install and run an automatic security scanner. Right. Sometimes, it's just the convenience factor - the fact that I *can* change the oil, spark plugs, and brake pads on a car doesn't mean that I'd *rather* do it myself than pay somebody else $20 to do it for me. Similarly, my servers running Red Hat have software maintenance contracts on them, even though I *could* debug software myself, simply because (a) sometimes it's a trivial bug and I can't be bothered to track it down because I'm busy doing something more interesting that instant or (b) it's a major issue and I don't have the time to get up to speed on all the ins and outs of how a particular RAID controller interacts with a particular kernel driver. And then you get to the place where the consultant can be a value-added: > furthermore, a common nessus report contains 99% useless garbage. and > most of the time, you can not apply generic exploits like these from > metasploit to a specific customer situation. The average admin does *not* have the skills/time needed to sort out the 99% useless garbage. And in the network-wide sense, there are often transitivity problems where D has a known-but-difficult-to-fix hole, but is only reachable from C - and nobody realizes that a minor issue on B can let somebody on A leapfrog to C and then hit D. Found a box once that had at one time a 3rd party package, since removed. The package removal had left a line in /etc/hosts.equiv for *one specific host*, also since departed from the DNS. And the box had a packet filter ruleset to only accept DNS from the "real" DNS servers. (You can see where this is heading, right? :) Well, the admin of the box could see it *once it was pointed out to them*. Didn't mean that they had the time to find it themselves. > in my experience, nearly all sites have some serious security flaws even > if tools like nessus say the contrary. there may be self-coded > applications or software that is not widely known or tested so they're > not found in any vulnerability database. or, if that is not the case, > you may even find new flaws in well-established software. Notice that most home-grown apps have issues - and the people who wrote them are usually unqualified to find them, simply because they have a big blind spot because they're too close - "forest for the trees" time. A fresh set of eyes from outside can help a lot here. And note also that "finding a hole" and "be talented enough to create an exploit" are *totally* distinct. I found a rather nasty rootable hole in Sendmail a while back (read the release notes for 8.10.1 and the relevant manpages for the system linker - that gives enough info to figure out what the bug was). Never did create a working exploit for it - I fooled with it for an afternoon and only got as far as proving that if somebody were to spend more than an afternoon on it, they *could* produce a working exploit. pgpmO7zilJ9cF.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200509-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Vulnerabilities in included PCRE and XML-RPC libraries Date: September 27, 2005 Bugs: #102373 ID: 200509-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis PHP makes use of an affected PCRE library and ships with an affected XML-RPC library and is therefore potentially vulnerable to remote execution of arbitrary code. Background == PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the mod_php module or the CGI version of PHP, or can run stand-alone in a CLI. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-php/php < 4.4.0-r1 *>= 4.3.11-r1 >= 4.4.0-r1 2 dev-php/mod_php < 4.4.0-r2 *>= 4.3.11-r1 >= 4.4.0-r2 3 dev-php/php-cgi < 4.4.0-r2 *>= 4.3.11-r2 >= 4.4.0-r2 --- 3 affected packages on all of their supported architectures. --- Description === PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Impact == An attacker could target a PHP-based web application that would use untrusted data as regular expressions, potentially resulting in the execution of arbitrary code. If web applications make use of the XML-RPC library shipped with PHP, they are also vulnerable to remote execution of arbitrary PHP code. Workaround == There is no known workaround at this time. Resolution == All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php All mod_php users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/mod_php All php-cgi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose dev-php/php-cgi References == [ 1 ] CAN-2005-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 [ 2 ] CAN-2005-2498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 [ 3 ] GLSA 200508-13 http://www.gentoo.org/security/en/glsa/glsa-200508-13.xml [ 4 ] GLSA 200508-17 http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200509-19.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] O-O-O
who says i'm a l33t h4cker like you? wise ass :-*, i never was and never will be one now keep quiet netdeffie, you have mailed enough for one day and so have I n3td3v wrote: If you were a hacker, you wouldn't be looking at the "attending a security conference" but asking yourself, which security conference that could be. Theres a difference. The first thing I thought was ... Which security conference, and how will I go about finding that out. Thats the edge. As soon as you know initial facts, you go and break that down, to find a solution! Plan it on paper or in your head, then come back with your math result. A math doesn't always consist of numbers. Logic and numbers out and in of math is important. The orignal math with numbers you learn at school is just an example of how to use that logic, for everything in life, you must apply the same principle. But "hahaha" your random message is cool. Or something. On 9/27/05, Frank de Wit <[EMAIL PROTECTED]> wrote: it's always amusing, out-of-office, attending a security conference hahaha, he has probably 7 years of experience too :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
http://www.unitedmedia.com/comics/dilbert/archive/index.html All you need to know about the corporate world. Dre On 9/27/05, Dominique Davis <[EMAIL PROTECTED]> wrote: > Seven years huh ok that's pretty impressive.. > What exactly constitutes corporate intelligence I have always been > interested in the topic but never seem to be abel to find anyone who can > properly explain the concept and how the shadowy world of corporate > intelligence works as it applies to Large scary corporations like yahoo > and googel. Perhaps you would care to enlighten me/us? > > Dominique Davis aka Mister Mojo > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: [ISR] - Novell GroupWise Client Integer Overflow
On Tue, Sep 27, 2005 at 10:57:57AM -0300, Francisco Amato wrote: [snip] > .:: DESCRIPTION > > This issue is due to a failure of the application to securely parse the > saved port number of the last authentication store in windows register. > > To reproduce this, we have to modify the default register key of > HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port This is obviously a bug, but why is this a security vulnerability? Does the GroupWise client run with elevated privileges? -- Crist J. Clark | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
Seven years huh ok that's pretty impressive.. What exactly constitutes corporate intelligence I have always been interested in the topic but never seem to be abel to find anyone who can properly explain the concept and how the shadowy world of corporate intelligence works as it applies to Large scary corporations like yahoo and googel. Perhaps you would care to enlighten me/us? Dominique Davis aka Mister Mojo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
Bernhard Mueller wrote: Exibar wrote: I didn't mean to imply that the consultants create their own exploits, not many I know could even begin to do that, only a couple are talented enough to do just that. Even for those very few, it's just not feasable from a time perspective. Much quick and cost effective to use what's out there. so what use is a pentest if the consultant isn't even talented enough to find / create exploits for unknown vulnerabilities? any average admin can install and run an automatic security scanner. furthermore, a common nessus report contains 99% useless garbage. A good pentester will not just hand over a Nessus (or ItsStillShit, CANVAS,..) report. The results of a Nessus scan (as with Nmap, firewalk, document grinding, google searches, *plus* the results of all the manual scouting about that's done) are data that need to be analysed and placed in context by the pentester. A pentester who hands over nothing but an automated report, isn't. A pentester who doesn't bother using Nessus is either extraordinarily good, has a very small target, or is perhaps doing something slightly different. It's important to draw a distinction between an attempt to find *any* way into the target network / plant a flag file / get root on the target system, or whatever, versus an attempt to find as many ways onto the target as possible in the time. Many pentest customers think they want the latter, but get the former. Some people would call this a "vulnerability assessment" rather than a pentest. I guess it depends whether you're joesbaitshop.com or the USAAF Strategic Air Command (nuclear strike group), who were one of the first orgs to use pentest / tiger team methods. \a -- Andrew Simmons Technical Security Consultant MessageLabs __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
I have a pretty good intelligence on whats been going on since 1999 (on a corporate level, since thats my topic). Does Jericho know off by heart right now how to access Google's and Yahoo's internal network? If so, then hats off to the guy! If he doesn't then keep sleeping with your feds and hackers. On 9/27/05, Dominique Davis <[EMAIL PROTECTED]> wrote: >Anyone who runs the site > that has managed to keep a fairly complete record of who has been > sleeping with who since 1996 includeing feds and a bunch of privacy > freaks like hackers > Is a man to be pheared in my book. > > Btw hello to Jericho ltns :) > > Mister Mojo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
Noted :) of all the intel networks and weird radars I have been on over the years that ones the only one with accurate intel and has come the closest to getting me killed :) *Many props* p.s didn't you used to maintain the chart? I must be getting old Dominique Davis aka Mister Mojo PivX Solutions, Inc. #23 Corporate Plaza Suite 280 Newport Beach, CA. 92660 (949) 999-1635 Office (949) 903-6523 Cell www.pivx.com Ticker Symbol: pivx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of security curmudgeon Sent: Tuesday, September 27, 2005 12:36 PM To: full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Third issue of the Zone-H Comics : Nahh if it comes to world domination my money is on Jericho Forget the : defacement archive that's easy..Anyone who runs the site that has : managed to keep a fairly complete record of who has been sleeping with : who since 1996 includeing feds and a bunch of privacy freaks like : hackers Is a man to be pheared in my book. hah, the Hacker SexChart is maintained by Lish. She is 'the man' =) http://attrition.org/hosted/sexchart/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] O-O-O
Oh I see what you mean so logically n3td3v == d0uch3b4g Thanks for the math lesson! -KF n3td3v wrote: A math doesn't always consist of numbers. Logic and numbers out and in of math is important. The orignal math with numbers you learn at school is just an example of how to use that logic, for everything in life, you must apply the same principle. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
: Nahh if it comes to world domination my money is on Jericho Forget the : defacement archive that's easy..Anyone who runs the site that has : managed to keep a fairly complete record of who has been sleeping with : who since 1996 includeing feds and a bunch of privacy freaks like : hackers Is a man to be pheared in my book. hah, the Hacker SexChart is maintained by Lish. She is 'the man' =) http://attrition.org/hosted/sexchart/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
Nahh if it comes to world domination my money is on Jericho Forget the defacement archive that's easy..Anyone who runs the site that has managed to keep a fairly complete record of who has been sleeping with who since 1996 includeing feds and a bunch of privacy freaks like hackers Is a man to be pheared in my book. Btw hello to Jericho ltns :) Mister Mojo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: Tuesday, September 27, 2005 12:06 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics Hey, you know too much about me. ;-) On 9/27/05, Andre Ludwig <[EMAIL PROTECTED]> wrote: > I figured it out.. > > N3td3v is trying to throw the SVR/GRU off his trail by acting like a > whitehat(e) while he concocts his diabolical plan for world domination > by releasing a multi vector aim/yahoo/msn 0day worm. > > n3t don't worry your secret is safe with me! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] O-O-O
If you were a hacker, you wouldn't be looking at the "attending a security conference" but asking yourself, which security conference that could be. Theres a difference. The first thing I thought was ... Which security conference, and how will I go about finding that out. Thats the edge. As soon as you know initial facts, you go and break that down, to find a solution! Plan it on paper or in your head, then come back with your math result. A math doesn't always consist of numbers. Logic and numbers out and in of math is important. The orignal math with numbers you learn at school is just an example of how to use that logic, for everything in life, you must apply the same principle. But "hahaha" your random message is cool. Or something. On 9/27/05, Frank de Wit <[EMAIL PROTECTED]> wrote: > it's always amusing, out-of-office, attending a security conference > hahaha, he has probably 7 years of experience too :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
I know all because my real name is John Titor, and i was sent from the future. Timetravel_0 On 9/27/05, n3td3v <[EMAIL PROTECTED]> wrote: > Hey, you know too much about me. ;-) > > On 9/27/05, Andre Ludwig <[EMAIL PROTECTED]> wrote: > > I figured it out.. > > > > N3td3v is trying to throw the SVR/GRU off his trail by acting like a > > whitehat(e) while he concocts his diabolical plan for world domination > > by releasing a multi vector aim/yahoo/msn 0day worm. > > > > n3t don't worry your secret is safe with me! > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Hey, you know too much about me. ;-) On 9/27/05, Andre Ludwig <[EMAIL PROTECTED]> wrote: > I figured it out.. > > N3td3v is trying to throw the SVR/GRU off his trail by acting like a > whitehat(e) while he concocts his diabolical plan for world domination > by releasing a multi vector aim/yahoo/msn 0day worm. > > n3t don't worry your secret is safe with me! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
1 pt for the red corner... (or do you fancy another color n3t?) While this has been a rather amusing thread i am afraid this will be my last pointless post in it. I know, i know my legions of adoring fans will now roam the streets with a complete lack of direction and general hatred for mankind. But fear not ye faithful for some time in the future i will be back haunting and running amok again. Lets face it nothing anyone here is going to (or can do) will remove zone-h or a similar site from doing what they do. I mean where else would i get my daily dose of l33t pakistani speak? Dre On 9/27/05, n3td3v <[EMAIL PROTECTED]> wrote: > Zone-H is not a mirror. A mirror doesn't ask for its reflection. > Zone-H is reflecting its self, and nothing else. > > > On 9/27/05, security curmudgeon <[EMAIL PROTECTED]> wrote: > > As KF and str0ke said, there will always be a defacement mirror. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] O-O-O
it's always amusing, out-of-office, attending a security conference hahaha, he has probably 7 years of experience too :-) ring ring ring this is the http://www.citco.com/ Amsterdam office speaking, can I help you? yes, my name is Kevin Burtch, i am your security administrator at the ICT-dept in Ireland hahaha, no, my name is not Kevin Mitnick, Kevin Burtsch is my name i have a question, a virus is found on your computer, we received a mailnotification a few seconds ago i need your password to remove the virus remotely from your pc what do you say? september2005? ok, thank you wait please wait, one moment, this one's tricky... ok, the virus is removed now, wow can you please reboot your pc now? no, you don't need to thank me, the pleasure is mine, it's my job to serve & protect have a nice day m'am Original Message Subject: Out of Office AutoReply: [Full-disclosure] Third issue of the Zon e-H Comics Date: Tue, 27 Sep 2005 14:37:13 -0400 From: Burtch, Kevin (Citco) <[EMAIL PROTECTED]> I am currently attending a security conference. I will be back in the office October 3rd. Thank you, Kevin Burtch ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
I figured it out.. N3td3v is trying to throw the SVR/GRU off his trail by acting like a whitehat(e) while he concocts his diabolical plan for world domination by releasing a multi vector aim/yahoo/msn 0day worm. n3t don't worry your secret is safe with me! "Opps i did it again" http://tinyurl.com/b8cz5 n3td3v, just chill out a bit man you are coming off as the tinfoil type.. Dre On 9/27/05, bkfsec <[EMAIL PROTECTED]> wrote: > J. Oquendo wrote: > > >To offer single sided right winged Hitlerish views of his personal Nirvana > >of what security should be knowing little about it. > > > > > Hahahaha... too true. > > >I recall when Attrition was in their "Heyday" and some issues they ran > >into archiving defaced sites. I also take note of the dual edged sword > >regarding displaying defacements. Take into account the actions (or > >alleged actions) of John Vranesevich former kiddiot at AntiOnline now on > >the UnEmploymentLine or wherever he is. It was alleged he ended up paying > >his kiddiotic friends to deface sites so he could whore a story. This can > >be corroborated by others who've been around for some time. > > > > > > > Yep... and there have been scandals, as I recall, in the past where the > news either angled for a position in a major disaster or actually > orchestrated an attack in process... (anyone remember the issue with the > L.A. riots and that person in the truck who got attacked?) > > But, should we then throw the baby out with the bathwater and ban the > news? Of course not... > > >Agencies in the US only take note when its to their benefit. I could track > >down some of these idiots within minutes. Agencies only do so when it > >suits their agendas. "Gee we need more money in our budget. I know, let's > >go arrest little hax0r_X_f00_f00_f00 and implement a cybersecurity > >department in our town!" > > > > > Yep... well, virtually everything is a cost-benefit ratio in this > world. Aside from that, though, people would still deface sites > regardless of whether there was an archive site up. The primary motive > for the defacement is often the initially hit of defacement itself. > > Frankly, what's a bigger issue than general defacement is when the > kiddies put spyware or trojans on the defaced site > > > > >Likely because his profile indicates he is trying to speak outside of his > >experience range. He seems to be trying to fish for an angle... "If I say > >this people with think I'm jolly krad!". > > > Hahaha... I haven't seen the word "krad" used in a long time... it's > funny, these kiddies try to act all |<-rad |<001 31334 but they lose the > lingo in their focus on the idiotic lettering... it's like wannabes > failing at being wannabes. > > >Of all the posts I've read concerning this matter he seems to be stuck on > >clueless trying to get a > >shoe on which won't fit. Instead of waisting his time rambling on about > >the political aspects of "security" he should be perhaps getting a clue on > >it before sticking his foot down his throat. > > > > > Agreed. > > -bkfsec > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Zone-H is not a mirror. A mirror doesn't ask for its reflection. Zone-H is reflecting its self, and nothing else. On 9/27/05, security curmudgeon <[EMAIL PROTECTED]> wrote: > As KF and str0ke said, there will always be a defacement mirror. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
J. Oquendo wrote: To offer single sided right winged Hitlerish views of his personal Nirvana of what security should be knowing little about it. Hahahaha... too true. I recall when Attrition was in their "Heyday" and some issues they ran into archiving defaced sites. I also take note of the dual edged sword regarding displaying defacements. Take into account the actions (or alleged actions) of John Vranesevich former kiddiot at AntiOnline now on the UnEmploymentLine or wherever he is. It was alleged he ended up paying his kiddiotic friends to deface sites so he could whore a story. This can be corroborated by others who've been around for some time. Yep... and there have been scandals, as I recall, in the past where the news either angled for a position in a major disaster or actually orchestrated an attack in process... (anyone remember the issue with the L.A. riots and that person in the truck who got attacked?) But, should we then throw the baby out with the bathwater and ban the news? Of course not... Agencies in the US only take note when its to their benefit. I could track down some of these idiots within minutes. Agencies only do so when it suits their agendas. "Gee we need more money in our budget. I know, let's go arrest little hax0r_X_f00_f00_f00 and implement a cybersecurity department in our town!" Yep... well, virtually everything is a cost-benefit ratio in this world. Aside from that, though, people would still deface sites regardless of whether there was an archive site up. The primary motive for the defacement is often the initially hit of defacement itself. Frankly, what's a bigger issue than general defacement is when the kiddies put spyware or trojans on the defaced site Likely because his profile indicates he is trying to speak outside of his experience range. He seems to be trying to fish for an angle... "If I say this people with think I'm jolly krad!". Hahaha... I haven't seen the word "krad" used in a long time... it's funny, these kiddies try to act all |<-rad |<001 31334 but they lose the lingo in their focus on the idiotic lettering... it's like wannabes failing at being wannabes. Of all the posts I've read concerning this matter he seems to be stuck on clueless trying to get a shoe on which won't fit. Instead of waisting his time rambling on about the political aspects of "security" he should be perhaps getting a clue on it before sticking his foot down his throat. Agreed. -bkfsec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISR] - Novell GroupWise Client Integer Overflow
|| || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 09.27.2005 || .:: SUMMARY Novell GroupWise Client Integer Overflow Version: GroupWise 6.5.3, It is suspected that all previous versions of Groupwise Client are vulnerable. .:: BACKGROUND GroupWise Client is Novell's premier Intranet/Internet GroupWare solution for platform Windows. More info:http://www.novell.com .:: DESCRIPTION This issue is due to a failure of the application to securely parse the saved port number of the last authentication store in windows register. To reproduce this, we have to modify the default register key of HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port For example, set the value (). Then, when we open the application client and the client get the port information occur the integer overflow. EAX C71C71C7 ECX 01F6ADC0 ASCII "10.1.1.1" EDX 01F6ADC0 ASCII "10.1.1.1" EBX ESP 0012E9DC EBP 0012E9EC ESI EDI EIP 52080AB3 gwenv1.52080AB3 C 0 ES 0023 32bit 0() P 0 CS 001B 32bit 0() A 1 SS 0023 32bit 0() Z 0 DS 0023 32bit 0() S 1 FS 0038 32bit 7FFDE000(FFF) T 0 GS NULL D 0 O 0 LastErr ERROR_SUCCESS () EFL 00010292 (NO,NB,NE,A,S,PO,L,LE) ST0 empty -NAN FFFCFEFC FFFCFEFC ST1 empty -??? ST2 empty -??? 00FE00FB 00FD00FB ST3 empty -??? 00FE00FB 00FD00FB ST4 empty -NAN FFFCFEFC FFFCFEFC ST5 empty -??? 00FF00FC 00FE00FC ST6 empty -??? ST7 empty 256.0 3 2 1 0 E S P U O Z D I FST Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) FCW 027F Prec NEAR,53 Mask1 1 1 1 1 1 Asm code line: 52080AB3 66:8B00 MOV AX,WORD PTR DS:[EAX] .:: VENDOR RESPONSE Vendor advisory: http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType= kc&externalId=10098814html&sliceId=&dialogID=717171 Vendor patch: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972191.htm .:: DISCLOSURE TIMELINE 07/28/2005 Initial vendor notification 07/28/2005 Initial vendor response notify research 08/07/2005 Second vendor response 09/27/2005 Coordinated public disclosure .:: CREDIT Francisco Amato is credited with discovering this vulnerability. famato][at][infobyte][dot][com][dot][ar .:: LEGAL NOTICES Copyright (c) 2005 by [ISR] Infobyte Security Research. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Infobyte Security Research Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from infobyte com ar Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. AdmID:9A5975E8104E554B34240086E6314274 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
: Not if the U.S security services decide to have a "war on cyber terror : sites". You aren't from the US are you? The idea that "U.S security services" can arbitrarily shut down a site outside the US, and that the FBI or anyone else *would* shut down a site, even in the US is a bit silly. Almost as silly as thinking defacing or defacement mirrors are "cyber terrorism" under any definition of the word. When the attrition mirror was being maintained, our #1 visitors were security companies and law enforcement. The FBI (and other agencies) used our mirror to track computer crime, and eventually figured out they could subpoena us for records that potentially helped their investigation. They knew that some defacers would not clean the logs of systems they attacked, and they knew that the defacers would view their work on our site, as well as contact us directly (often from hotmail, with x-originating-ip) giving them a nice trail back to the person who comitted the crime. So, one subpoena, conviction in a box practically. You think the FBI would close that kind of resource? As KF and str0ke said, there will always be a defacement mirror. There was one before Attrition, several during, and several since. Instead of deciding they should all be shut down for whatever reason, you should be calling for the mirrors to act as professionally and ethically as possible. If you question this comment or can't figure out what would distinguish defacement mirrors in this way, then do a little reading on the topic for background. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
7 years? wow, i'm impressed NOT n3td3v wrote: n3td3v = 7 years of experience, so far. On 9/27/05, J. Oquendo <[EMAIL PROTECTED]> wrote: the political aspects of "security" he should be perhaps getting a clue on it before sticking his foot down his throat. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
24 - 7 equals 17. I don't think owning a computer equals security experience, do you? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > Sent: Tuesday, September 27, 2005 1:24 PM > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > While politics of security -is- important. I also have a > close relationship with research and engineering within > communities. Your comments are less-than-researched in full, > with respect of who I am and what my common values are. > > You probably judge people on this list alot. > > n3td3v = 7 years of experience, so far. > > > > > On 9/27/05, J. Oquendo <[EMAIL PROTECTED]> wrote: > > the political aspects of "security" he should be perhaps getting a > > clue on it before sticking his foot down his throat. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
N3td3v worte: >I'm sure the feds have ways of detecting cyber terrorism, without the help of public sites like Zone-H. And if they don't, why? Agreed, so what are you complaining about again? You first post was about how it was evil and how the government needs to do something about it. Then you say they don't need the help of Zone-H. Doesn't your "security group" have exploits on it? I guess we need to call the feds about that. Since you are giving script kiddies the stuff they need to do "terrorism". We better close packetstorm and eEye and CERT, since they conduct research on attacks and a thousand other things. N3td3v, you know that information is dual use. Some use it for good and some use it for bad. Information is netural. Zone-H does provide research data. It doesn't do the facements and the defacemnts would happen without Zone-H. Except that you and I wouldn't know about 90% of them. So if you care to not know about them, then don't get to the site. But big compaines and the government do go to the site... > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > Sent: Tuesday, September 27, 2005 12:39 PM > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > Why hasn't a big company like Symantec bought Zone-H then, if > its such a good service? Like Symantec did for Securityfocus > and stuff. > > I mean its not like the real hackers don't brag about the > vulnerabilities and exploits they discover, is it? > > You would think a big company like Symantec would want to own > Zone-H, since thats where the malicious side of > Securityfocus's Bugtraq is reported. > > I'm sure the feds have ways of detecting cyber terrorism, > without the help of public sites like Zone-H. And if they don't, why? > > On 9/27/05, Andre Ludwig <[EMAIL PROTECTED]> wrote: > > > > Zone-h does much more of a service then you would think at first > > glance. Just think of all those feds pouring over that site > > collecting evidence and building profiles of groups. > > > > Let the kiddies continue to brag, it makes those poor "i just did > > learnded computors" cops have some easy fruit to pick. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On 9/27/05, Ken Pfeil <[EMAIL PROTECTED]> wrote: > Since when does a website defacement classify as "cyber terrorism"? Name > one person that has ever lost their life as a result of a website > defacement. I am not sure that we can know that. A site may be defaced in a way that is not "advertised" - as in the case of zone-h postings - and it could affect the actions of an individual or group such that it brings them harm. For example changing an informational web site so that a danger is not listed or is listed incorrectly. There appear to be two points being made here: 1) Is it effective to provide a space to advertise defacements? 2) What is an methodology that can be employed to "capture" statistics on exploit code in common usage? There, of course, are more salient points, but those seem to me to be the ones pertinent here. -e 8<.snip.>8 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
While politics of security -is- important. I also have a close relationship with research and engineering within communities. Your comments are less-than-researched in full, with respect of who I am and what my common values are. You probably judge people on this list alot. n3td3v = 7 years of experience, so far. On 9/27/05, J. Oquendo <[EMAIL PROTECTED]> wrote: > the political aspects of "security" he should be perhaps getting a clue on > it before sticking his foot down his throat. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISR] - Novell GroupWise Client Integer Overflow
|| || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 09.27.2005 || .:: SUMMARY Novell GroupWise Client Integer Overflow Version: GroupWise 6.5.3, It is suspected that all previous versions of Groupwise Client are vulnerable. .:: BACKGROUND GroupWise Client is Novell's premier Intranet/Internet GroupWare solution for platform Windows. More info:http://www.novell.com .:: DESCRIPTION This issue is due to a failure of the application to securely parse the saved port number of the last authentication store in windows register. To reproduce this, we have to modify the default register key of HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port For example, set the value (). Then, when we open the application client and the client get the port information occur the integer overflow. EAX C71C71C7 ECX 01F6ADC0 ASCII "10.1.1.1" EDX 01F6ADC0 ASCII "10.1.1.1" EBX ESP 0012E9DC EBP 0012E9EC ESI EDI EIP 52080AB3 gwenv1.52080AB3 C 0 ES 0023 32bit 0() P 0 CS 001B 32bit 0() A 1 SS 0023 32bit 0() Z 0 DS 0023 32bit 0() S 1 FS 0038 32bit 7FFDE000(FFF) T 0 GS NULL D 0 O 0 LastErr ERROR_SUCCESS () EFL 00010292 (NO,NB,NE,A,S,PO,L,LE) ST0 empty -NAN FFFCFEFC FFFCFEFC ST1 empty -??? ST2 empty -??? 00FE00FB 00FD00FB ST3 empty -??? 00FE00FB 00FD00FB ST4 empty -NAN FFFCFEFC FFFCFEFC ST5 empty -??? 00FF00FC 00FE00FC ST6 empty -??? ST7 empty 256.0 3 2 1 0 E S P U O Z D I FST Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) FCW 027F Prec NEAR,53 Mask1 1 1 1 1 1 Asm code line: 52080AB3 66:8B00 MOV AX,WORD PTR DS:[EAX] .:: VENDOR RESPONSE Vendor advisory: http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType= kc&externalId=10098814html&sliceId=&dialogID=717171 Vendor patch: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972191.htm .:: DISCLOSURE TIMELINE 07/28/2005 Initial vendor notification 07/28/2005 Initial vendor response notify research 08/07/2005 Second vendor response 09/27/2005 Coordinated public disclosure .:: CREDIT Francisco Amato is credited with discovering this vulnerability. famato][at][infobyte][dot][com][dot][ar .:: LEGAL NOTICES Copyright (c) 2005 by [ISR] Infobyte Security Research. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Infobyte Security Research Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from infobyte com ar Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. AdmID:9A5975E8104E554B34240086E6314274 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
If it doesn't cause REAL WORLD chaos, destruction, panic, harm, etc it is nothing more then vandalism. That is my take at least.. Dre On 9/27/05, n3td3v <[EMAIL PROTECTED]> wrote: > Who do you class as a cyber terrorist then? > > The real hackers on Securityfocus's Bugtraq or script kids who use > that information with malicious intent? > > > On 9/27/05, Ken Pfeil <[EMAIL PROTECTED]> wrote: > > Since when does a website defacement classify as "cyber terrorism"? Name > > one person that has ever lost their life as a result of a website > > defacement. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Its because baby Jesus, the green midget, and the robot warriors from the planet theton all wont let the evil borg (symantec) buy out zone-h. Something to do with the second rising of the martian god nebulionias in the 14th phase of recognition. Don't know much more then that about the deal as my contacts on the inside have all been re programmed or destroyed. And last i checked Zone-h didn't report on anything near as interesting as isc or other more "attack monitoring" services/groups. Like i said let the kiddies have their little corner of the playground. It keeps all the lower rungs of the fed world busy. Look i don't disagree with you when you boil it down.. I just see an added layer of value (or two or three) of having such a central location for the tards to piss on the walls. That as well as i don't see defacement's as the second coming of jeebus or the fall of modern civilization. Oh and i dont see any posts or news articles about how Jedediah plans to build the first self replicating nano bots or any other l33t ideas or sploits.. Again just my halfbraind op... Dre On 9/27/05, n3td3v <[EMAIL PROTECTED]> wrote: > Why hasn't a big company like Symantec bought Zone-H then, if its such > a good service? Like Symantec did for Securityfocus and stuff. > > I mean its not like the real hackers don't brag about the > vulnerabilities and exploits they discover, is it? > > You would think a big company like Symantec would want to own Zone-H, > since thats where the malicious side of Securityfocus's Bugtraq is > reported. > > I'm sure the feds have ways of detecting cyber terrorism, without the > help of public sites like Zone-H. And if they don't, why? > > On 9/27/05, Andre Ludwig <[EMAIL PROTECTED]> wrote: > > > > Zone-h does much more of a service then you would think at first > > glance. Just think of all those feds pouring over that site > > collecting evidence and building profiles of groups. > > > > Let the kiddies continue to brag, it makes those poor "i just did > > learnded computors" cops have some easy fruit to pick. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On Tue, 27 Sep 2005, bkfsec wrote: > n3td3v wrote: > > Why are you on the Full Disclosure mailing list again? To offer single sided right winged Hitlerish views of his personal Nirvana of what security should be knowing little about it. > You do realize that the concept of Full Disclosure includes analyzing > defacement sites and that there is, in fact, a legitimate reason to have > that archive available, right? I recall when Attrition was in their "Heyday" and some issues they ran into archiving defaced sites. I also take note of the dual edged sword regarding displaying defacements. Take into account the actions (or alleged actions) of John Vranesevich former kiddiot at AntiOnline now on the UnEmploymentLine or wherever he is. It was alleged he ended up paying his kiddiotic friends to deface sites so he could whore a story. This can be corroborated by others who've been around for some time. > If the Secret Service or the FBI or whoever were to commit "war" on this > type of act, the next thing is crime dramas, books on criminal activity > and history, and other such materials. Agencies in the US only take note when its to their benefit. I could track down some of these idiots within minutes. Agencies only do so when it suits their agendas. "Gee we need more money in our budget. I know, let's go arrest little hax0r_X_f00_f00_f00 and implement a cybersecurity department in our town!" > Why do you, n3td3v, hate freedom? Why do you, like so many unthinking > people, personally rail against your own best interests? Do you > honestly believe that site defacements would just go away if archive > sites didn't exist? Please... spare us that line of (un)thought. > >-bkfsec Likely because his profile indicates he is trying to speak outside of his experience range. He seems to be trying to fish for an angle... "If I say this people with think I'm jolly krad!". Of all the posts I've read concerning this matter he seems to be stuck on clueless trying to get a shoe on which won't fit. Instead of waisting his time rambling on about the political aspects of "security" he should be perhaps getting a clue on it before sticking his foot down his throat. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 "Just one more time for the sake of sanity tell me why explain the gravity that drove you to this..." Assemblage ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Who do you class as a cyber terrorist then? The real hackers on Securityfocus's Bugtraq or script kids who use that information with malicious intent? On 9/27/05, Ken Pfeil <[EMAIL PROTECTED]> wrote: > Since when does a website defacement classify as "cyber terrorism"? Name > one person that has ever lost their life as a result of a website > defacement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Why hasn't a big company like Symantec bought Zone-H then, if its such a good service? Like Symantec did for Securityfocus and stuff. I mean its not like the real hackers don't brag about the vulnerabilities and exploits they discover, is it? You would think a big company like Symantec would want to own Zone-H, since thats where the malicious side of Securityfocus's Bugtraq is reported. I'm sure the feds have ways of detecting cyber terrorism, without the help of public sites like Zone-H. And if they don't, why? On 9/27/05, Andre Ludwig <[EMAIL PROTECTED]> wrote: > > Zone-h does much more of a service then you would think at first > glance. Just think of all those feds pouring over that site > collecting evidence and building profiles of groups. > > Let the kiddies continue to brag, it makes those poor "i just did > learnded computors" cops have some easy fruit to pick. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
n3td3v wrote: Not if the U.S security services decide to have a "war on cyber terror sites". Why are you on the Full Disclosure mailing list again? You do realize that the concept of Full Disclosure includes analyzing defacement sites and that there is, in fact, a legitimate reason to have that archive available, right? If the Secret Service or the FBI or whoever were to commit "war" on this type of act, the next thing is crime dramas, books on criminal activity and history, and other such materials. Goodbye CSI, goodbye Law and Order, goodbye large portions of libraries... all of them "promote" criminal acts in the same way as places like Zone-H... if you can even call it "promotion"... But, that's part of living in a free society. Open access to information is a price that you pay for that right, and it's a benefit that you reap from it as well. I dare say that everyone on this list has personally benefitted from that very freedom. Why do you, n3td3v, hate freedom? Why do you, like so many unthinking people, personally rail against your own best interests? Do you honestly believe that site defacements would just go away if archive sites didn't exist? Please... spare us that line of (un)thought. -bkfsec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
I prefer this definition cyber terrorism - Using electronic means to execute premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents, usually intended to influence an audience. Note the use of the word violence.. taken from Title 22 of the US Code, Section 2656f(d): and then modified to fit into the topic at hand. Dre On 9/27/05, str0ke <[EMAIL PROTECTED]> wrote: > Terrorism doesn't always mean death my friend, here is the definition > of terrorism. > > ter·ror·ism Audio pronunciation of "terrorism" ( P ) Pronunciation > Key (tr-rzm) > n. > > The unlawful use or threatened use of force or violence by a > person or an organized group against people or property with the > intention of intimidating or coercing societies or governments, often > for ideological or political reasons. > > Im sure "cyber terrorism" is a threatened use of force or violence on > someones computer (property) with intimidating skiddie talk. > > /str0ke > > On 9/27/05, Ken Pfeil <[EMAIL PROTECTED]> wrote: > > Since when does a website defacement classify as "cyber terrorism"? Name > > one person that has ever lost their life as a result of a website > > defacement. > > > > One would suggest you buy a fckin clue before letting fly with garbage > > like this. > > > > Ooohh... That's right. I'm sorry. Numbers *and* letters in your handle. > > You must know what you're talking about. > > > > -k > > > > n3td3v wrote: > > > Hi, > > > > > > I have reviewed your site and it sucks. > > > > > > Looks like you're trying to encourage the activity of webpage > > > defacement and bringing celebrity status to those who can deface/ > > > submit the most defacements. > > > > > > You make it look legal by saying the site is useful for research, but > > > really, we all know it encourages the malicious kids who submit to the > > > site. I don't know why the security services in the U.S haven't closed > > > you down. > > > > > > Your site is in comparison to asking terrorist bombers to post suicide > > > bombing videos to a website and asking you to look at it. The only > > > difference here is, Zone-H is about cyber terrorism, rather than > > > terrorism in the real world. > > > > > > Do the U.S security services take cyber terrorism as seriously as real > > > world terrorism? And if they do, Why is Zone-H still online? > > > > > > A journalist should ask that question at Bush's next news conference. > > > > > > Also: > > > Are Zone-H admins about to expand the website to allow for suicide > > > bombing video's, or is that different from the cyber terrorism that > > > your site currently supports. And if you don't support cyber > > > terrorism, then why is Zone-H online and why are you an admin of > > > Zone-H.org > > > > > > Thats all for now, > > > > > > Thanks, > > > n3td3v > > > > > > > > > On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > > > > > >>Hello, > > >> http://www.zone-h.org > > >> Gerardo 'Astharot' Di Giacomo - Zone-H Admin > > > > > > ___ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Terrorism doesn't always mean death my friend, here is the definition of terrorism. ter·ror·ism Audio pronunciation of "terrorism" ( P ) Pronunciation Key (tr-rzm) n. The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons. Im sure "cyber terrorism" is a threatened use of force or violence on someones computer (property) with intimidating skiddie talk. /str0ke On 9/27/05, Ken Pfeil <[EMAIL PROTECTED]> wrote: > Since when does a website defacement classify as "cyber terrorism"? Name > one person that has ever lost their life as a result of a website > defacement. > > One would suggest you buy a fckin clue before letting fly with garbage > like this. > > Ooohh... That's right. I'm sorry. Numbers *and* letters in your handle. > You must know what you're talking about. > > -k > > n3td3v wrote: > > Hi, > > > > I have reviewed your site and it sucks. > > > > Looks like you're trying to encourage the activity of webpage > > defacement and bringing celebrity status to those who can deface/ > > submit the most defacements. > > > > You make it look legal by saying the site is useful for research, but > > really, we all know it encourages the malicious kids who submit to the > > site. I don't know why the security services in the U.S haven't closed > > you down. > > > > Your site is in comparison to asking terrorist bombers to post suicide > > bombing videos to a website and asking you to look at it. The only > > difference here is, Zone-H is about cyber terrorism, rather than > > terrorism in the real world. > > > > Do the U.S security services take cyber terrorism as seriously as real > > world terrorism? And if they do, Why is Zone-H still online? > > > > A journalist should ask that question at Bush's next news conference. > > > > Also: > > Are Zone-H admins about to expand the website to allow for suicide > > bombing video's, or is that different from the cyber terrorism that > > your site currently supports. And if you don't support cyber > > terrorism, then why is Zone-H online and why are you an admin of > > Zone-H.org > > > > Thats all for now, > > > > Thanks, > > n3td3v > > > > > > On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > > > >>Hello, > >> http://www.zone-h.org > >> Gerardo 'Astharot' Di Giacomo - Zone-H Admin > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
I think the security services are more concerned with the real deal then some douchebag who grabbed the latest mass defacer script from some .br. Again.. i would be more worried about the internal threat then some kiddy trying to swap my index.html with his l33t version. Dre On 9/27/05, n3td3v <[EMAIL PROTECTED]> wrote: > Not if the U.S security services decide to have a "war on cyber terror sites". > > On 9/27/05, str0ke <[EMAIL PROTECTED]> wrote: > > KF is right on the dot. There will always be a defacement site. > > > > /str0ke > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Since when does a website defacement classify as "cyber terrorism"? Name one person that has ever lost their life as a result of a website defacement. One would suggest you buy a fckin clue before letting fly with garbage like this. Ooohh... That's right. I'm sorry. Numbers *and* letters in your handle. You must know what you're talking about. -k n3td3v wrote: Hi, I have reviewed your site and it sucks. Looks like you're trying to encourage the activity of webpage defacement and bringing celebrity status to those who can deface/ submit the most defacements. You make it look legal by saying the site is useful for research, but really, we all know it encourages the malicious kids who submit to the site. I don't know why the security services in the U.S haven't closed you down. Your site is in comparison to asking terrorist bombers to post suicide bombing videos to a website and asking you to look at it. The only difference here is, Zone-H is about cyber terrorism, rather than terrorism in the real world. Do the U.S security services take cyber terrorism as seriously as real world terrorism? And if they do, Why is Zone-H still online? A journalist should ask that question at Bush's next news conference. Also: Are Zone-H admins about to expand the website to allow for suicide bombing video's, or is that different from the cyber terrorism that your site currently supports. And if you don't support cyber terrorism, then why is Zone-H online and why are you an admin of Zone-H.org Thats all for now, Thanks, n3td3v On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: Hello, http://www.zone-h.org Gerardo 'Astharot' Di Giacomo - Zone-H Admin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
l33t UpZ 2 M4 P33PZ 1N #L33tHAX4lif3 S3Rv0R AdM1Nz!!! YUO N3#D 2 PaTcH Yu0z C0mPuT0rZ 4 D4 M4D H4x! M1cr0SoFt 1s D4 SuXz! I H4X 4 P00R P33pz C4Uz3 D3y B P00r 4nD K4Ntz HaX G00d!!!1!11!!!one!!shift+one!!!11!! 1 Iz T3H Ph34R MaKhin3! Sh00tz 2: n3td3v 4 acc3pt1ng m3z MySp4c3 Fr13nd R3qu3stz!!!1!, 3v3ry0n3 in #H0w2haX and #windowstechsupport, & t3h Z0n3H cr3w 4 m1rr0rzingz DiS l33t H4X s0 d4 w00d b3z c4n C h0w 2 H4X!1!1 how fearsome the kiddy defacer has become i mean the above is the same as taking innocents lives right? Same as walking into a crowded nightclub and breathing your last breath as you hit the detonator taking with you several lives. I mean copying over or modifying an html file on a poorly secured server is the same right... Zone-h does much more of a service then you would think at first glance. Just think of all those feds pouring over that site collecting evidence and building profiles of groups. Let the kiddies continue to brag, it makes those poor "i just did learnded computors" cops have some easy fruit to pick. To sum it up.. Zone-h no havey the l33t 0dayz spl01tz! and keep an open mind. i can tell this is going to go no where fast.. anyways to each his own *l33t p0w3rz enabled* Dr3 *l33t p0w3rz disabled* On 9/27/05, str0ke <[EMAIL PROTECTED]> wrote: > It doesn't encourage defacements? Come on now its a defacement > archive, ofcourse it encourages defacements. (Nobody makes me bleed > my own blood, nobody) > > I think I finally agree with n3td3v this time on multiple comments > minus the terrorist + sucks + other junk) it is a site dedicated to > defacers who can get the most defacements.) > > But thats zone-h's cup of tea not mine, not dogging it just stating > the facts :) If we were to say zone-h sucks then we would also state > that attrition does since they did the exact thing. (which attrition > doesn't suck). > > /str0ke > > On 9/27/05, Richard Horsman <[EMAIL PROTECTED]> wrote: > > n3td3v, > > > > I would compare zone-h more to a newspaper than a terrorists site. > > Newspapers report what is happening in the world whether it's good news > > or bad news. Zone-h brings news about defacements and other security > > related issues, it does not encourage defacements. > > > > Richh > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > > Sent: 27 September 2005 17:10 > > To: full-disclosure@lists.grok.org.uk > > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > > > Hi, > > > > I have reviewed your site and it sucks. > > > > Looks like you're trying to encourage the activity of webpage > > defacement and bringing celebrity status to those who can deface/ > > submit the most defacements. > > > > You make it look legal by saying the site is useful for research, but > > really, we all know it encourages the malicious kids who submit to the > > site. I don't know why the security services in the U.S haven't closed > > you down. > > > > Your site is in comparison to asking terrorist bombers to post suicide > > bombing videos to a website and asking you to look at it. The only > > difference here is, Zone-H is about cyber terrorism, rather than > > terrorism in the real world. > > > > Do the U.S security services take cyber terrorism as seriously as real > > world terrorism? And if they do, Why is Zone-H still online? > > > > A journalist should ask that question at Bush's next news conference. > > > > Also: > > Are Zone-H admins about to expand the website to allow for suicide > > bombing video's, or is that different from the cyber terrorism that > > your site currently supports. And if you don't support cyber > > terrorism, then why is Zone-H online and why are you an admin of > > Zone-H.org > > > > Thats all for now, > > > > Thanks, > > n3td3v > > > > > > On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > > > Hello, > > > http://www.zone-h.org > > > Gerardo 'Astharot' Di Giacomo - Zone-H Admin > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > ** > > NEW: Sec-1 Hacking Training - Learn to breach network security to further > > your knowledge and protect your network > > http://www.sec-1.com/applied_hacking_course.html > > ** > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _
Re: [Full-disclosure] Third issue of the Zone-H Comics
Not if the U.S security services decide to have a "war on cyber terror sites". On 9/27/05, str0ke <[EMAIL PROTECTED]> wrote: > KF is right on the dot. There will always be a defacement site. > > /str0ke ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
I agree with most of your comments, but it may be prudent to recall that not every attack is performed by a "script kid". Do remember that skilled attackers exsist and are active in penetrating networks, usually those same ones that Nessus "monitor" ; On 27/09/05, Martin Mkrtchian <[EMAIL PROTECTED]> wrote: > I think automated tools should be used for penentration testing when it is > possible. Why should the penetration tester use manual means and waste time? > After all your average script kiddie will be using CORE like applications > such as Metasploit to exploit a system. I do understand that for the > techies out there automated tool is not a respectable way to do pen testing > because it does not show your true skills, but bottom line is business > doesnt care if you use manual or automated tools, what business cares about > is for you to take all the possible appraoch to hack proof a system. Just > because you are running automated tool doesnt mean you do not have the > expertise. In fact tool may do the job, but it is security analyst's > responsibility to analyze and develop high level and technical plan in how > to remediate the issue. So therefore it is my personal opinion that > automated tools save time from analysts perspective and money from business > perspective. > > Thanks > > -- Martin > > Visit my security blog: > > http://dotsecure.blogspot.com > > > On 9/27/05, Bernhard Mueller <[EMAIL PROTECTED]> wrote: > > > Exibar wrote: > > > I didn't mean to imply that the consultants create their own > exploits, > > > not many I know could even begin to do that, only a couple are talented > > > enough to do just that. Even for those very few, it's just not feasable > > > from a time perspective. Much quick and cost effective to use what's > out > > > there. > > > > > > > so what use is a pentest if the consultant isn't even talented enough to > > find / create exploits for unknown vulnerabilities? > > any average admin can install and run an automatic security scanner. > > furthermore, a common nessus report contains 99% useless garbage. and > > most of the time, you can not apply generic exploits like these from > > metasploit to a specific customer situation. > > in my experience, nearly all sites have some serious security flaws even > > if tools like nessus say the contrary. there may be self-coded > > applications or software that is not widely known or tested so they're > > not found in any vulnerability database. or, if that is not the case, > > you may even find new flaws in well-established software. > > IMHO you can not deliver a reasonable security assessment until you have > > checked everything by hand. > > > > > > regards, > > -- > > _ > > > > ~ DI (FH) Bernhard Mueller > > ~ IT Security Consultant > > > > ~ SEC-Consult Unternehmensberatung GmbH > > ~ www.sec-consult.com > > > > ~ A-1080 Wien Blindengasse 3 > > ~ Tel: +43/676/840301718 > > ~ Fax: +43/(0)1/4090307-590 > > __ > > ___ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > ___ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -- regards c0ntex ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
KF is right on the dot. There will always be a defacement site. /str0ke On 9/27/05, KF (lists) <[EMAIL PROTECTED]> wrote: > Joxean Koret wrote: > > > Yeah but zone-h defacement area its used to make defacing contest... > > > > > So what... so was attrition and safemode... if its not them someone > else will archive... > > -KF > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On 9/27/05, Bart Lansing <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > SUICIDE bombers...typically DEAD. Tough to solicit videos from > them, and rather pointless to keep a top ten list as > they...well...can't exactly do it again. > Suicide bombers typically aren't behind or have any part of the planning or research into a bombing. In the same way script kids carry out cyber terrorism attacks, while the real hacker who discovered the vulnerability and exploit remains free. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Joxean Koret wrote: Yeah but zone-h defacement area its used to make defacing contest... So what... so was attrition and safemode... if its not them someone else will archive... -KF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
I think automated tools should be used for penentration testing when it is possible. Why should the penetration tester use manual means and waste time? After all your average script kiddie will be using CORE like applications such as Metasploit to exploit a system. I do understand that for the techies out there automated tool is not a respectable way to do pen testing because it does not show your true skills, but bottom line is business doesnt care if you use manual or automated tools, what business cares about is for you to take all the possible appraoch to hack proof a system. Just because you are running automated tool doesnt mean you do not have the expertise. In fact tool may do the job, but it is security analyst's responsibility to analyze and develop high level and technical plan in how to remediate the issue. So therefore it is my personal opinion that automated tools save time from analysts perspective and money from business perspective. Thanks -- Martin Visit my security blog: http://dotsecure.blogspot.com On 9/27/05, Bernhard Mueller <[EMAIL PROTECTED]> wrote: Exibar wrote:> I didn't mean to imply that the consultants create their own exploits,> not many I know could even begin to do that, only a couple are talented > enough to do just that. Even for those very few, it's just not feasable> from a time perspective. Much quick and cost effective to use what's out> there.>so what use is a pentest if the consultant isn't even talented enough to find / create exploits for unknown vulnerabilities?any average admin can install and run an automatic security scanner.furthermore, a common nessus report contains 99% useless garbage. andmost of the time, you can not apply generic exploits like these from metasploit to a specific customer situation.in my experience, nearly all sites have some serious security flaws evenif tools like nessus say the contrary. there may be self-codedapplications or software that is not widely known or tested so they're not found in any vulnerability database. or, if that is not the case,you may even find new flaws in well-established software.IMHO you can not deliver a reasonable security assessment until you havechecked everything by hand. regards,--_~ DI (FH) Bernhard Mueller~ IT Security Consultant~ SEC-Consult Unternehmensberatung GmbH~ www.sec-consult.com~ A-1080 Wien Blindengasse 3~ Tel: +43/676/840301718~ Fax: +43/(0)1/4090307-590_ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On 9/27/05, J. Oquendo <[EMAIL PROTECTED]> wrote: > > On Tue, 27 Sep 2005, n3td3v wrote: > > > Do newspaper sites ask suicide bombers to submit videos? > > They do so in subliminal ways. See the problem with most people is they > don't want to see the darker sides of life. Out of site out of mind. Forget subiminal ways. Why don't they (CNN and others) do the exact equivalnet to Zone-H? > > > Do newspaper sites keep a chart of the top suicide bombers? > > Actually some do. Link me to them. > > > Do newspaper sites give you special status if you bomb a gov building? > > No Well shut up then if you say "No" > > > Thats what Zone-H does in the cyber terrorism world. > > Yawn yawn yawn. Have they invented coffee in your country yet? And if so, go drink some. > > > It is not the same as a newspaper or newspaper site. > > You say tomatoe I say... BS You say Tomato, I say you're supporting Zone-H to stay online and would question why you are > > > I would like to see how long CNN.com would stay online if it started > > supporting terrorists to submit suicide bombings, and rate them by the > > importance of the building they bombed. And an archive of top > > terrorist groups who submit that information? Why hasn't CNN.com done > > that yet? > > But media does support terrorism in their unique little ways. Every time > (for example) Zarqawi (INSERT CIA FROM WHERE NAME = ' terrorist') and his > little Jihadiot friends committed their little beheadings, every news > agency jumped on the bandwagon of posting all sorts of nifty information > about Zarqawi raising his status quo on the "terrorism underground". What > most people don't realize is the underlying psychology behind the > crapaganda. Like I said already. Forget unique ways. Why don't CNN and others have a "submit your cyber terrorism attacks" or "submit your real world terrorism attacks" form in those words. > > > And if Zone-H is "OK", then why haven't sites like CNN.com and > > all-the-others setup a "submit your cyber terrorism attacks" yet. > > But they do via the (dis)Associated Press. How else do you think most > networks end up getting hold of crapaganda. I don't see a form saying "submit your digital attack" or "submit your bombing" > > > Thats all for now, > > Can you make it all for good? You go first. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 n3td3v, man, really, lay off the caffeine. Of course newspapers solicit for videos and photos of newsworthy events. Other comments regarding your slightly maniacal rant: SUICIDE bombers...typically DEAD. Tough to solicit videos from them, and rather pointless to keep a top ten list as they...well...can't exactly do it again. Of course newspaper sites and newspapers accord special places (called the Front Page) to bombers of government facilities...it's what they do...publish the news. None of the above is considered to condone or glorify terrorists (which is a different philisophical topic and not one to start here), it is simply reporting the news. Have a cup of decaf and read what you are sending before you send it. Tue, 27 Sep 2005 09:38:31 -0700 n3td3v <[EMAIL PROTECTED]> wrote: >Do newspaper sites ask suicide bombers to submit videos? > >Do newspaper sites keep a chart of the top suicide bombers? > >Do newspaper sites give you special status if you bomb a gov >building? > >Thats what Zone-H does in the cyber terrorism world. > >It is not the same as a newspaper or newspaper site. > >I would like to see how long CNN.com would stay online if it >started >supporting terrorists to submit suicide bombings, and rate them by >the >importance of the building they bombed. And an archive of top >terrorist groups who submit that information? Why hasn't CNN.com >done >that yet? > >And if Zone-H is "OK", then why haven't sites like CNN.com and >all-the-others setup a "submit your cyber terrorism attacks" yet. > >Thats all for now, >Thanks, n3td3v > >On 9/27/05, Richard Horsman <[EMAIL PROTECTED]> wrote: >> n3td3v, >> >> I would compare zone-h more to a newspaper than a terrorists >site. >> Newspapers report what is happening in the world whether it's >good news >> or bad news. Zone-h brings news about defacements and other >security >> related issues, it does not encourage defacements. >> >> Richh >> >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >n3td3v >> Sent: 27 September 2005 17:10 >> To: full-disclosure@lists.grok.org.uk >> Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics >> >> Hi, >> >> I have reviewed your site and it sucks. >> >> Looks like you're trying to encourage the activity of webpage >> defacement and bringing celebrity status to those who can >deface/ >> submit the most defacements. >> >> You make it look legal by saying the site is useful for >research, but >> really, we all know it encourages the malicious kids who submit >to the >> site. I don't know why the security services in the U.S haven't >closed >> you down. >> >> Your site is in comparison to asking terrorist bombers to post >suicide >> bombing videos to a website and asking you to look at it. The >only >> difference here is, Zone-H is about cyber terrorism, rather than >> terrorism in the real world. >> >> Do the U.S security services take cyber terrorism as seriously >as real >> world terrorism? And if they do, Why is Zone-H still online? >> >> A journalist should ask that question at Bush's next news >conference. >> >> Also: >> Are Zone-H admins about to expand the website to allow for >suicide >> bombing video's, or is that different from the cyber terrorism >that >> your site currently supports. And if you don't support cyber >> terrorism, then why is Zone-H online and why are you an admin of >> Zone-H.org >> >> Thats all for now, >> >> Thanks, >> n3td3v >> >> >> On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> >wrote: >> > Hello, >> > http://www.zone-h.org >> > Gerardo 'Astharot' Di Giacomo - Zone-H Admin >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >*** >*** > >> NEW: Sec-1 Hacking Training - Learn to breach network security >to further your knowledge and protect your network http://www.sec- >1.com/applied_hacking_course.html >> >*** >*** > >> > > >-- >http://www.geocities.com/n3td3v >___ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkM5emAACgkQfw4CJpLBxOOrXACeKpwSRQtfg0sMz6tTEAOKXmkK+dcA n20do54KN36v71qqd8z77u8i+Ldl =FEdV -END PGP SIGNATURE- Concerned about your privacy? Follow this link to get secure FREE ema
Re: [Full-disclosure] Third issue of the Zone-H Comics
It doesn't encourage defacements? Come on now its a defacement archive, ofcourse it encourages defacements. (Nobody makes me bleed my own blood, nobody) I think I finally agree with n3td3v this time on multiple comments minus the terrorist + sucks + other junk) it is a site dedicated to defacers who can get the most defacements.) But thats zone-h's cup of tea not mine, not dogging it just stating the facts :) If we were to say zone-h sucks then we would also state that attrition does since they did the exact thing. (which attrition doesn't suck). /str0ke On 9/27/05, Richard Horsman <[EMAIL PROTECTED]> wrote: > n3td3v, > > I would compare zone-h more to a newspaper than a terrorists site. > Newspapers report what is happening in the world whether it's good news > or bad news. Zone-h brings news about defacements and other security > related issues, it does not encourage defacements. > > Richh > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > Sent: 27 September 2005 17:10 > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > Hi, > > I have reviewed your site and it sucks. > > Looks like you're trying to encourage the activity of webpage > defacement and bringing celebrity status to those who can deface/ > submit the most defacements. > > You make it look legal by saying the site is useful for research, but > really, we all know it encourages the malicious kids who submit to the > site. I don't know why the security services in the U.S haven't closed > you down. > > Your site is in comparison to asking terrorist bombers to post suicide > bombing videos to a website and asking you to look at it. The only > difference here is, Zone-H is about cyber terrorism, rather than > terrorism in the real world. > > Do the U.S security services take cyber terrorism as seriously as real > world terrorism? And if they do, Why is Zone-H still online? > > A journalist should ask that question at Bush's next news conference. > > Also: > Are Zone-H admins about to expand the website to allow for suicide > bombing video's, or is that different from the cyber terrorism that > your site currently supports. And if you don't support cyber > terrorism, then why is Zone-H online and why are you an admin of > Zone-H.org > > Thats all for now, > > Thanks, > n3td3v > > > On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > > Hello, > > http://www.zone-h.org > > Gerardo 'Astharot' Di Giacomo - Zone-H Admin > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ** > NEW: Sec-1 Hacking Training - Learn to breach network security to further > your knowledge and protect your network > http://www.sec-1.com/applied_hacking_course.html > ** > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On Tue, 27 Sep 2005, n3td3v wrote: > Do newspaper sites ask suicide bombers to submit videos? They do so in subliminal ways. See the problem with most people is they don't want to see the darker sides of life. Out of site out of mind. > Do newspaper sites keep a chart of the top suicide bombers? Actually some do. > Do newspaper sites give you special status if you bomb a gov building? No but they will crapagandize the situation and make a "Made for TV" movie on the idiot bombers followed by 24/7 coverage of the idiots. > Thats what Zone-H does in the cyber terrorism world. Yawn yawn yawn. > It is not the same as a newspaper or newspaper site. You say tomatoe I say... BS > I would like to see how long CNN.com would stay online if it started > supporting terrorists to submit suicide bombings, and rate them by the > importance of the building they bombed. And an archive of top > terrorist groups who submit that information? Why hasn't CNN.com done > that yet? But media does support terrorism in their unique little ways. Every time (for example) Zarqawi (INSERT CIA FROM WHERE NAME = ' terrorist') and his little Jihadiot friends committed their little beheadings, every news agency jumped on the bandwagon of posting all sorts of nifty information about Zarqawi raising his status quo on the "terrorism underground". What most people don't realize is the underlying psychology behind the crapaganda. > And if Zone-H is "OK", then why haven't sites like CNN.com and > all-the-others setup a "submit your cyber terrorism attacks" yet. But they do via the (dis)Associated Press. How else do you think most networks end up getting hold of crapaganda. > Thats all for now, Can you make it all for good? =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 "Just one more time for the sake of sanity tell me why explain the gravity that drove you to this..." Assemblage =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 "Just one more time for the sake of sanity tell me why explain the gravity that drove you to this..." Assemblage ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Do newspaper sites ask suicide bombers to submit videos? Do newspaper sites keep a chart of the top suicide bombers? Do newspaper sites give you special status if you bomb a gov building? Thats what Zone-H does in the cyber terrorism world. It is not the same as a newspaper or newspaper site. I would like to see how long CNN.com would stay online if it started supporting terrorists to submit suicide bombings, and rate them by the importance of the building they bombed. And an archive of top terrorist groups who submit that information? Why hasn't CNN.com done that yet? And if Zone-H is "OK", then why haven't sites like CNN.com and all-the-others setup a "submit your cyber terrorism attacks" yet. Thats all for now, Thanks, n3td3v On 9/27/05, Richard Horsman <[EMAIL PROTECTED]> wrote: > n3td3v, > > I would compare zone-h more to a newspaper than a terrorists site. > Newspapers report what is happening in the world whether it's good news > or bad news. Zone-h brings news about defacements and other security > related issues, it does not encourage defacements. > > Richh > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > Sent: 27 September 2005 17:10 > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics > > Hi, > > I have reviewed your site and it sucks. > > Looks like you're trying to encourage the activity of webpage > defacement and bringing celebrity status to those who can deface/ > submit the most defacements. > > You make it look legal by saying the site is useful for research, but > really, we all know it encourages the malicious kids who submit to the > site. I don't know why the security services in the U.S haven't closed > you down. > > Your site is in comparison to asking terrorist bombers to post suicide > bombing videos to a website and asking you to look at it. The only > difference here is, Zone-H is about cyber terrorism, rather than > terrorism in the real world. > > Do the U.S security services take cyber terrorism as seriously as real > world terrorism? And if they do, Why is Zone-H still online? > > A journalist should ask that question at Bush's next news conference. > > Also: > Are Zone-H admins about to expand the website to allow for suicide > bombing video's, or is that different from the cyber terrorism that > your site currently supports. And if you don't support cyber > terrorism, then why is Zone-H online and why are you an admin of > Zone-H.org > > Thats all for now, > > Thanks, > n3td3v > > > On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > > Hello, > > http://www.zone-h.org > > Gerardo 'Astharot' Di Giacomo - Zone-H Admin > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ** > NEW: Sec-1 Hacking Training - Learn to breach network security to further > your knowledge and protect your network > http://www.sec-1.com/applied_hacking_course.html > ** > -- http://www.geocities.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Yeah but zone-h defacement area its used to make defacing contest... One thing is to report that a interesting site have been defaced ... and other shit its support defacing groups breaking into in "no-one-is-interested" website On 9/27/05, Richard Horsman <[EMAIL PROTECTED]> wrote: n3td3v,I would compare zone-h more to a newspaper than a terrorists site.Newspapers report what is happening in the world whether it's good newsor bad news. Zone-h brings news about defacements and other security related issues, it does not encourage defacements.Richh-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of n3td3vSent: 27 September 2005 17:10To: full-disclosure@lists.grok.org.ukSubject: Re: [Full-disclosure] Third issue of the Zone-H ComicsHi,I have reviewed your site and it sucks.Looks like you're trying to encourage the activity of webpage defacement and bringing celebrity status to those who can deface/submit the most defacements.You make it look legal by saying the site is useful for research, butreally, we all know it encourages the malicious kids who submit to the site. I don't know why the security services in the U.S haven't closedyou down.Your site is in comparison to asking terrorist bombers to post suicidebombing videos to a website and asking you to look at it. The only difference here is, Zone-H is about cyber terrorism, rather thanterrorism in the real world.Do the U.S security services take cyber terrorism as seriously as realworld terrorism? And if they do, Why is Zone-H still online? A journalist should ask that question at Bush's next news conference.Also:Are Zone-H admins about to expand the website to allow for suicidebombing video's, or is that different from the cyber terrorism that your site currently supports. And if you don't support cyberterrorism, then why is Zone-H online and why are you an admin ofZone-H.orgThats all for now,Thanks,n3td3vOn 9/27/05, Gerardo 'Astharot' Di Giacomo < [EMAIL PROTECTED]> wrote:> Hello,> http://www.zone-h.org> Gerardo 'Astharot' Di Giacomo - Zone-H Admin___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/**NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html** ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Third issue of the Zone-H Comics
n3td3v, I would compare zone-h more to a newspaper than a terrorists site. Newspapers report what is happening in the world whether it's good news or bad news. Zone-h brings news about defacements and other security related issues, it does not encourage defacements. Richh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 27 September 2005 17:10 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics Hi, I have reviewed your site and it sucks. Looks like you're trying to encourage the activity of webpage defacement and bringing celebrity status to those who can deface/ submit the most defacements. You make it look legal by saying the site is useful for research, but really, we all know it encourages the malicious kids who submit to the site. I don't know why the security services in the U.S haven't closed you down. Your site is in comparison to asking terrorist bombers to post suicide bombing videos to a website and asking you to look at it. The only difference here is, Zone-H is about cyber terrorism, rather than terrorism in the real world. Do the U.S security services take cyber terrorism as seriously as real world terrorism? And if they do, Why is Zone-H still online? A journalist should ask that question at Bush's next news conference. Also: Are Zone-H admins about to expand the website to allow for suicide bombing video's, or is that different from the cyber terrorism that your site currently supports. And if you don't support cyber terrorism, then why is Zone-H online and why are you an admin of Zone-H.org Thats all for now, Thanks, n3td3v On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > Hello, > http://www.zone-h.org > Gerardo 'Astharot' Di Giacomo - Zone-H Admin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ** NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Well im agree with you, Zone-H really sucks! but why the fuck u think that U.S Security Services are able to act around all the world? Or u dont know any other country than .us ? EOO the rest of the world exists!!! zone-h is located in estonia and astaroth live in italia ... so call the carabinieri no the US police! On 9/27/05, n3td3v <[EMAIL PROTECTED]> wrote: Hi,I have reviewed your site and it sucks.Looks like you're trying to encourage the activity of webpagedefacement and bringing celebrity status to those who can deface/submit the most defacements. You make it look legal by saying the site is useful for research, butreally, we all know it encourages the malicious kids who submit to thesite. I don't know why the security services in the U.S haven't closed you down.Your site is in comparison to asking terrorist bombers to post suicidebombing videos to a website and asking you to look at it. The onlydifference here is, Zone-H is about cyber terrorism, rather than terrorism in the real world.Do the U.S security services take cyber terrorism as seriously as realworld terrorism? And if they do, Why is Zone-H still online?A journalist should ask that question at Bush's next news conference. Also:Are Zone-H admins about to expand the website to allow for suicidebombing video's, or is that different from the cyber terrorism thatyour site currently supports. And if you don't support cyber terrorism, then why is Zone-H online and why are you an admin ofZone-H.orgThats all for now,Thanks,n3td3vOn 9/27/05, Gerardo 'Astharot' Di Giacomo < [EMAIL PROTECTED]> wrote:> Hello,> http://www.zone-h.org> Gerardo 'Astharot' Di Giacomo - Zone-H Admin___ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
Hi, I have reviewed your site and it sucks. Looks like you're trying to encourage the activity of webpage defacement and bringing celebrity status to those who can deface/ submit the most defacements. You make it look legal by saying the site is useful for research, but really, we all know it encourages the malicious kids who submit to the site. I don't know why the security services in the U.S haven't closed you down. Your site is in comparison to asking terrorist bombers to post suicide bombing videos to a website and asking you to look at it. The only difference here is, Zone-H is about cyber terrorism, rather than terrorism in the real world. Do the U.S security services take cyber terrorism as seriously as real world terrorism? And if they do, Why is Zone-H still online? A journalist should ask that question at Bush's next news conference. Also: Are Zone-H admins about to expand the website to allow for suicide bombing video's, or is that different from the cyber terrorism that your site currently supports. And if you don't support cyber terrorism, then why is Zone-H online and why are you an admin of Zone-H.org Thats all for now, Thanks, n3td3v On 9/27/05, Gerardo 'Astharot' Di Giacomo <[EMAIL PROTECTED]> wrote: > Hello, > http://www.zone-h.org > Gerardo 'Astharot' Di Giacomo - Zone-H Admin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
Exibar wrote: > I didn't mean to imply that the consultants create their own exploits, > not many I know could even begin to do that, only a couple are talented > enough to do just that. Even for those very few, it's just not feasable > from a time perspective. Much quick and cost effective to use what's out > there. > so what use is a pentest if the consultant isn't even talented enough to find / create exploits for unknown vulnerabilities? any average admin can install and run an automatic security scanner. furthermore, a common nessus report contains 99% useless garbage. and most of the time, you can not apply generic exploits like these from metasploit to a specific customer situation. in my experience, nearly all sites have some serious security flaws even if tools like nessus say the contrary. there may be self-coded applications or software that is not widely known or tested so they're not found in any vulnerability database. or, if that is not the case, you may even find new flaws in well-established software. IMHO you can not deliver a reasonable security assessment until you have checked everything by hand. regards, -- _ ~ DI (FH) Bernhard Mueller ~ IT Security Consultant ~ SEC-Consult Unternehmensberatung GmbH ~ www.sec-consult.com ~ A-1080 Wien Blindengasse 3 ~ Tel: +43/676/840301718 ~ Fax: +43/(0)1/4090307-590 __ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ISR] - Novell GroupWise Client Integer Overflow
|| || [ISR] || Infobyte Security Research || www.infobyte.com.ar || 09.27.2005 || .:: SUMMARY Novell GroupWise Client Integer Overflow Version: GroupWise 6.5.3, It is suspected that all previous versions of Groupwise Client are vulnerable. .:: BACKGROUND GroupWise Client is Novell's premier Intranet/Internet GroupWare solution for platform Windows. More info:http://www.novell.com .:: DESCRIPTION This issue is due to a failure of the application to securely parse the saved port number of the last authentication store in windows register. To reproduce this, we have to modify the default register key of HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port For example, set the value (). Then, when we open the application client and the client get the port information occur the integer overflow. EAX C71C71C7 ECX 01F6ADC0 ASCII "10.1.1.1" EDX 01F6ADC0 ASCII "10.1.1.1" EBX ESP 0012E9DC EBP 0012E9EC ESI EDI EIP 52080AB3 gwenv1.52080AB3 C 0 ES 0023 32bit 0() P 0 CS 001B 32bit 0() A 1 SS 0023 32bit 0() Z 0 DS 0023 32bit 0() S 1 FS 0038 32bit 7FFDE000(FFF) T 0 GS NULL D 0 O 0 LastErr ERROR_SUCCESS () EFL 00010292 (NO,NB,NE,A,S,PO,L,LE) ST0 empty -NAN FFFCFEFC FFFCFEFC ST1 empty -??? ST2 empty -??? 00FE00FB 00FD00FB ST3 empty -??? 00FE00FB 00FD00FB ST4 empty -NAN FFFCFEFC FFFCFEFC ST5 empty -??? 00FF00FC 00FE00FC ST6 empty -??? ST7 empty 256.0 3 2 1 0 E S P U O Z D I FST Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT) FCW 027F Prec NEAR,53 Mask1 1 1 1 1 1 Asm code line: 52080AB3 66:8B00 MOV AX,WORD PTR DS:[EAX] .:: VENDOR RESPONSE Vendor advisory: http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType= kc&externalId=10098814html&sliceId=&dialogID=717171 Vendor patch: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972191.htm .:: DISCLOSURE TIMELINE 07/28/2005 Initial vendor notification 07/28/2005 Initial vendor response notify research 08/07/2005 Second vendor response 09/27/2005 Coordinated public disclosure .:: CREDIT Francisco Amato is credited with discovering this vulnerability. famato][at][infobyte][dot][com][dot][ar .:: LEGAL NOTICES Copyright (c) 2005 by [ISR] Infobyte Security Research. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Infobyte Security Research Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from infobyte com ar Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
>- Original Message - >From: "Marc Maiffret" <[EMAIL PROTECTED]> >To: "Exibar" <[EMAIL PROTECTED]>; "c0ntex" <[EMAIL PROTECTED]>; "Josh Perrymon" <[EMAIL PROTECTED]>; d>[EMAIL PROTECTED]> >Sent: Monday, September 26, 2005 4:49 PM >Subject: RE: [Full-disclosure] CORE-Impact license bypass > > >> As far as automated tools go, bah, manually exploiting the >> holes is certainly the way to go. But, the automated tools >> usually produce nice pretty reports that you can show the >> client. They just LOVEE pretty reports with many >> bright colors and such for the good stuff and dark "hacker >> like" colors for the bad stuff :-) >> >> Exibar > > >I'm playing devils advocate so its not that I completely disagree but I >think for the average consultant (99% of consultants) using an automated >solution like Core/Canvas is going to do far more for them. Hiya Marc! I completely agree. I actually like both methods, using an automated tool like Retina, Nessus, Foundstone, etc to find the vulns and the weaknesses, then using an individual exploit to try and penetrate that hole. Canvas / Core also have a very good use as well. They are quick, easy to use, and produce those nice reports that the clients like to see, so they get used as well. I didn't mean to imply that the consultants create their own exploits, not many I know could even begin to do that, only a couple are talented enough to do just that. Even for those very few, it's just not feasable from a time perspective. Much quick and cost effective to use what's out there. Exibar ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Re: in-line coax monitoring device
Original Message >From: Volker Tanger >Message-Id: [EMAIL PROTECTED] > Greetings! > > "Dave Korn" <[EMAIL PROTECTED]> wrote: >>> From: Alex Krycek >> >>> Äîáðûé âå÷åð...looking for an in-line coax monitoring device that >>> will give me the ability to monitor/capture and decode all traffic >> >> The device you are looking for does exist. It's called a "cable >> modem". > > Even simpler: it's the T-shaped BNC coax adapter you use to connect a PC > to the coax network. No it isn't. Do you really think it's possible to broadcast two hundred channels of video plus supply broadband IP access to a couple of hundred people over a single 10Mb/s 10-BASE-T ethernet line of the kind that has been obsolete for the best part of a decade? That's not an ethernet on that wire. cheers, DaveK -- Can't think of a witty .sigline today ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re[2]: [Full-disclosure] Worm phone home site question
EFF endorses commiting crimes? Just because someone elses has broken into the system before, it does not make it any less of a crime and just because the system is being rented possibly using fraudulent credit card, it still belongs to the hosting company. -Original Message- From: Andrew A <[EMAIL PROTECTED]> To: full-disclosure@lists.grok.org.uk Date: Tue, 27 Sep 2005 09:14:50 -0400 Subject: Re: [Full-disclosure] Worm phone home site question > This is precisely the sort of thing you should be using Tor for. Thanks, EFF. > > On 9/27/05, Michael Holstein <[EMAIL PROTECTED]> wrote: > > (poses the typical ethical dillema .. can you hack into a botnet to shut > > it down? .. probably not --legally anyway-- .. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Worm phone home site question
This is precisely the sort of thing you should be using Tor for. Thanks, EFF. On 9/27/05, Michael Holstein <[EMAIL PROTECTED]> wrote: > (poses the typical ethical dillema .. can you hack into a botnet to shut > it down? .. probably not --legally anyway-- .. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Third issue of the Zone-H Comics
Hello, you might be interested to the new issue of Zone-H Comics Download or read it it @ http://www.zone-h.org/comics ... Nmap's Fyodor and HITB's L33tdawg as special guests! Bye Gerardo 'Astharot' Di Giacomo - Zone-H Admin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Worm phone home site question
This is the phone home site for a worm found on the network. Any idea what service they are running on these ports or how to loggin or register? Standard [AGO|SD|RX] bot stuff .. it's just an IRCd .. use mIRC, xCHAT, whatever ... The channels are always invisible and password protected. Boot up an infected client while sniffing with [ethereal|tcpdump|dsniff] and you'll grab the channel name/password. Usually there are 2 channels .. one to report infections, and one to recieve command/control. The command/control one affords the bots no "voice" so it's not like you can take over the channel logging in as a bot .. but with a little homework and immagination, you sure can ;) (poses the typical ethical dillema .. can you hack into a botnet to shut it down? .. probably not --legally anyway-- .. best bet is always the whois route and try to track down the POC for the netblock. The folks at ISC (isc.sans.org) can usually lend a hand for the uncooperative ones. Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Worm phone home site question
On 9/27/05, odinanne <[EMAIL PROTECTED]> wrote: > 210.240.39.40 tcp 2255, 5522, 9009 > > This is the phone home site for a worm found on the network. Any idea > what service they are running on these ports or how to loggin or register? > > This is the worm. > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2ECGY&VSect=P > > Hello, it appears to be a classical IRC server. So, you can easily login with any IRC client. But I can't get the list of available channels. -- ggfirst ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Announce: RSBAC v1.2.5 released
Rule Set Based Access Control (RSBAC) v1.2.5 has been released! Full information and downloads are available at http://www.rsbac.org RSBAC Key Features: * Free Open Source (GPL) Linux kernel security extension * Independent of governments and big companies * Several well-known and new security models, e.g. MAC, ACL and RC * Control over individual user and program network accesses * Fully access controlled kernel level user management * Any combination of models possible * Easily extendable: write your own model for runtime registration * On-access virus scanning with Dazuko interface * Support for current kernels in 2.4 and 2.6 series * Stable for production use since January 2000 Major new features in v1.2.5: * Complete review of all interceptions with many new ones added * Device attribute inheritance: Use values at type:major as default for type:major:minor * Log remote IP address of subject in access log * Completely rewritten admin tools build system * Many smaller changes to remove bugs and improve usability * Complete list of changes at http://download.rsbac.org/code/v1.2.5/changes-1.2.5.txt Versions 1.2.x will be maintained as stable series with bugfix releases whenever necessary. All cool new features will be in the new 1.3 series, which has recently been branched off, see http://www.rsbac.org/todo. For first tests without installation you can try the Debian based RSBAC Live CD at http://livecd.rsbac.org Please forward this announcement to whereever you think it is applicable, e.g. local or national security lists, newspapers or magazines, or your favourite Internet forum. Feedback is always welcome! Amon Ott. -- http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22 pgpMgfatZxdvg.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Worm phone home site question
210.240.39.40 tcp 2255, 5522, 9009 This is the phone home site for a worm found on the network. Any idea what service they are running on these ports or how to loggin or register? This is the worm. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2ECGY&VSect=P ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] urgent info require
hi security gurus i want to implement juniper (netscreen) solution in my company ,,, moveover i want to replace cyberguard from juniper ... is there any one let me know any strong point that will support me in replacement like weakness in cyberguard etc,, your respoce is highly appricated best regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Retrieve info in Protected Storage of other users
[EMAIL PROTECTED] wrote: > So far, I can only find tools to retrieve info in WinXP's Protected > Storage for the "current" user (e.g. pspr from elcomsoft, or C&A). > > However, there is no tools to retrieve other users' Protected Storage info > - assuming that I can login as local administrator. > > Is Protected Storage really that "save", and can prevent other users > (including admin users) on the same system from snooping in my secret > stored in the Protected Storage ? The protected storage is encrypted with the user logon password. Even an administrator cannot gain access to another user's protected storage. However, he can gain access to the user password through other means (ex. pwdump + john). If an administrator try to reset a user password on Windows XP, he gets a message saying that all user secrets stored in protected storage will be lost. More info on : http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp Regards, - Nicolas RUFF Security researcher @ EADS-CCR ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
