[Full-disclosure] When will Matasano stop the retarded commentary?
SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE New year is about to come and no one become man enough to question matasanos retarded commentary on over the last year or so .. this include talk on retarded virtualization, good old humble hacker name dropping .. finger pointing and over all ridiculous security debate them carry out on poor unsuspecting people .. .. Let gobble and one decent English speaking friend explain to media about the whole story... First there was Scut, Jimjones and Gobbles by far the very best ass kickers from 2001 to 2005. (Please not the exact time lines as Matasano retards love showing off there knowledge about the scene with rough time estimates and good old name dropping) This become evident with pointing Danny Dulia, Tim Newshman and Nergal in retarded blog. Before he stray, It was fun to watch everyone love these guys talking shots at security researcher who think listening to RB music and security research go hand in hand. A classic example from 2003, was by Zen-parse aka Gregg McManus, now working in idefense. (matasano plz note respected security member name in diary. Gobble also advice to hang out on irc for better name throwing of mysterious hacker community like above). However Gobble also think that name throwing to public about old school hacker history dont allow rise in sales figures. Infact it make Dino leave to Investment banks in East USA for better money and overall well being in day to day life. Anyways, Zen parse do good job of shooting fat HD moor in his fat Achillis bitch tits about his dumb turkey like telnet AYT exploit discussions in public Now HD work hard, porting buffer overflow code from C to Perl and Perl to Ruby in metasploit. He do this to help hacker community from emerging country earn decent living. He lie in bed and wonder like Forest Gump, that one day, metasploit have all nice API feature of Core Impact, and Dave Aitels special CDE double free exploit. He beg lorian for 7350fun source as php_mime_slit() function confuse his straight thinking brain. It also cause hurt when he don't understand why memchr() function allow buffer overflow, but not always exploitable. However HD's first priority remain to reduce drastic weight after marriage first !!! Gobble suggestion: Hi HD, If one feels that he cant cope with the pressures of tracking lots of variables in C code function for buffer overflow analyses, one should hang on #c or eat some fruit. This is better than resigning to ones fate and copy core impact exploit code scavenged from limwire and emule!!! Gobble also give HD a small tip on code analysis .. don't just stare at C code if you don't understand. Paste complex code on #c once again under proxy name .. it allow quick relief and avoid brain damage of Texan breast face !! Now Gobble feel that being a matasano hate mail , oneself should not stray from point of focus and continue writing about main subject of this electronic e-mail's intention. As I feel strong feelings about matasano, I see Lot of people see there blog and get back onto doing better things like finishing OWASP executive summaries and recommendation tables for fun filled reports. This is because security consultants get paid for report writing, and not reading retarded blogs about security related pillow fights from matasano lemon boys .. Let gobble enlighten security community about various matasano profile .. It decide to start with Dave Gold smith .. the grumpy old idiot of matasano .. sorry dave, sad you make no money on @stake buyout .. His bio on matasano says the following Dave Goldsmith co-invented fire walking, Yes David, thanks for co-inventing fire walking, what else did you CO invent, oh yes you CO wrote the first i386 buffer overflow paper too eh ??? Oh wait a minute!!! Why not just CO SHUTUP for a change -- Gobble interruption in email -- Dave, he feel hiring portal- from security.is allow Matasano for better PR and give chance for original content that's not CO written. See Dave, portal write first format string paper, it known as art.txt. This tactic allow better boasting of Matasano. Further, it increase drastic fan following level, in turn making Dave chuckle and cream his nappy at same time - Self Thanks for giving Dave good idea!!! Jeremy Rauch, F33r the B33r!! Jeremy come with ORIGINAL member dog tag of ISS ex-force. This is what he claim on matasano biographies. He become first hacker interior decorator and make ISS lab look cool with pet tarantula and DMZ LAN diagram. He co find bug in Super package in Debian and reproduce hidden SNMP community in HP OpenView ( Kidding Jeremy, we know you are the best ) Thanks to magnificent finding, Mark Dowd, Neel Mehta , Caddis take notice and get inspiration to join Jeremy's cute dream team. Sadly young members with bright mind make idiot Jeremy redundant. ISS then decide to rename ex-force to X force, sigh!!! Now Dinos turn. But hey … Gobble don't talk bad about Dino.
[Full-disclosure] [SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA 1407-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff November 18, 2007 http://www.debian.org/security/faq - Package: cupsys Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-4351 Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. For the stable distribution (etch), this problem has been fixed in version 1.2.7-4etch1. Updated packages for the arm architecure will be provided later. The cupsys version in the old stable distribution (sarge) is not vulnerable to arbitrary code execution. We recommend that you upgrade your cupsys packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.diff.gz Size/MD5 checksum: 102236 6a73afdc41561116f156326fd9d7fd0a http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.dsc Size/MD5 checksum: 1084 0331998422b6b0e7d8461050918762a0 Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch1_all.deb Size/MD5 checksum: 892958 b72f4306cdcc411968bc54491ac6696b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch1_all.deb Size/MD5 checksum:45176 6ca4f99c22bf3e6eec0079e8a01a68ef alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_alpha.deb Size/MD5 checksum: 1096368 6523296d1d1613a7cfd36bd265c974f7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_alpha.deb Size/MD5 checksum: 184368 c7e3133c196127974d6b71c67358c246 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_alpha.deb Size/MD5 checksum:39260 b8d5365d556d5b64963e3b6178d68b22 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_alpha.deb Size/MD5 checksum:86290 45dfb12be30b25e61cf8bf460e97911e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_alpha.deb Size/MD5 checksum: 174548 b1ee2a0d2bb0735d0b2bbf7c0e40476e http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_alpha.deb Size/MD5 checksum:94398 15b3f227f555b1941989759912973848 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_alpha.deb Size/MD5 checksum: 1608552 b80b721d60e124eb4c05f435030871ea http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_alpha.deb Size/MD5 checksum:72420 6737d2589f6a677163c4c87e635dd0fd amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_amd64.deb Size/MD5 checksum: 1085590 2be48ac8d50f01f7ecf2a5b114ec6d05 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_amd64.deb Size/MD5 checksum: 161610 4239e0f75c12f2210a3df46906dcd04c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_amd64.deb Size/MD5 checksum:85250 0ea980db61895312baaf357a226bf184 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_amd64.deb Size/MD5 checksum:80708 cefeab800fbd1e48171372203d23f603 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_amd64.deb Size/MD5 checksum:52852 af100770f7496a6e3ab8d03283c3c170 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_amd64.deb Size/MD5 checksum: 1574368 fbcc426835208cdf90a16c2d8d876ea5 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_amd64.deb Size/MD5 checksum:36356 4ced6fa9d3fa0f490d42b706d6fbc2d7
[Full-disclosure] Bluetooth Security; Bluetooth Penetration Testing Framework
Bluetooth Penetration Testing Framework http://bluetooth-pentest.narod.ru/ Bluetooth hackers community blog focused on security http://bluetoothsecurity.wordpress.com/ Bt maillist http://darkircop.org/mailman/listinfo/bt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bluetooth Security; Bluetooth Penetration Testing Framework
good resource. On Nov 18, 2007 6:06 PM, Odley Mike [EMAIL PROTECTED] wrote: Bluetooth Penetration Testing Framework http://bluetooth-pentest.narod.ru/ Bluetooth hackers community blog focused on security http://bluetoothsecurity.wordpress.com/ Bt maillist http://darkircop.org/mailman/listinfo/bt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to become a Computer Security Professional ?
The first step is to never send email to the full-disclosure list ever again. The second step is to learn the word google. Shirkdog ' or 1=1-- http://www.shirkdog.us Date: Sat, 17 Nov 2007 19:08:46 +0600 From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] How to become a Computer Security Professional ? What are the steps to follow to become a computer security professional ?, to be able to research vulnerabilities ?, code exploits ? What do I have to learn ? and which learning resources and books would be nice ? I've learned C programming, C# programming, PHP , SQL and i know how to use Linux and right now, i'm learning assembly language and linux programming . is it the right way to go ? should I learn Windows programming as well ? It's always been my dream. Waiting for any suggestions ? __ Message sent through the Mailserver of IUT -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Your smile counts. The more smiles you share, the more we donate. Join in. www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Crash in LIVE555 Media Server 2007.11.01
###
Luigi Auriemma
Application: LIVE555 Media Server
http://www.live555.com/mediaServer/
Versions: = 2007.11.01
Platforms:*nix, Windows, Mac and others
Bug: crash caused by access to unallocated memory
Exploitation: remote, versus server
Date: 18 Nov 2007
Author: Luigi Auriemma
e-mail: [EMAIL PROTECTED]
web:aluigi.org
###
1) Introduction
2) Bug
3) The Code
4) Fix
###
===
1) Introduction
===
LIVE555 Media Server is an open source RTSP server application released
under LGPL.
###
==
2) Bug
==
The function which handles the incoming queries from the clients is
affected by a vulnerability which allows an attacker to crash the
server remotely using the smallest RTSP query possible to use.
This problem is caused by the absence of an instruction for checking if
the amount of client's data (reqStrSize) is longer or equal than 8
bytes because the function makes use of unsigned numbers, so 7 - 8 is
not -1 but 4294967295, resulting in a crash caused by the reaching of
the end of the allocated memory.
From liveMedia/RTSPCommon:
Boolean parseRTSPRequestString(char const* reqStr,
unsigned reqStrSize,
...
unsigned i;
for (i = 0; i resultCmdNameMaxSize-1 i reqStrSize; ++i) {
...
// Skip over the prefix of any rtsp:// or rtsp:/ URL that follows:
unsigned j = i+1;
while (j reqStrSize (reqStr[j] == ' ' || reqStr[j] == '\t')) ++j;
for (j = i+1; j reqStrSize-8; ++j) {
...
###
===
3) The Code
===
http://aluigi.org/poc/live555x.zip
###
==
4) Fix
==
Version 2007.11.18
###
---
Luigi Auriemma
http://aluigi.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Poppler, KDE: User-assisted execution of arbitrary code Date: November 18, 2007 Bugs: #196735, #198409 ID: 200711-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Poppler and various KDE components are vulnerable to multiple memory management issues possibly resulting in the execution of arbitrary code. Background == Poppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. Affected packages = --- Package / Vulnerable / Unaffected --- 1 app-text/poppler 0.6.1-r1 = 0.6.1-r1 2 kde-base/kpdf 3.5.8-r1 *= 3.5.7-r3 = 3.5.8-r1 3 kde-base/kdegraphics 3.5.8-r1 *= 3.5.7-r3 = 3.5.8-r1 4 app-office/kword 1.6.3-r2 = 1.6.3-r2 5 app-office/koffice1.6.3-r2 = 1.6.3-r2 --- 5 affected packages on all of their supported architectures. --- Description === Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption (CVE-2007-4352). Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Impact == By enticing a user to view or process a specially crafted PDF file with KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, ePDFView, and Evince or the CUPS printing system, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround == There is no known workaround at this time. Resolution == All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-text/poppler-0.6.1-r1 All KPDF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =kde-base/kpdf-3.5.7-r3 All KDE Graphics Libraries users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =kde-base/kdegraphics-3.5.7-r3 All KWord users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/kword-1.6.3-r2 All KOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-office/koffice-1.6.3-r2 References == [ 1 ] CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 [ 2 ] CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 [ 3 ] CVE-2007-5393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-22.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHQKbHuhJ+ozIKI5gRAl/iAJ0XNSINVi0zD5q+JKbQ1EGRzkV6HACeNp/n
[Full-disclosure] [ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VMware Workstation and Player: Multiple vulnerabilities Date: November 18, 2007 Bugs: #193196 ID: 200711-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis VMware guest operating systems might be able to execute arbitrary code with elevated privileges on the host operating system through multiple flaws. Background == VMware Workstation is a virtual machine for developers and system administrators. VMware Player is a freeware virtualization software that can run guests produced by other VMware products. Affected packages = --- Package /Vulnerable/ Unaffected --- 1 vmware-workstation 6.0.1.55017 *= 5.5.5.56455 = 6.0.1.55017 2 vmware-player2.0.1.55017 *= 1.0.5.56455 = 2.0.1.55017 --- 2 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that the DHCP server contains an integer overflow vulnerability (CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and another error when handling malformed packets (CVE-2007-0061), leading to stack-based buffer overflows or stack corruption. Rafal Wojtczvk (McAfee) discovered two unspecified errors that allow authenticated users with administrative or login privileges on a guest operating system to corrupt memory or cause a Denial of Service (CVE-2007-4496, CVE-2007-4497). Another unspecified vulnerability related to untrusted virtual machine images was discovered (CVE-2007-5617). VMware products also shipped code copies of software with several vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow (GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813, CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146). Impact == Remote attackers within a guest system could possibly exploit these vulnerabilities to execute code on the host system with elevated privileges or to cause a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All VMware Workstation users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-emulation/vmware-workstation-5.5.5.56455 All VMware Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-emulation/vmware-player-1.0.5.56455 References == [ 1 ] CVE-2004-0813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813 [ 2 ] CVE-2006-3619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619 [ 3 ] CVE-2006-4146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146 [ 4 ] CVE-2006-4600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600 [ 5 ] CVE-2007-0061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061 [ 6 ] CVE-2007-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062 [ 7 ] CVE-2007-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063 [ 8 ] CVE-2007-1716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716 [ 9 ] CVE-2007-4496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496 [ 10 ] CVE-2007-4497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497 [ 11 ] CVE-2007-5617 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617 [ 12 ] GLSA-200606-02 http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml [ 13 ] GLSA-200702-06 http://www.gentoo.org/security/en/glsa/glsa-200702-06.xml [ 14 ] GLSA-200704-11 http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml [ 15 ] GLSA-200705-15 http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml [ 16 ] GLSA-200707-11 http://www.gentoo.org/security/en/glsa/glsa-200707-11.xml [ 17 ] VMSA-2007-0006
[Full-disclosure] [ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Thunderbird: Multiple vulnerabilities Date: November 18, 2007 Bugs: #196481 ID: 200711-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Mozilla Thunderbird, which may allow user-assisted arbitrary remote code execution. Background == Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages = --- Package / Vulnerable / Unaffected --- 1 mozilla-thunderbird 2.0.0.9 = 2.0.0.9 2 mozilla-thunderbird-bin 2.0.0.9 = 2.0.0.9 --- 2 affected packages on all of their supported architectures. --- Description === Multiple vulnerabilities have been reported in Mozilla Thunderbird's HTML browser engine (CVE-2007-5339) and JavaScript engine (CVE-2007-5340) that can be exploited to cause a memory corruption. Impact == A remote attacker could entice a user to read a specially crafted email that could trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code. Workaround == There is no known workaround at this time for all of these issues, but some of them can be avoided by disabling JavaScript. Resolution == All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/mozilla-thunderbird-2.0.0.9 All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =mail-client/mozilla-thunderbird-bin-2.0.0.9 References == [ 1 ] CVE-2007-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 [ 2 ] CVE-2007-5340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340 [ 3 ] GLSA 200711-14 http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-24.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHQK+juhJ+ozIKI5gRAvrmAJwIT9nGWtqALR9wOwqrpfCozEOVRgCfR36N iiySbPAelqZNMW6jkMzSt6w= =6BMP -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Certificate spoofing issue with Mozilla, Konqueror, Safari 2
Moin * Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2 do not bind a user-approved webserver certificate to the originating domain name. This makes the user vulnerable to certificate spoofing by subjectAltName:dNSName extensions. I set up a demonstration at http://test.eonis.net/, check it out. For details (vulnerable versions, vendor status, bug ids ...) see http://nils.toedtmann.net/pub/subjectAltName.txt Attack scenario: (1) Assumed a phisher could redirect a user's browser to his prepared https webserver spoofing www.paypal.com (by DNS spoofing or domain hijacking or other MITM attack). But the user's browser would raise an unknown CA warning because the phisher does not have a certificate for www.paypal.com issued by a browser-trusted CA (that's what X.509 and TLS is all about!). Thus, the phisher defers this step. (2) The phisher creates another website www.example.com (not spoofed) and a home brewed X.509 cert: DN=CN=www.example.com subjectAltName:dNSName=www.example.com subjectAltName:dNSName=www.paypal.com and lures the user to https://www.example.com/. The user gets an unknown CA warning, but the subjectAltName:dNSName extensions are not shown to him, so the cert looks ok. As he does not plan to enter any private information, he accepts it (temporarily or permanently) and proceeds. (3) Any time later (if the cert got accepted temporarily this has to happen within the same session), the phisher lures the user to his spoofed https://www.paypal.com/, using the very same self-signed certificate - NO WARNING! In the end, the cert warning and the spoofing attempt get separated into two events which appear to the user as being unrelated. I consider this a severe cert-spoofing issue, aggravated by the fact that affected browsers also match any hostname with subjectAltName:dNSName=*. For Mozilla, this issue is known for more than three years without being fixed. Regards, /nils. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200711-25 ] MySQL: Denial of Service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Denial of Service Date: November 18, 2007 Bugs: #198988 ID: 200711-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A Denial of Service vulnerability was found in MySQL. Background == MySQL is a popular multi-threaded, multi-user SQL server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-db/mysql 5.0.44-r2= 5.0.44-r2 Description === Joe Gallo and Artem Russakovskii reported an error in the convert_search_mode_to_innobase() function in ha_innodb.cc in the InnoDB engine that is leading to a failed assertion when handling CONTAINS operations. Impact == A remote authenticated attacker with ALTER privileges could send a specially crafted request to a vulnerable database server possibly leading to a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-db/mysql-5.0.44-r2 References == [ 1 ] CVE-2007-5925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-25.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHQLPVuhJ+ozIKI5gRAvNFAJwMO0s6m2J1Bcqq+ijMED9FAWgMewCZAVmB lM7jI2TrO3q//snoBFgHL6U= =OVzF -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200711-26 ] teTeX: Multiple vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200711-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: teTeX: Multiple vulnerabilities
Date: November 18, 2007
Bugs: #198238
ID: 200711-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
Multiple vulnerabilities have been discovered in teTeX, possibly
allowing to execute arbitrary code or overwrite arbitrary files.
Background
==
teTeX is a complete TeX distribution for editing documents.
Affected packages
=
---
Package / Vulnerable / Unaffected
---
1 app-text/tetex 3.0_p1-r6 = 3.0_p1-r6
Description
===
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the dvilj application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the dvips application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12).
Impact
==
A remote attacker could entice a user to process a specially crafted
DVI or PDF file which could lead to the execution of arbitrary code
with the privileges of the user running the application. A local
attacker could exploit the dvilj vulnerability to conduct a symlink
attack to overwrite arbitrary files.
Workaround
==
There is no known workaround at this time.
Resolution
==
All teTeX users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =app-text/tetex-3.0_p1-r6
References
==
[ 1 ] CVE-2007-5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
[ 2 ] CVE-2007-5936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936
[ 3 ] CVE-2007-5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937
[ 4 ] GLSA 200710-12
http://www.gentoo.org/security/en/glsa/glsa-200710-12.xml
[ 5 ] GLSA 200711-22
http://www.gentoo.org/security/en/glsa/glsa-200711-22.xml
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-26.xml
Concerns?
=
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
===
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHQLzwuhJ+ozIKI5gRAuMZAJ40tEV0hf7XFRtCwJhjzwuJ/75oFgCfRMrI
bs1VAbnkmR5l9BS9vJviuDs=
=ECPJ
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200711-27 ] Link Grammar: User-assisted execution of arbitrary code
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Link Grammar: User-assisted execution of arbitrary code Date: November 18, 2007 Bugs: #196803 ID: 200711-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A buffer overflow vulnerability has been discovered in Link Grammar. Background == The Link Grammar parser is a syntactic parser of English, based on link grammar, an original theory of English syntax. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 dev-libs/link-grammar 4.2.4-r1 = 4.2.4-r1 Description === Alin Rad Pop from Secunia Research discovered a boundary error in the function separate_sentence() in file tokenize.c when processing an overly long word which might lead to a stack-based buffer overflow. Impact == A remote attacker could entice a user to parse a specially crafted sentence, resulting in the remote execution of arbitrary code with the privileges of the user running the application. Note that this vulnerability may be triggered by an application using Link Grammar to parse sentences (e.g. AbiWord). Workaround == There is no known workaround at this time. Resolution == All Link Grammar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/link-grammar-4.2.4-r1 References == [ 1 ] CVE-2007-5395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5395 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-27.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHQMZauhJ+ozIKI5gRAnveAJ4xF3udOAcBALkj2nx+sLtpProAQwCfYMtX 4y5wv2ftAZ6PDwA0/uaInlg= =p0Qn -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to become a Computer Security Professional ?
On Nov 17, 2007 8:08 AM, Meef [EMAIL PROTECTED] wrote: What are the steps to follow to become a computer security professional ?, Read all the phrack magazines, starting with #40 or later. Learning ASM, Hex Math, C, Binary math, C++ can't hurt. Study AJAX/XML/WebDAV/.Net/Java, web 2.0 is the future and vulnerable. SQL is good, so is Oracle. Learn the Management side of Security: End users will always be the weakest link, and management is how you deal with them. Social Engineering will never die, even though I have it through good authority that buffer overflows will. enjoy -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle
Hi, Florian Echtler さんは書きました: Just to make myself clear: I don't think it is a viable option to create email noise, I just pointed out that it makes more sense than TCP/HTTP noise. There is already enough email noise thanks to spam. It might make sense to reply to some of it though, to create the illusion of a fully connected network (i.e. poison the data). As for using encryption: the fact that communication has happened (with respect to email, at least) can't be hidden, at least not if one or both ends of the communication are with a big public email provider. Well, it might make sense to finally get a standard for email headers within the easily encryptable data bits, so the outer message headers would show only communication between some gateway service and the communications endpoint. Of course, there is always the option of a P2P darknet. :-) Simon ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to become a Computer Security Professional ?
On Nov 17, 2007 1:08 PM, Meef [EMAIL PROTECTED] wrote: What are the steps to follow to become a computer security professional ?, Sorry, you will never make it to professionalism as you broke the first and most important rule. NEVER POST ON A PUBLIC MAILING LIST The second most important rule of becoming a security professional is, if you do need to post to a public mailing list then never do it under a .edu or .gov or official company e-mail address, we will all just point and laugh and have your account hi-jacked with the next cross-site scripting flaw that gets to to the public mailing list. The third most important rule to becoming a security professional is never talk to people on public mailing lists who have broken rule one and rule two or take whats said on public mailing lists seriously. As soon as you take what is said on a public mailing list seriously is the day you should cut your wrists. Always get advice from a credible source after learning of a threat on the public mailing lists. The forth most important rule to becoming a security professional, always use a throw-away e-mail account so it doesn't matter of script kids hi-jack your e-mail account with the next cross-site scripting vulnerablity that gets posted to the public mailing lists. The fifth most important rule to becoming a security professional is use an alias on public mailing lists, never use your real name, place of work, place of education, place of living, as backfires cannot be reversed. Once you've post something its post, archived around the world and translated into more languages than you can shake a stick at. The sixth most important rule to becoming a security professional is be paranoid. Yes, don't listen to people who say paranoia is bad for you. In this industry it pays to be paranoid. Forget about your own welfare, you've got millions of users and the economic stability of the world to think about. Trade in your own life to save the life of others. Indeed being a security professional will mean long hours, and sleepless nights. Be prepared to be woken up in the middle of the night and expect to have people shouting for answers down the phone to you or rush you into the security operations center when news of a major data breach reaches the inbox of your security team. The seventh most important rule to becoming a security professional. Think for yourself don't post ridiculous questions to a public mailing list and expect to get the right answer, most folks will make anything up and people generally cannot be trusted. Use search engines, read books and free your mind from what other security researchers are doing. Don't duplicate, originate your own work. The eighth most important rule to becoming a good security professional is have balls, if you think something is wrong, don't be affraid to speak up, even if it means losing your job. Remember, the security of other people comes before the security of your job position. So if you think something is wrong, tell people about it, and if they don't listen, then keep repeating it over and over. Never give in and keep on trying to tell people about something you believe in. You are a slave to the security of others, you don't come first they do. Ninth most important rule to becoming a good security professional. Don't read public mailing lists, don't read security news sites, and don't read web logs about what other people think about security. They all suck, don't trust anyone in this world and don't believe the hype. 99.9% of anything post in public is attention grabbing bullshit, you don't need it. Concentrate with whats going on within your own company and screw all the others. Only read these mediums if its related to what you're doing that day at work to fix a bug or thrawt a security incident. Don't read about what could happen, stick to with whats actually happening to you that day. Not what other people say is going to happen next week. Tenth most important rule to becoming a security professional, know your enemy. Yes, get to know them, eavesdrop on them, send them gifts and make them feel special. Your enemy is the single most important person to you and your company's assets. If you don't know what your enemy is doing then you don't have security. Remember though, don't concetrate on other peoples enemies, concentrate on enemies for your company. Don't read websites that say they are your enemy, because its unlikely they really are. Your real enemies don't announce themselves often and are unlikely to make public announcements about it, and the ones that do are usually hoaxes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to become a Computer Security Professional ?
--On November 19, 2007 3:34:23 AM + worried security [EMAIL PROTECTED] wrote: The forth most important rule to becoming a security professional, always use a throw-away e-mail account so it doesn't matter of script kids hi-jack your e-mail account with the next cross-site scripting vulnerablity that gets posted to the public mailing lists. You forgot the most important rule of all. Pay no heed to bozos who post anonymously and don't even have a job in security. Their advice is usually worth just as much as their reputation. Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to become a Computer Security Professional ?
Get a good job where you can find best security practices being used and learn from others who have been in the field. You will develop your own set of tools and ideas, but the concepts are almost always the same. Defense in depth is a good idea and it works. 11th most important rule. Never ever take advice that has ten rules about something they know nothing about. N3TD3V, please go away. Come back under a different alias if you must but please STFU! The guy wanted a serious answer and you broke many of your own rules. Don't get your kilt all bunched up, just be serious for once in your net-sec career. Richard Golodner Infratection IT Services ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v denounces the actions of www.derangedsecurity.com
This is a breathtakingly candid post. for once. thank you! On 11/17/07, worried security [EMAIL PROTECTED] wrote: On Nov 14, 2007 11:33 PM, Dan Egerstad [EMAIL PROTECTED] wrote: Do you know the powers? Powerrangers? Can they help me? Ohhh please help me ohhh you mighty... I'm free, kicking and not charged for shit... don't know who you are and couldn't care less but it does give something to laugh at =) Go play with the other kids now //D At the end of the day you're the dude with the secret service following you everywhere you go now in real life for at least the next 6 /12 months or longer I would imagine. Enjoy the privacy or not as the case maybe. Sleepless nights, looking out your window every five minutes, turning round in the street seeing if anyones following you and generally not being able to trust people around you because they might be the secret service. Not knowing who the next phone call will be from, knowing everything you do on the internet is being watched by a human, every keystroke, every e-mail, every draft. I've been there, done that, bought the t-shirt. Its paranoia and it destroys you!!! It crushes you, this whole derangedsecurity.com stuff will crush you mentally if it hasn't already. I'm talking from experience, i've gone through these phrases of paranoia, it'll eat you alive. Maybe you're not feeling it yet, but it will creep up on you in a short while. Thats the down side to doing big hacks, the mental strain of not knowing if you've got away with it or not. One day you'll wish you hadn't your picture on those news articles and you hadn't drawn attention to yourself, it may take a few months for it to kick in if it hasn't already. The only reason its not already kicked in if it hasn't is you're young, guilible and immature, and you're still feeding off the ego rush of the media attention right now, but later in life it'll hit you!!! You're thinking i've not been charged for shit. The possibility of a criminal charge is the least of the problems which comes with fame, being known by a large amount of people is a bad experience walking down the street, trying to get employed by people and generally operating as a normal person in life. You wonder all the time Does he know!, Do they know. And you get the people who do know, know everything about you, but you've never met them in your life before, and it scares you! I've been approached by people in real life who know more about me and what I do online than I do, it ain't nice. Strange people start being a part of your life, and you know why, but its never officially confirmed by anyone. The paranoia and suspicion destroys you. But basically you get the worlds intelligence services following you around from different countries with different agendas to find out things about you. I imagined at first it would just be one team of survallience from one country, but you end up having folks from a handful of countries following you about in everyday life. And those individual survallience teams aren't connected with each other. You can be walking down a busy high street with a crowd of folks all around you, you think are legitimate folks, but they are actually secret service from multiple countries working independently of each other, who don't know each other, but they all have one thing in common, they are following you It sent the shitters up me and it'll do the same to you. And you get the folks who have nothing to do with government following you around, and thats the scarist part. You get independant investigators following you around from the worlds security companies who have their own intelligence wings. The big corporations hire folks to do this, just for the sake of knowing intelligence about you. And then you just get the normal weirdos following you about who aren't a part of any government or private investigation company, and thats what is the worst part. Oh, and the random people who claim to be news journalists, who could actually be anyone, walking upto you, knocking at your door, e-mailing etc. You take the first interview, then you realise, that could of been anyone. It screws you up in the head afterwards. When you become public in the security community, its not the secret service which are the biggest problems, there are 100's of companies who follow you about because they want their own intelligence about you. You see all these websites that offer intelligence, who aren't the government but offer yahoo,google etc intelligence on folks and get paid for it, its not just technical intelligence they have, they've got folks checking up on you in real life too. who's gonna be on your tail for a while: secret services (world wide) they follow you for national security reasons to build a real life profile of you. security companies (world wide) they follow you to build a real life profile on you so
