[Full-disclosure] Re: Hacking Boot camps!: certifications
On 11/26/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On Sat, 26 Nov 2005 09:52:13 +0530, R S said: > > > Hint: Compare how much of technical advancement has happened in the > > security field because of published GIAC papers compared to real > > technical papers coming out of academia. > > On the other hand, most companies are hiring people who understand how to > use *current* knowledge to secure things and help the bottom line, not do > research. > > When I take my car in to be serviced, the fact the mechanic has his sheet > on > the wall saying he's completed the vendor training on the engine, exhaust, > air conditioning, and brakes for my make of car tells me something. I > don't > need Enzo Ferrari fixing my fuel injection. > > Yes. You are very right. But you are comparing getting a training from Cisco on Cisco router to getting a very general certification from Sans saying you are a security expert. If you are a qualified mechanic who work on different makes and models and you are hiring a car mechanic to work for you would you hire someone who can show they can do any job you throw at them or someone who just touts that they have a specific certificate from a specific vendor? As a non-technical car driver I may be impressed by seeing the certificate from the vendor on the wall. Again this may not be a good comparison because if you take automobiles there are enough nuances that are very specific to a make and model that you need training from the vendor to even know what's wrong. It should be the same way for security. If there is a cisco firewall protecting your network it may be nice to know that a person trained by cisco is setting it up rather than a "security expert" with a generic sans certification - though that should not be the only criteria because yor network is just not that cisco router. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Hacking Boot camps!: certifications
On Sat, 26 Nov 2005 09:52:13 +0530, R S said: > Hint: Compare how much of technical advancement has happened in the > security field because of published GIAC papers compared to real > technical papers coming out of academia. On the other hand, most companies are hiring people who understand how to use *current* knowledge to secure things and help the bottom line, not do research. When I take my car in to be serviced, the fact the mechanic has his sheet on the wall saying he's completed the vendor training on the engine, exhaust, air conditioning, and brakes for my make of car tells me something. I don't need Enzo Ferrari fixing my fuel injection. pgpTNiuQxd7GB.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Hacking Boot camps!: certifications
A certification is certainly a plus a get to the door for an interview (since the door to the interview is usually (wo)manned by non-tecchnical HR people) and to impress non-technical people. Anyone touting a certification to a technical person should be shown the door since they still don't realise how little technical expertise is actually involved in a certification. I am certainly not belittiling the efforts behind your GIAC if that's what you have, but if you think it is really worth that much it is wrong. Hint: Compare how much of technical advancement has happened in the security field because of published GIAC papers compared to real technical papers coming out of academia. On 11/26/05, Exibar <[EMAIL PROTECTED]> wrote: > > > > > So am I any smarter for having my CISSP over a GIAC?... I dont think so.. > > but the employeers seem to thing so =) > > > > > Just to chime in a personal opinionThe GIAC exams (NOT their new > Silver level, but the Gold level) is worth more to me than CISSP. Why do > you ask. CISSP only requires you to take an exam, pass, and you get your > cert. The GIAC GOLD certs require you to write a paper, of varying length > per cert, and pass it and 1 or 2 exams in order to get yoru cert. >It's one thing to be able to go to a week long class, brush up on a few > points here and there, take an exam and pass to get a cert, CISSP. >It's another copletely different thing to be able to comprehend the > information enough to be able to write a 20 - 75 page paper on the subject, > have it read and graded by "experts" in the field, and then get the cert. > GIAC >Even though the GIAC certs generally cover a narrow topic compared to > CISSP, you have to know your subject quite well in order to be able to pass > that cert. Forget about the silver cert for GIAC... just another exam or > two to pass > > IF I was interviewing someone new for a security position, I'd certainly > take this into account before hireing them. Along with many other factors > too, of course. > > Exibar > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Interesting reading-Government MAC systems under fire
On Fri, 25 Nov 2005 19:37:39 CST, Randall M said: > There is a very interesting development with the Department Of Interior and > its Security compliance. I just skimmed this over, and didn't see any "development", only "more of the same". Yep. Looks like this is the *fourth* time a judge has ordered them cut off You *did* know that the entire Dept of Interior was court-ordered yanked off the Internet March of last year, and it was the *third* time it happened? http://indianz.com/News/archive/000686.asp They also got nailed in July of 2003 and Dec of 2001: http://www.indiantrust.com/index.cfm?FuseAction=PressReleases.ViewDetail&PressRelease_id=90&Month=7&Year=2003 Might want to play "follow the money" and see who's making money from this not being fixed. pgppjhUFtgN4r.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
On Fri, 25 Nov 2005 15:57:19 +0100, poo said: > phrack shows very important initative against the disturbing growth in > whitehat activities Why is a growth in clueless SANS-trained whitehats that have no understanding a "disturbing" thing? pgpIO3ydDEspa.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Interesting reading-Government MAC systems under fire
Hi friends, There is a very interesting development with the Department Of Interior and its Security compliance. The Secretary and Inspector General of the DOI are at odds on this issue. After the report of the lack of security as demonstrated by pen-testing came out, a court order came ordering that the systems be removed from the internet. Later, the Secretary through an Appeals court stayed the order asking the Office of Management and Budget to clarify what the compliances are and for a "clearer definition of adequate security." Now, if that argument is not by itself interesting, what the systems are used for is the real story. They hold all the data for and about Indian Trust payments for the oil, land, and other natural resources owed to some 500,00 Indians. The Tribes have filed a lawsuit for mismanagement of the funds that are valued in the multiple billions. I have included here a snippet of how SANs newsletter posted this (also included the DHS's report on FEMA. databases). Then if your interested in further reading see the link to the Indian Trust website. :: HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY --Dept. of Interior Asks OMB for FISMA Compliance Clarification (23/21 November 2005) Department of the Interior (DOI) secretary Gale Norton has asked the Office of Management and Budget (OMB) to clarify its interpretations of the requirements for compliance with the Federal Information Security Management Act (FISMA). DOI inspector general Earl Devaney's penetration testing reportedly found that DOI networks were vulnerable to both internal and external unauthorized access. The report concluded that DOI is not in compliance with FISMA. DOI CIO Hord Tipton maintains Devaney's interpretation of FISMA compliance exceeds basic requirements as reflected in his answers in the FY 2005 reporting template. Mr. Tipton also says the report does not take into consideration improvements made during the year that came as a direct result of the IG's testing. Ms. Norton maintains that her department meets FISMA requirements and has asked OMB for a "clearer definition of adequate security." http://appserv.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&; story.id=37643 http://www.fcw.com/article91521-11-21-05-Web [Editor's Note (Schultz): Penetration testing performed by competent and fully authorized individuals and organizations can be very beneficial. At the same time, however, I hate to see the results of penetration tests used in the way they apparently have been in the case of the Department of the Interior. Penetration tests should never in and of themselves be used as the sole evidence for the adequacy of security; they should instead be considered part of a complete set of findings that include among other things security reviews and vulnerability assessments. (Paller): Gene's criticism is accurate but doesn't go far enough. People who rely on penetration testing as their primary method of deciding whether systems are vulnerable to cyber attacks are either misinformed or lacking in competence.] --DHS Inspector General: FEMA Core Databases are Not Secure (21 November 2005) According to a report from Department of Homeland Security (DHS) Inspector General Richard L. Skinner, the Federal Emergency Management Agency (FEMA) has not implemented sufficient security safeguards to protect its core databases. The report acknowledges FEMA has made IT security improvements, such as the development of a contingency plan. FEMA officials agree with the majority of the findings and are taking action. http://appserv.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn2&story .id=37600 ::: The following web site gives the views from the Tribe and lawyers involved in the case. See the right side: http://www.indiantrust.com/ In one of the articles the Inspector General states clearly that "his" pen-testers were able to move around and even manipulate files. The "editorial" section from SANS give the opinion that "Penetration tests should never in and of themselves be used as the sole evidence for the adequacy of security". I'm sorry, but when such an issue involves billions of dollars and a "pen-tester" can move around the systems with no problem I think that suffices as somewhat of a sole evidence needed! I also cannot help but think that this "full disclosure" could be read by the wrong person and a different penetration is eminent. Some of you on this list have dealt with Government systems and probably know and understand the Inspector Generals plea. Thank You Randall M = "You too can have your very own Computer!" Note: Side effects include: Blue screens; interrupt violation; illegal operations; rem
RE: [Full-disclosure] Re: Return of the Phrack High Council-We haved learned jason!
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: Friday, November 25, 2005 11:21 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Re: Return of the Phrack High Council I a non-posting member on this list. Actually I just have to say that I do dislike all these pointless "discussions" or flamings going ard this list. I'll rather see some new things that I can learn from coming into this list. Jason aKa SilVeR But jason, we have learned a lot in the last three days. PHC is not a group as many thought but a concept. A state of MIND. N33td3v is not liked by many of the regulars. This list was a blackhat in the early days but now has been washed clean and now operated and used by whitehats. Now, all that from just the PHC posts. During that time we saw an interesting debate about certs, the value of hacking boot camps, windows path for notepad.exe revealed, etc. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IPsecurity theater
On 11/25/05, Joachim Schipper <[EMAIL PROTECTED]> wrote: > ... > While I'm not too sure what you mean, doesn't manual keying solve this > problem? setkey doesn't make the greatest key daemon. something that supports decent authentication for access to key material and provides some form of key scheduling would be nice. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IPsecurity theater
On Fri, Nov 25, 2005 at 12:55:39PM -0800, coderman wrote: > Check Point, Cisco, Juniper, * now know that one open port is too > many. ISAKMP is a 0day slut. > > details on fully out of band key management desired; a virtual private > network SHOULD not process / accept any packet that is not authentic > and private. > > in ipsec esp/transport//require ah/transport//require; > > --- > > why do all key daemons suck? While I'm not too sure what you mean, doesn't manual keying solve this problem? Joachim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [inbox] Re: [Full-disclosure] Hacking Boot camps!
wow, SANS must have really hurt you emotionally to be this pissed at them Ex > -Original Message- > From: InfoSecBOFH [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 24, 2005 4:43 AM > To: full-disclosure@lists.grok.org.uk > Subject: [inbox] Re: [Full-disclosure] Hacking Boot camps! > > > Bottom line is... and you can ignore the SANS instructor/SANS > zealot post... > > SANS = SHIT. > > Now that I am in a position with my employer to hire and fire > people... I will not even consider an applicant who touts his SANS > certification as something to be proud of or something to make him > more skilled than the next. > > And, now that I am in a senior position at my employer, I am doing > everything I can to stop my employer from paying the EXTORTION fees to > SANS in order to be a part of their what works program and any of > their training. > > You know what makes me smile everyday... the knowledge in knowing that > I am not the only senior infosec person at a major corporation who > feels this way about SANS. > > Fuck SANS. FUCK EM ALL! > > http://dictionary.reference.com/search?q=sans#without > > sans( P ) Pronunciation Key (snz, sä) > prep. > Without. > > > -- > -- > [Middle English, from Old French, blend of Latin sine, without, and > absenti, in the absence of, ablative of absentia, absence from absns, > absent- present participle of abesse, to be away. See absent.] > > On 11/23/05, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > Maybe it is not what you know but who you know. Best of luck > with that grail thing, finding it is veiled, holding it is easy, > keeping it polished is where the work is. > > > > -- > > vote for me > > > > > > > On 11/23/05, [EMAIL PROTECTED] > > > <[EMAIL PROTECTED]> wrote: > > > > ... the cert game is nothing more than a lucrative revenue > generator. For > > > either the test givers or the vender pusher or the land of test king. > > > > > > a few respectable names in their roster[1]; i wonder why they don't > > > name the instructor giving each presentation on their conference > > > schedule[2]... > > > > > > i have a theory: the more legitimately skilled you are, the less you > > > instruct and the more you are paid. a nice way to convert reputation > > > into ca$h! > > > > > > [maybe i can get in on this racket once i attain the holy grail of > > > CPA, GCFW, CISSP, CISM, CISA, CCNA, CCSE, CCSA, GIAC, GCIA, GSNA, > > > GCFA, GCIH, GCUX, GSEC, QUE, WTFBBQ] > > > > > > 1. http://www.sans.org/instructors.php > > > 2. http://www.sans.org/index.php > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [inbox] RE: [Full-disclosure] Hacking Boot camps!: certifications
> > So am I any smarter for having my CISSP over a GIAC?... I dont think so.. > but the employeers seem to thing so =) > Just to chime in a personal opinionThe GIAC exams (NOT their new Silver level, but the Gold level) is worth more to me than CISSP. Why do you ask. CISSP only requires you to take an exam, pass, and you get your cert. The GIAC GOLD certs require you to write a paper, of varying length per cert, and pass it and 1 or 2 exams in order to get yoru cert. It's one thing to be able to go to a week long class, brush up on a few points here and there, take an exam and pass to get a cert, CISSP. It's another copletely different thing to be able to comprehend the information enough to be able to write a 20 - 75 page paper on the subject, have it read and graded by "experts" in the field, and then get the cert. GIAC Even though the GIAC certs generally cover a narrow topic compared to CISSP, you have to know your subject quite well in order to be able to pass that cert. Forget about the silver cert for GIAC... just another exam or two to pass IF I was interviewing someone new for a security position, I'd certainly take this into account before hireing them. Along with many other factors too, of course. Exibar ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [inbox] Re: [Full-disclosure] Hacking Boot camps!
Firstly, I have taken many sans courses and in fact was at their last event in LA. I already do a ton of work for SANS via my employer and I hold a couple different GIAC certifications. So nice try. Instead of listing the courses that I think suck at SANS I will list the ones that are good; yup... empty list. On 11/25/05, Exibar <[EMAIL PROTECTED]> wrote: > dude Those sounds like words that are coming from someone that tried > to pass a SANS exam but failedor someone that thought they could get a > job working for SANS but wasn't accepted I'm not saying this happened > to you, but there is much emotion in your reply. > What SANS course are you basing this on? Did you take any SANS courses? > What would you suggest as more ethical than SANS? A vendor given course > like Foundstone (McAfee now)? > > Just curious > > Exibar > > > -Original Message- > > From: InfoSecBOFH [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 23, 2005 12:42 PM > > To: Exibar > > Cc: full-disclosure@lists.grok.org.uk > > Subject: [inbox] Re: [Full-disclosure] Hacking Boot camps! > > > > > > On 11/23/05, Exibar <[EMAIL PROTECTED]> wrote: > > > I agree, BUT for someone that is just starting out and want's > > to get into > > > the InfoSec field. SANS will provide them with a very useful > > foundation to > > > start from. > > > if they're a PC tech, and don't know where to start, a SANS > > type course > > > is money well spent. AS LONG AS they back it up with their own > > practice and > > > research on their own. > > > > WRONG. SANS does not provide anything but marketing opportunities for > > vendors who cannot sell product any other way and a thicker wallet for > > those at the top of the pyramid scheme. I agree that training when > > you are starting out is important but SANS is not an ethical or > > legitimate training institution and does more to harm security than it > > does to help. > > > > > > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Window's O/S
> In C:\windows\ the file "nnotepad.exe" remained as I had changed it and a > brand new (from the same date as the renamed exe) "notepad.exe" appeared and > same under c:\windows\system32 and c:\windows\dllcache as well. ... > So my question next is "If I have renamed the whole lot that I could find, > where did this replacement notepad.exe come from?" and I cant really answer The dllcache version existed already. It's a local backup of files deemed "important" to system functionality. WFP noticed as soon as the original c:\windows\system32\notepad.exe was renamed, and restored it from the dllcache directory before you renamed that copy, too. Rename the dllcache copy first, then rename the system32 copy, and you'll see that the file does not reappear (unless you have the Windows CD in your drive at the time, in which case Windows will fetch it from there). 8^) p. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [inbox] Re: [Full-disclosure] Hacking Boot camps!
dude Those sounds like words that are coming from someone that tried to pass a SANS exam but failedor someone that thought they could get a job working for SANS but wasn't accepted I'm not saying this happened to you, but there is much emotion in your reply. What SANS course are you basing this on? Did you take any SANS courses? What would you suggest as more ethical than SANS? A vendor given course like Foundstone (McAfee now)? Just curious Exibar > -Original Message- > From: InfoSecBOFH [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 23, 2005 12:42 PM > To: Exibar > Cc: full-disclosure@lists.grok.org.uk > Subject: [inbox] Re: [Full-disclosure] Hacking Boot camps! > > > On 11/23/05, Exibar <[EMAIL PROTECTED]> wrote: > > I agree, BUT for someone that is just starting out and want's > to get into > > the InfoSec field. SANS will provide them with a very useful > foundation to > > start from. > > if they're a PC tech, and don't know where to start, a SANS > type course > > is money well spent. AS LONG AS they back it up with their own > practice and > > research on their own. > > WRONG. SANS does not provide anything but marketing opportunities for > vendors who cannot sell product any other way and a thicker wallet for > those at the top of the pyramid scheme. I agree that training when > you are starting out is important but SANS is not an ethical or > legitimate training institution and does more to harm security than it > does to help. > > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] IPsecurity theater
Check Point, Cisco, Juniper, * now know that one open port is too many. ISAKMP is a 0day slut. details on fully out of band key management desired; a virtual private network SHOULD not process / accept any packet that is not authentic and private. in ipsec esp/transport//require ah/transport//require; --- why do all key daemons suck? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
I am nothing like InfoSecBOFH, you can be sure of that. People have tried to spoof me in the past but failed in their mission. We're talking about years of work behind the scenes with hackers, script kids and employees of vendors. I must go and change my web host from GeoCities, because i'm told its uncool to be using GeoCities, because people assume it means you don't have much technical knowledge of web server and domain name configuration. I was going to tell them about other big security web sites I have been involved in admin'ing in years gone by, but i'm in too much of a rush to move my site off of GeoCities, because the experts said it will give me more credibility to do so or something misinformed like that. I am now exiting this thread, good bye. Let the n3td3v flames continue without me... I'm sure i'll get round to reading them next week or something. On 11/25/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > Good theory, but you are wrong in this case. I am nothing like n3td3v > and while I support PHC I am not PHC. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
Good theory, but you are wrong in this case. I am nothing like n3td3v and while I support PHC I am not PHC. On 11/25/05, R S <[EMAIL PROTECTED]> wrote: > > Why does posts from n3td3v, phc and InfosecBOFH appear very similar? Google > Mail not putting something similar to X-Originating-IP has given some > kiddies an even easier way to create differerent personas and go around > promoting their fantasy role-playing without even having to hide their IP > addresses. > > > > > On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: > > Phrack is greatly outdated and should be laid to rest. 21st century > > groups are far more advanced than Phrack can ever be any more. Time > > for people to stop riding on the Phrack name and move on. Maybe you > > should form a new group with a new name. Milking Phrack for all its > > worth won't benefit anyone. There are alternative groups already > > setup deep within the under world who don't come forward and advertise > > their presence. Keep the dream alive... > > ___ > > Full-Disclosure - We believe in it. > > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > ___ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
You can validate my claims by asking "Bryno" as he is known on the channel which nick name I used when I was a regular of your channel. I am no longer an active user of your channel, but I am in great contact with people from your network nearly everyday over IM. On 11/25/05, James Eaton-Lee <[EMAIL PROTECTED]> wrote: > If you are an active user of BSRF, and if you are a "great friend" of > mine, and you do "reveil [your] nickname on [my] IRC channel", then I'll > instantly lose any and all respect I may already have for you in your > other guise. > > I also have to speculate that this just isn't true and you're trying to > fabricate points, but since you won't substantiate your claims, this is > just idle speculation, really. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Return of the Phrack High Council
Hi - it's me, another non poster. I dislike what netdev is doing (e.g. "i have ircop friends", geocities page, threattening, superiority complex, and so on). HOWEVER I too would rather prefer to see him trying to pick fights like this and nobody giving a damn, rather than everybody flaming him, like it is now. Now I feel kind of bad that i added to this noise. sorry. Thanks for all your 20 seconds: php0t. - Original Message - From: "Jason" <[EMAIL PROTECTED]> To: Sent: Friday, November 25, 2005 6:20 PM Subject: Re: [Full-disclosure] Re: Return of the Phrack High Council I a non-posting member on this list. Actually I just have to say that I do dislike all these pointless "discussions" or flamings going ard this list. I'll rather see some new things that I can learn from coming into this list. Jason aKa SilVeR ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Return of the Phrack High Council
I a non-posting member on this list. Actually I just have to say that I do dislike all these pointless "discussions" or flamings going ard this list. I'll rather see some new things that I can learn from coming into this list. Jason aKa SilVeR On Fri, 2005-11-25 at 08:49 -0800, Simon Biles wrote: > No actually, I think Rodrigo is right ... > > Most of the non-posting members do dislike these pointless "discussions" ... > > On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: > > Since most subscribers don't post to the list, it would be impossibile > > to know what they think. > > > > On 11/25/05, Rodrigo Barbosa <[EMAIL PROTECTED]> wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > I dislike n3td3v as much as most subscribers of this list, > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > Simon Biles > CISSP, OPSA, BS7799 Lead Auditor, MBCS > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Return of the Phrack High Council
fuck the hippies waste bandwidth! this aint 1988 - i am not no a 2400 or even a super fast v32 or v34. kill files... thats what it is all about. Cheers d. On 11/25/05, Simon Biles <[EMAIL PROTECTED]> wrote: > No actually, I think Rodrigo is right ... > > Most of the non-posting members do dislike these pointless "discussions" ... > > On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: > > Since most subscribers don't post to the list, it would be impossibile > > to know what they think. > > > > On 11/25/05, Rodrigo Barbosa <[EMAIL PROTECTED]> wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA1 > > > > > > I dislike n3td3v as much as most subscribers of this list, > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > Simon Biles > CISSP, OPSA, BS7799 Lead Auditor, MBCS > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
On Fri, 2005-11-25 at 16:24 +, n3td3v wrote:
>
> > Last first, making threats doesn't help either - again, you say two
> > things in one breath - you proclaim yourself as a fantastic, righteous
> > member of the community and also make veiled threats about other peoples
> > computer systems.
>
> There was no threat. I asked if their web site was very secure. No
> remark on anyone compromising any computer systems related to the
> person.
I never said that there was a 'threat', I said that it came across as a
'veiled threat'. Making ambiguous remarks about the security of
someone's webserver after having what amounts to an argument with them
and ending it with an imperative that they ensure it ('Best go check')
certainly comes across as a veiled threat to me.
The best mental check in situations like this is to ask whether or not
if the conversation in question came up in court, a jury would conclude
that the remark was indicative of a threat (or motive) or not, and I
think here the clear answer is yes.
You're free to disagree - as I pointed out, the intention of my message
was either to ensure that "the list [would] have some of their concerns
allayed" (through the answers to the questions I posed you) or to help
you in "[realising] where you're going wrong".
> > I think the majority of people on this list who have an unfavourable
> > reaction to you have it for the following reasons:
>
> I don't care why they unfavour... infact I forget about haters within seconds
The overwhelming impression I get with regard to this (from the number
of replies you make to people who are 'haters', and the veracity with
which you try to hammer home your point and insult them) is that this is
absolutely not the case.
> >
> > * You've never provided any concrete indication that you have any
> > technical knowhow (I've never read a post of yours on a technical topic)
>
> I wasn't aware I had to prove myself
As I'm sure you would have been quick to point out were I to tell you
you did, you don't "have" to do "anything". Again, my point in e-mailing
you (and the list) was to try to bring some element of resolution to all
of this.
One recurring theme of virtually every e-mail that's been sent about you
on this list is the complete lack of respect that (as far as I can see)
everyone who's expressed an opinion has for you - given that I'm sure in
some respect you'd rather have respect at least from those you had
respect for onlist, I can't see how this is a bad thing for you.
I'm sure you can counter with some remark about the respect you have
from people who don't post to the list - but such a remark doesn't do
anything other than save (well, actually, maintain) face for you, and as
the point here is about *ameliorating* the opinion people have of you,
maintaining the existing situation isn't much help if it's all you do.
For my own selfish aims, I like life much better when everyone gets
along (it makes me happy), so I'd rather we were all friends. Or at the
least, kept our bitching to ourselves / conducted it in private
channels.
> >
> > * You (unlike most people who work in "corporate" security) are falling
> > for the trao of hiding behind an alias rather than using your real name.
>
> Theres common sense reasons for using an alias, it doesnt mean youre
> malicious.
I never said it did - my basic point was that there tends to be a
pattern amongst people who work in Information Security and have more
contact with corporations of not hiding about silly aliases, because (in
general) the impression that anyone working 'professionally' has is that
it's unprofessional.
Again, this is all about impression and I'm trying here to help you
improve the impression others have of you, and I think this is a key
point.
Speaking personally, I have an alias (which you appear to have found
already - unsurprising since it's in my signature and appears if you
google for my name) which I've used for quite some time (and still use,
as a nickname), but I make no attempt to hide my real name and haven't
for quite some time.
One important point about this is that aliases are to some extent
disposable, and those who use them don't have a lot to risk in that they
can wipe the alias afresh and start anew. Aside from those amongst us
who just don't care what others think, a name is permanent, and any
remarks you make (and impressions you form) under your real name have a
long shelf life, especially on a mailing list like this.
I know for a fact that this post (along with every other I've made to
this and similar lists) will be kicked up when any employer I go to work
for does an obligatory google of my name. This permanence factor (in my
opinion) tends to make people listen to you more, since there's an
unspoken assumption that anyone posting something under their real name
is doing so understanding what I've just explained, rather than knowing
that their comments don't really matter, aren't representative of them,
etc.
Ther
Re: [Full-disclosure] Return of the Phrack High Council
ffs - why am i rising to this..? ah thats it im bored - only an hour left of werk... then to the pub! yay! n3td3v u are 24. your first language is Spanish. (small possibility Italian). You were not educated in the UK. I doubt you were educated in Europe. I would gamble that you are Brazilian. ( you *might* have done some studding here - uni, or comprehensive ... dunno... personally i doubt it) I dont even think you are in the UK, I think you are in Brazil. Cheers mate Jonny of the Disco Also PHC != Phrack (as many people have stated) - is PHC kaizersauze? we shall see i suppose. yes yes n3td3v i know i sent the last mail to you directly - I cant help it I only have one finger and have to use a stick attached to my forehead to type, cutting and pasting is a little difficult. On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Re: Return of the Phrack High Council
No actually, I think Rodrigo is right ... Most of the non-posting members do dislike these pointless "discussions" ... On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: > Since most subscribers don't post to the list, it would be impossibile > to know what they think. > > On 11/25/05, Rodrigo Barbosa <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > I dislike n3td3v as much as most subscribers of this list, > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Simon Biles CISSP, OPSA, BS7799 Lead Auditor, MBCS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
Since most subscribers don't post to the list, it would be impossibile to know what they think. On 11/25/05, Rodrigo Barbosa <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I dislike n3td3v as much as most subscribers of this list, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I dislike n3td3v as much as most subscribers of this list, but the ammount of noise generated by people complaining about him is much worst than n3td3v himself. Yes, I tend to agree with most comments about n3td3v, but I really think all this spitting game is much more childish than any comment he ever made. If you don't like what he has to say (I know I don't), simply filter his e-mails (I did). But all this noise generated by people complaining whenever he posts something is not helping. For crying out loud, this is a security related list. If you want to complain about someone's knowledge, skills or maturity, take it off the list. The best way to prove he is wrong is not to make the same mistakes, or even worst mistakes than he is doing. Best Regards, PS: I won't reply to this e-mail on list. If you have anything to say to me regarding this message, e-mail me personaly. This is as much noise as I'm willing to add to the list On Fri, Nov 25, 2005 at 03:49:02PM +, James Eaton-Lee wrote: > I don't really want to feed the trolls any more than we as a list > already have, but for your benefit, n3td3v, and in the hope that either > the list will have some of their concerns allayed or you'll realise > where you're going wrong... - -- Rodrigo Barbosa <[EMAIL PROTECTED]> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDhzzopdyWzQ5b5ckRAuakAJ4o8BuqHUl78vBnIRIhzVg7rHYWKQCfZThf FL+nS+iXK4Zl7xXTf4nnLho= =5aJF -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
On 11/25/05, James Eaton-Lee <[EMAIL PROTECTED]> wrote: > I don't really want to feed the trolls any more than we as a list > already have, but for your benefit, n3td3v, and in the hope that either > the list will have some of their concerns allayed or you'll realise > where you're going wrong... You're misinformed advice > Talking about inflaming the situation in one breath and telling someone > you have more right to be here than they do in another doesn't help > either - you should realise this. It was a broadly deserved remark > Last first, making threats doesn't help either - again, you say two > things in one breath - you proclaim yourself as a fantastic, righteous > member of the community and also make veiled threats about other peoples > computer systems. There was no threat. I asked if their web site was very secure. No remark on anyone compromising any computer systems related to the person. > I think the majority of people on this list who have an unfavourable > reaction to you have it for the following reasons: I don't care why they unfavour... infact I forget about haters within seconds > > * You've never provided any concrete indication that you have any > technical knowhow (I've never read a post of yours on a technical topic) I wasn't aware I had to prove myself > > * You (unlike most people who work in "corporate" security) are falling > for the trao of hiding behind an alias rather than using your real name. Theres common sense reasons for using an alias, it doesnt mean youre malicious. > * Your spelling, punctuation, and grammar (for someone who claims to > work in "corporate" security and have years of experience) is terrible. I better go back to grammar school > > * Your understanding of how "corporate security" actually works and how > the security community structured are both fundamentally flawed. I don't believe I have posted any information to allow you to come to that conclusion. > * You have a website hosted on geocities which has content which is, at > best, utterly laughable. Using corporate services allows you to detect bugs when they occur. How else can you detect bugs if you don't regulary use any of a vendor's products? > The overwhelming impression that I get from you, coming from someone who > has seen both sides of the security world, and as someone who does work, > professionally, in information security with large organisations, is > that you're pretentious, fake, and contrived. Frankly, based on your > posts and your website, I get the distinct impression that you're about > 15. I have never worked professionally. I'm also 10 years older than your age guess. > > I'm not trying to attack you in any way, but as someone who I feel is at > least reasonably representative of a substantial proportion of the list, > I think this is probably a fairly un-unique perspective. If you > genuinely want to be taken seriously and really do want to participate, > I'd suggest that you either amend your ways, answer some of our > questions, or stop biting the trollfood. Amend your opinion first > > Chances are that if you are 'just some kid' someday, you may want to > work in IT. It'd probably be in your interest in this case to distance > yourself from 'n3td3v', find an alias (completely disassociated) to use > (or, if you're brave enough, start using your real name), and heed some > of the advice you've been (with varying degrees of kindness) given. We're all kids at heart. This alias is only used to post on public sites. I have a multitude of usernames for intelligence building. You'll never see n3td3v anywhere else. I'm actually heavily involved in your BSRF, but you wouldn't know that, since youre too busy making judgements on people you are misinformed about. Go ask some of your IRC channel operators, many of them are great friends of mine. I'm everywhere and you didn't even know it. Youre commenting on someone you're most likely friends with and you might be making yourself look stupid. I could make you look more stupid in public by reveiling my nickname on your IRC channel and your direct involvement with me by yourself and your channel operators and users of BSRF. > > Even if you don't have the inclination (or ability) to reply sensible, > you might want to at least try and take some of this in! You're welcome > to message me offlist if you're so inclined and have questions. An on list comment must be met by an on list reply. > > - James. Youre James, that makes you ammune from being a n3td3v and wipes any criminality from the minds of many, or thats what you real name people wish people to believe. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
and you have no idea what you are talking about since phrack.org != PHC - Original Message - From: <[EMAIL PROTECTED]> To: "'n3td3v'" <[EMAIL PROTECTED]>; Sent: Friday, November 25, 2005 4:13 PM Subject: RE: [Full-disclosure] Return of the Phrack High Council > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Since the 'phrack' email wasn't coming from phrack.org as the real phrack > team does as usual, and since the 'phrack' email writer is happy to show us > he's 12 or 13, I don't see why you bother guys defending phrack here, it > looks evident that it's not coming from the real phrack team, just ignore > those kiddie's posts ... > > - -Message d'origine- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] De la part de n3td3v > Envoyé : vendredi 25 novembre 2005 15:59 > À : full-disclosure@lists.grok.org.uk > Objet : Re: [Full-disclosure] Return of the Phrack High Council > > Youre playing with fire. Fire that cannot be put out with words but only > inflame the situation of which you are misinformed. > > Your opinion is noted, yet you dont have a right to gag my opinion just > because you don't agree with it. > > I have more right to be on a security list than random people like you who > have never contributed security related information to the international > security community, or have a mailing list of your own, and helped vendors > behind the scenes to protect their security from script kids who wish to > destroy it. > > I have done all above listed and continue to do so. If anyone is trolling, > its individuals such as yourself and infosecbofh who have expressed their > hatred for me and my underground security group in public. Finally, is your > web site very secure? Best go check > > On 11/25/05, Cassidy Macfarlane <[EMAIL PROTECTED]> wrote: > > OK, OK, I ignored the troll earlier about Schneier, but please > > *don't* now start having a go at Phrack ffs. > > > > I thought that you had killed off the n3td3v 'personality'? > > > > I realise I am writing a personal opinion email with no new security > > info, But there was no point in you adding your 0.02p to this > > discussion. > > > > 'outdated'??? Have you read 'smashing the stack'? > > > > No? > > > > Thanks for playing. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > > iQIVAwUBQ4cqLK+LRXunxpxfAQIm/BAAq2R7nMcYxNNBhjmLLvroAq4BYkKt1BWu > EXwGgtZSczuNPmx3hzgZ0sroGsARj04zXAbcpRKpR8/eh58CWe3PpO+TUkp0ydof > vBdKFjJMFP2gp6SX+E/YFdVHyS/YTf3HgqU0hVEyKXZKfLiXtjysJbl71KkpJGZt > KGliEcAsbN65ZO7RMRG+MiKL33De+9dgJS3M7MCOd1AEO8mp/O/cEv27MzAKzC7T > 8zUp7+gFRC+5Vlqgcik5x220bGIvpaIVGzreoGEuk090F67uJZtPTvTWm6mjjrDJ > ytxiNCLAvmwNmSWRRX9npWH0/THFY6h2/YNJYxlOEVC6DSDMeaovwez8lmVGm/vo > mENc23PL+F+d6fsHVRQDvJUwD+9MkeucAdu2rahCYQSLcTZn6KYwDzBh2TNLtiuY > VZf1BHK8ZsGxEGZTgfCfBqf2Sfgc8KXe2VrZ2Xf5IgIYVd3ULpiKQuijd2nq0Gt4 > FGz/z/TXFywKQ7WGpF1w8grsWRV4ggGfwdlwi584jsczNHbZgD0pxS+fJeKSwqRj > OR5RFtidJAj7M7QMpQkN885e/zG+q7dURlBR0PI6NSMPyIR7DS4cm03t5ZuKEdEm > qqxLEH2aWLXbxXSOR4kBIhUXtjWjtxZW20/DTOkAnl9wbRFIeLDF5hrPGJJussSd > u7cW6ee7OzA= > =PvVV > -END PGP SIGNATURE- > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
I don't really want to feed the trolls any more than we as a list already have, but for your benefit, n3td3v, and in the hope that either the list will have some of their concerns allayed or you'll realise where you're going wrong... On Fri, 2005-11-25 at 14:58 +, n3td3v wrote: > Youre playing with fire. Fire that cannot be put out with words but > only inflame the situation of which you are misinformed. > > Your opinion is noted, yet you dont have a right to gag my opinion > just because you don't agree with it. He didn't try to, he asked you some questions. > I have more right to be on a security list than random people like you > who have never contributed security related information to the > international security community, or have a mailing list of your own, > and helped vendors behind the scenes to protect their security from > script kids who wish to destroy it. Talking about inflaming the situation in one breath and telling someone you have more right to be here than they do in another doesn't help either - you should realise this. > I have done all above listed and continue to do so. If anyone is > trolling, its individuals such as yourself and infosecbofh who have > expressed their hatred for me and my underground security group in > public. Finally, is your web site very secure? Best go check Last first, making threats doesn't help either - again, you say two things in one breath - you proclaim yourself as a fantastic, righteous member of the community and also make veiled threats about other peoples computer systems. I think the majority of people on this list who have an unfavourable reaction to you have it for the following reasons: * You've never provided any concrete indication that you have any technical knowhow (I've never read a post of yours on a technical topic) * You (unlike most people who work in "corporate" security) are falling for the trao of hiding behind an alias rather than using your real name. * Your spelling, punctuation, and grammar (for someone who claims to work in "corporate" security and have years of experience) is terrible. * Your understanding of how "corporate security" actually works and how the security community structured are both fundamentally flawed. * You make grandiose allusions to things you know and conversations/relationships/organisations you're privy to, almost all of which are entirely unsubstantiated. * You have a website hosted on geocities which has content which is, at best, utterly laughable. * You are inconsistent and hypocritical (one example being the fact that you did indeed announce to the list that you were "dead" and going to change alias, and have since - as far as we can see - dropped that). The overwhelming impression that I get from you, coming from someone who has seen both sides of the security world, and as someone who does work, professionally, in information security with large organisations, is that you're pretentious, fake, and contrived. Frankly, based on your posts and your website, I get the distinct impression that you're about 15. I'm not trying to attack you in any way, but as someone who I feel is at least reasonably representative of a substantial proportion of the list, I think this is probably a fairly un-unique perspective. If you genuinely want to be taken seriously and really do want to participate, I'd suggest that you either amend your ways, answer some of our questions, or stop biting the trollfood. Chances are that if you are 'just some kid' someday, you may want to work in IT. It'd probably be in your interest in this case to distance yourself from 'n3td3v', find an alias (completely disassociated) to use (or, if you're brave enough, start using your real name), and heed some of the advice you've been (with varying degrees of kindness) given. Even if you don't have the inclination (or ability) to reply sensible, you might want to at least try and take some of this in! You're welcome to message me offlist if you're so inclined and have questions. - James. > On 11/25/05, Cassidy Macfarlane <[EMAIL PROTECTED]> wrote: > > OK, OK, I ignored the troll earlier about Schneier, but please > > *don't* now start having a go at Phrack ffs. > > > > I thought that you had killed off the n3td3v 'personality'? > > > > I realise I am writing a personal opinion email with no new security > > info, > > But there was no point in you adding your 0.02p to this discussion. > > > > 'outdated'??? Have you read 'smashing the stack'? > > > > No? > > > > Thanks for playing. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- James (njan) Eaton-Lee | 10807960 Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: http://www.bsrf.org.uk - http://www.security-forums.com ca:https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIM
Re: [Full-disclosure] Return of the Phrack High Council
anyone can make their own mailinglists numbskull as for your so called contributions i would hardly call them that and thirdly you have no more right to be on any list than say for instance an ant now go suck a lemon :) On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: Youre playing with fire. Fire that cannot be put out with words butonly inflame the situation of which you are misinformed. Your opinion is noted, yet you dont have a right to gag my opinionjust because you don't agree with it.I have more right to be on a security list than random people like youwho have never contributed security related information to the international security community, or have a mailing list of your own,and helped vendors behind the scenes to protect their security fromscript kids who wish to destroy it.I have done all above listed and continue to do so. If anyone is trolling, its individuals such as yourself and infosecbofh who haveexpressed their hatred for me and my underground security group inpublic. Finally, is your web site very secure? Best go checkOn 11/25/05, Cassidy Macfarlane < [EMAIL PROTECTED]> wrote:> OK, OK, I ignored the troll earlier about Schneier, but please> *don't* now start having a go at Phrack ffs. >> I thought that you had killed off the n3td3v 'personality'?>> I realise I am writing a personal opinion email with no new security> info,> But there was no point in you adding your 0.02p to this discussion.>> 'outdated'??? Have you read 'smashing the stack'?>> No?>> Thanks for playing.___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ -- smile tomorrow will be worse ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Return of the Phrack High Council
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Since the 'phrack' email wasn't coming from phrack.org as the real phrack team does as usual, and since the 'phrack' email writer is happy to show us he's 12 or 13, I don't see why you bother guys defending phrack here, it looks evident that it's not coming from the real phrack team, just ignore those kiddie's posts ... - -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de n3td3v Envoyé : vendredi 25 novembre 2005 15:59 À : full-disclosure@lists.grok.org.uk Objet : Re: [Full-disclosure] Return of the Phrack High Council Youre playing with fire. Fire that cannot be put out with words but only inflame the situation of which you are misinformed. Your opinion is noted, yet you dont have a right to gag my opinion just because you don't agree with it. I have more right to be on a security list than random people like you who have never contributed security related information to the international security community, or have a mailing list of your own, and helped vendors behind the scenes to protect their security from script kids who wish to destroy it. I have done all above listed and continue to do so. If anyone is trolling, its individuals such as yourself and infosecbofh who have expressed their hatred for me and my underground security group in public. Finally, is your web site very secure? Best go check On 11/25/05, Cassidy Macfarlane <[EMAIL PROTECTED]> wrote: > OK, OK, I ignored the troll earlier about Schneier, but please > *don't* now start having a go at Phrack ffs. > > I thought that you had killed off the n3td3v 'personality'? > > I realise I am writing a personal opinion email with no new security > info, But there was no point in you adding your 0.02p to this > discussion. > > 'outdated'??? Have you read 'smashing the stack'? > > No? > > Thanks for playing. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ4cqLK+LRXunxpxfAQIm/BAAq2R7nMcYxNNBhjmLLvroAq4BYkKt1BWu EXwGgtZSczuNPmx3hzgZ0sroGsARj04zXAbcpRKpR8/eh58CWe3PpO+TUkp0ydof vBdKFjJMFP2gp6SX+E/YFdVHyS/YTf3HgqU0hVEyKXZKfLiXtjysJbl71KkpJGZt KGliEcAsbN65ZO7RMRG+MiKL33De+9dgJS3M7MCOd1AEO8mp/O/cEv27MzAKzC7T 8zUp7+gFRC+5Vlqgcik5x220bGIvpaIVGzreoGEuk090F67uJZtPTvTWm6mjjrDJ ytxiNCLAvmwNmSWRRX9npWH0/THFY6h2/YNJYxlOEVC6DSDMeaovwez8lmVGm/vo mENc23PL+F+d6fsHVRQDvJUwD+9MkeucAdu2rahCYQSLcTZn6KYwDzBh2TNLtiuY VZf1BHK8ZsGxEGZTgfCfBqf2Sfgc8KXe2VrZ2Xf5IgIYVd3ULpiKQuijd2nq0Gt4 FGz/z/TXFywKQ7WGpF1w8grsWRV4ggGfwdlwi584jsczNHbZgD0pxS+fJeKSwqRj OR5RFtidJAj7M7QMpQkN885e/zG+q7dURlBR0PI6NSMPyIR7DS4cm03t5ZuKEdEm qqxLEH2aWLXbxXSOR4kBIhUXtjWjtxZW20/DTOkAnl9wbRFIeLDF5hrPGJJussSd u7cW6ee7OzA= =PvVV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Return of the Phrack High Council
N3td3v, I have several groups on Yahoo Groups...does that make a expert? Nope. Same goes for you..you setup a free Google group and then just pour feeds into it. People might as well get a RSS Reader and go it on their own. You hate blackhats, you have whitehats and you hate people that don't pay you your "respect"...if you are so big..then why are you hiding your ID? People that have nothing to hide...normally don't. As for your planned "death"..it isn't working so well is it? I saw around 20 comments on CNET Tallback yesterday from your name alone... > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v > Sent: Friday, November 25, 2005 8:59 AM > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Return of the Phrack High Council > > Youre playing with fire. Fire that cannot be put out with > words but only inflame the situation of which you are misinformed. > > Your opinion is noted, yet you dont have a right to gag my > opinion just because you don't agree with it. > > I have more right to be on a security list than random people > like you who have never contributed security related > information to the international security community, or have > a mailing list of your own, and helped vendors behind the > scenes to protect their security from script kids who wish to > destroy it. > > I have done all above listed and continue to do so. If anyone > is trolling, its individuals such as yourself and infosecbofh > who have expressed their hatred for me and my underground > security group in public. Finally, is your web site very > secure? Best go check > > On 11/25/05, Cassidy Macfarlane > <[EMAIL PROTECTED]> wrote: > > OK, OK, I ignored the troll earlier about Schneier, but please > > *don't* now start having a go at Phrack ffs. > > > > I thought that you had killed off the n3td3v 'personality'? > > > > I realise I am writing a personal opinion email with no new > security > > info, But there was no point in you adding your 0.02p to this > > discussion. > > > > 'outdated'??? Have you read 'smashing the stack'? > > > > No? > > > > Thanks for playing. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
Youre playing with fire. Fire that cannot be put out with words but only inflame the situation of which you are misinformed. Your opinion is noted, yet you dont have a right to gag my opinion just because you don't agree with it. I have more right to be on a security list than random people like you who have never contributed security related information to the international security community, or have a mailing list of your own, and helped vendors behind the scenes to protect their security from script kids who wish to destroy it. I have done all above listed and continue to do so. If anyone is trolling, its individuals such as yourself and infosecbofh who have expressed their hatred for me and my underground security group in public. Finally, is your web site very secure? Best go check On 11/25/05, Cassidy Macfarlane <[EMAIL PROTECTED]> wrote: > OK, OK, I ignored the troll earlier about Schneier, but please > *don't* now start having a go at Phrack ffs. > > I thought that you had killed off the n3td3v 'personality'? > > I realise I am writing a personal opinion email with no new security > info, > But there was no point in you adding your 0.02p to this discussion. > > 'outdated'??? Have you read 'smashing the stack'? > > No? > > Thanks for playing. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
netdev you little pimple we thought you were supposed to "die" ?phrack shows very important initative against the disturbing growth in whitehat activities On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: Phrack is greatly outdated and should be laid to rest. 21st centurygroups are far more advanced than Phrack can ever be any more. Time for people to stop riding on the Phrack name and move on. Maybe youshould form a new group with a new name. Milking Phrack for all itsworth won't benefit anyone. There are alternative groups alreadysetup deep within the under world who don't come forward and advertise their presence. Keep the dream alive...___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- smile tomorrow will be worse ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
Why does posts from n3td3v, phc and InfosecBOFH appear very similar? Google Mail not putting something similar to X-Originating-IP has given some kiddies an even easier way to create differerent personas and go around promoting their fantasy role-playing without even having to hide their IP addresses. On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: Phrack is greatly outdated and should be laid to rest. 21st centurygroups are far more advanced than Phrack can ever be any more. Time for people to stop riding on the Phrack name and move on. Maybe youshould form a new group with a new name. Milking Phrack for all itsworth won't benefit anyone. There are alternative groups alreadysetup deep within the under world who don't come forward and advertise their presence. Keep the dream alive...___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Return of the Phrack High Council
OK, OK, I ignored the troll earlier about Schneier, but please *don't* now start having a go at Phrack ffs. I thought that you had killed off the n3td3v 'personality'? I realise I am writing a personal opinion email with no new security info, But there was no point in you adding your 0.02p to this discussion. 'outdated'??? Have you read 'smashing the stack'? No? Thanks for playing. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 25 November 2005 14:05 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Return of the Phrack High Council Phrack is greatly outdated and should be laid to rest. 21st century groups are far more advanced than Phrack can ever be any more. Time for people to stop riding on the Phrack name and move on. Maybe you should form a new group with a new name. Milking Phrack for all its worth won't benefit anyone. There are alternative groups already setup deep within the under world who don't come forward and advertise their presence. Keep the dream alive... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
Ya n3td3v, step up and get owned.hahaha f00l On 11/25/05, n3td3v <[EMAIL PROTECTED]> wrote: Phrack is greatly outdated and should be laid to rest. 21st centurygroups are far more advanced than Phrack can ever be any more. Time for people to stop riding on the Phrack name and move on. Maybe youshould form a new group with a new name. Milking Phrack for all itsworth won't benefit anyone. There are alternative groups alreadysetup deep within the under world who don't come forward and advertise their presence. Keep the dream alive...___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
Phrack is greatly outdated and should be laid to rest. 21st century groups are far more advanced than Phrack can ever be any more. Time for people to stop riding on the Phrack name and move on. Maybe you should form a new group with a new name. Milking Phrack for all its worth won't benefit anyone. There are alternative groups already setup deep within the under world who don't come forward and advertise their presence. Keep the dream alive... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Philippine Security Group
I thought phteam is a Philippine based cracker group, and not an anti-cybercrime group? > From: > Date: Fri, 25 Nov 2005 00:24:25 -0800 > > We are phteam and we're a newly established anti-cybercrime group in the > Philippines and we're glad to be on this list. Mabuhay! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacking Boot camps!: certifications
The instructor in my CISSP CBK review camp - very useful and informative, FOR MY MILEAGE; it was from The Training Camp in UK - said that they introduced the limit of having some years of experience in obtaining the CISSP, after a 12 y.o. passed the exam - he was the son of a software programmer somewhat knowledgeable about security... And I have to add: guys from USA, which are addicted into one-out-of-four multiple choice exams because, for instance, they also did that at school, driver license exams, etc. have a great advantage over European-style educated persons like me, which for instance rarely did University exams on paper: in the 90% of the University exams, we are questioned "live" by the professor and we have to demonstrate real knowledgeably of the argument through arguing and speaking - we can't simply guess the multiple choices... this has actually a drawback on this kind of tests: we may know a topic, extensively talk about it, have real working experience on it, but being not very good in doing multiple choice exams - while someone who has more practice on this kind of exam could overcome our results even if he/she knows HALF about the topic than me - I feel this unfair (anyway, I passed the exam ;-)). Back on the employers and DICE search... I don't think you can simply compare different certifications in this way... they are very different, and so employer requirements... and who knows, maybe the 116 GIAC positions are way better than the 677 CISSP positions... just look at how many employers look at a simple and stupid CCNA certification... you are not going to become rich because there are 10,000 open positions for CCNA certificated - they are simple "SHOW LOG" guys :-) - or MCSE or MCSD Visual Basic developer..., etc. Cheers On 11/24/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > But my dear friends... one can lie and still get his CISSP. I know of > at least 3 different people who are NEW to infosec but faked some > experience for their CISSP. Hell, I lied on my application and got my > CISSP yet I still ./ my way around the interweb. [...] -- Marco Ermini Dubium sapientiae initium. (Descartes) [EMAIL PROTECTED] # mount -t life -o ro /dev/dna /genetic/research (This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the original.) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200511-21 ] Macromedia Flash Player: Remote arbitrary code execution
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Macromedia Flash Player: Remote arbitrary code execution Date: November 25, 2005 Bugs: #112251 ID: 200511-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A vulnerability has been identified that allows arbitrary code execution on a user's system via the handling of malicious SWF files. Background == The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-www/netscape-flash < 7.0.61>= 7.0.61 Description === When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier stored in the SWF file which is used as an index to reference an array of function pointers. A specially crafted SWF file can cause this index to reference memory outside of the scope of the Macromedia Flash Player, which in turn can cause the Macromedia Flash Player to use unintended memory address(es) as function pointers. Impact == An attacker serving a maliciously crafted SWF file could entice a user to view the SWF file and execute arbitrary code on the user's machine. Workaround == There is no known workaround at this time. Resolution == All Macromedia Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-www/netscape-flash-7.0.61" References == [ 1 ] CVE-2005-2628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628 [ 2 ] Macromedia Announcement http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200511-21.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hacking Boot camps!
On 11/24/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote: > Bottom line is... and you can ignore the SANS instructor/SANS zealot post... > > SANS = SHIT. > > Now that I am in a position with my employer to hire and fire > people... I will not even consider an applicant who touts his SANS > certification as something to be proud of or something to make him > more skilled than the next. You should apply that to ANY certification... IMHO [...] > You know what makes me smile everyday... the knowledge in knowing that > I am not the only senior infosec person at a major corporation who > feels this way about SANS. > > Fuck SANS. FUCK EM ALL! [...] While I don't have any clue about SANS, I think that mileage may vary for everything and truth is never just on one side (or if you prefer, the world is not just black and white and there are shades of grey... you got it). So I tend to not listen to "extreme" opinions about almost anything. You must admit that your way of expressing disagreement about SANS work did not help itself to be considered a pondered and well founded opinion... Cheers -- Marco Ermini Dubium sapientiae initium. (Descartes) [EMAIL PROTECTED] # mount -t life -o ro /dev/dna /genetic/research (This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the original.) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Philippine Security Group
We are phteam and we're a newly established anti-cybercrime group in the Philippines and we're glad to be on this list. Mabuhay! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Window's O/S
Title: Message yes it does: WIN2K server SP4, IE6P1 what do you mean by 'srp5'? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aditya DeshmukhSent: 25 November 2005 03:28To: 'jacob jango'; full-disclosure@lists.grok.org.ukSubject: RE: [Full-disclosure] Window's O/S this does not work on win2k sp4 srp5 Not sure if you guys are aware of this issue windows XP...!! create an folder on deskop and name it as "notepad". open internet explorer > go to view > source code > this will open the contents of notepad folder!! Yahoo! Music Unlimited - Access over 1 million songs. Try it free. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM
SEC-CONSULT Security Advisory < 20051125-0 > === title: Even More Vulnerabilities in VTiger CRM program: vtiger CRM vulnerable version: 4.2 and earlier homepage: http://www.vtiger.com found: 2005-11-06 by: D. Fabian / SEC-CONSULT / www.sec-consult.com === Vendor Description: --- vtiger CRM is an Open Source CRM software mainly for small and medium businesses. vtiger CRM is built over proven, fast, and reliable LAMP/WAMP (Linux/Windows, Apache, MySQL, and PHP) technologies and other open source projects. vtiger CRM leverages the benefits of Open Source software and adds more value to the end-users by providing many enterprise features, such as sales force automation, customer support & service, marketing automation, inventory management, multiple database support, security management, product customization, calendaring, E-mail integration, add-ons, and others. [Source: www.vtiger.com] Vulnerabilty Overview: --- A short security analysis of the CRM system revealed multiple serious vulnerabilities that might result in: - administrator account takeover, - cookie/session information theft, - database manipulation (reading & deleting data), - remote code execution. The following classes of security vulnerabilities have been found: - SQL Injection - Cross Site Scripting - Path Traversal/File Disclosure - Code Execution - Arbitrary File Upload It seems that Christopher Kunz from the hardened-php project independently also discovered some of the exploits described in this advisory. Since they released their advisory without a patch being available, customer risk is already high and we'd like to add the results of our research. Vulnerability Details: --- ### Multiple SQL Injection Vulnerabilities Practically all SQL statements in vtiger CRM are vulnerable to SQL injection. Most seriously, the login form is vulnerable, and can be tricked into logging in as administrator by supplying the form with a username like "admin' or '1'='1" and an arbitrary password. But also the record parameter is vulnerable to SQL injection and can be used to delete or read data (e.g. index.php?action=EditView&module= Contacts&record=15+or+1=1&return_module=Contacts&return_action=index). Noteably, these attacks also work if the "magic_quote" parameter in php.ini is set to "on". ### Cross Site Scripting Just like with SQL Injection, most parameters are vulnerable to XSS. Most seriously however, the values stored in the database are also not filtered for HTML tags. Thus it is possible to create for example a new account with a name like "alert(123)". Whenever another user has a look at the list of accounts, the javascript is executed. This allows an attacker to collect cookies from other users to subsequently perform session highjacking attacks. ### Path Traversal/File Disclosure Multiple parameters are vulnerable to file disclosure attacks. These attacks are based on unchecked user input being used in "include" or "require" php functions. On the one hand, this allows an attacker to disclose arbitrary files from the webserver. On the other hand, in conjunction with the file upload functionality, the flaw can be used to perform remote command execution, by simply uploading a file containing php code and including it using the following attacks: index.php?module=../../../../../../../etc/hosts%00&action=index&record= index.php?module=Leads&action=../../../../../../etc/hosts%00&record= These attacks can also be performed even if the php parameter magic_quotes is "on". ### Remote Code Execution The file given by the parameter "templatename" is parsed and its input is passed to eval() without any prior validation. Example: index.php?module=Users&action=TemplateMerge&templatename= /path/to/malicious/uploaded/file ### Arbitrary File Upload Using the URL index.php?module=uploads&action=add2db it is possible to upload arbitrary files, including files with the .php extension, resulting in arbitrary code execution. Additional Comments: --- This advisory is by no means a complete listing of all vulnerabilities in vtiger CRM. It is very likely that there is quite a number of more flaws. We'd like to stretch that our research was conducted independently and without knowledge of Christopher Kunz's results. Since it's a first come first serve world, credits for a subset of the flaws described in this advisory go to him. Vulnerable Versions: --- All of the above vulnerabilities have been found in vtiger CRM version 4.2. Earlier versions are very likely also vulnera
