[Full-disclosure] When will Matasano stop the retarded commentary?

2007-11-18 Thread Gobbles is back
SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE SURPRISE

New year is about to come and no one become man enough to question
matasanos retarded commentary on over the last year or so .. this
include talk on retarded virtualization, good old humble hacker name
dropping .. finger pointing and over all ridiculous security debate
them carry out on poor unsuspecting people .. .. Let gobble and one
decent English speaking friend explain to media about the whole
story...

First there was Scut, Jimjones and Gobbles by far the very best ass
kickers from 2001 to 2005. (Please not the exact time lines as
Matasano retards love showing off there knowledge about the scene with
rough time estimates and good old name dropping) This become evident
with pointing Danny Dulia, Tim Newshman and Nergal in retarded blog.
Before he stray, It was fun to watch everyone love these guys talking
shots at security researcher who think listening to RB music and
security research go hand in hand.

A classic example from 2003, was by Zen-parse aka Gregg McManus, now
working in idefense. (matasano plz note respected security member name
in diary. Gobble also advice to hang out on irc for better name
throwing of mysterious hacker community like above). However Gobble
also think that name throwing to public about old school hacker
history dont allow rise in sales figures. Infact it make Dino leave to
Investment banks in East USA for better money and overall well being
in day to day life.

Anyways, Zen parse  do  good job of shooting fat HD moor in his fat
Achillis bitch tits  about his  dumb turkey like telnet AYT exploit
discussions in public

Now HD work hard, porting buffer overflow code from C to Perl and Perl
to Ruby in metasploit. He do this to help hacker community from
emerging country earn decent living. He lie in bed and wonder like
Forest Gump, that one day, metasploit have all nice API feature of
Core Impact, and Dave Aitels special CDE double free exploit. He beg
lorian for 7350fun source as php_mime_slit() function confuse his
straight thinking brain. It also cause hurt when he don't understand
why memchr() function allow buffer overflow, but not always
exploitable. However HD's first priority remain to reduce drastic
weight after marriage first !!!

Gobble suggestion: Hi HD, If one feels that he cant cope with the
pressures of tracking lots of variables in C code function for buffer
overflow analyses, one should hang on #c or eat some fruit. This is
better than resigning to ones fate and copy core impact exploit code
scavenged from limwire and emule!!! Gobble also give HD a small tip on
code analysis ..  don't just stare at C code if you don't understand.
Paste complex code on #c once again under proxy name .. it allow quick
relief and avoid brain damage of Texan breast face !!

Now Gobble feel that being a matasano hate mail , oneself should not
stray from point of focus and continue writing about main subject of
this electronic e-mail's intention.

As I feel strong feelings about matasano, I see Lot of people see
there blog and get back onto doing better things like finishing OWASP
executive summaries and recommendation tables for fun filled reports.
This is because security consultants get paid for report writing, and
not reading retarded blogs about security related pillow fights from
matasano lemon boys ..

Let gobble enlighten security community about various matasano profile
.. It decide to start with Dave Gold smith .. the grumpy old idiot of
matasano .. sorry dave, sad you make no money on @stake buyout .. His
bio on matasano says the following

Dave Goldsmith co-invented fire walking, Yes David, thanks for
co-inventing fire walking, what else did you CO invent, oh yes you CO
wrote the first i386 buffer overflow paper too eh ??? Oh wait a
minute!!! Why not just CO SHUTUP for a change 

-- Gobble interruption in email --

Dave, he feel hiring portal- from security.is allow Matasano for
better PR and give chance for original content that's not CO written.
See Dave, portal write first format string paper, it known as
art.txt. This tactic allow better boasting of Matasano. Further, it
increase drastic fan following level, in turn making Dave chuckle and
cream his nappy at same time - Self Thanks for giving Dave good
idea!!!

Jeremy Rauch, F33r the B33r!! Jeremy come with ORIGINAL member dog
tag of ISS ex-force. This is what he claim on matasano biographies. He
become first hacker interior decorator and make ISS lab look cool with
pet tarantula and DMZ LAN diagram. He co find bug in Super package
in Debian and reproduce hidden SNMP community in HP OpenView ( Kidding
Jeremy, we know you are the best ) Thanks to magnificent finding, Mark
Dowd, Neel Mehta , Caddis take notice and get inspiration to join
Jeremy's cute dream team. Sadly young members with bright mind make
idiot Jeremy redundant. ISS then decide to rename ex-force to X force,
sigh!!!

Now Dinos turn. But hey … Gobble don't talk bad about Dino. 

[Full-disclosure] [SECURITY] [DSA 1407-1] New cupsys packages fix arbitrary code execution

2007-11-18 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1407-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Moritz Muehlenhoff
November 18, 2007 http://www.debian.org/security/faq
- 

Package: cupsys
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-4351

Alin Rad Pop discovered that the Common UNIX Printing System is
vulnerable to an off-by-one buffer overflow in the code to process IPP
packets, which may lead to the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 1.2.7-4etch1. Updated packages for the arm architecure will be
provided later.

The cupsys version in the old stable distribution (sarge) is not
vulnerable to arbitrary code execution.

We recommend that you upgrade your cupsys packages.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum:  4214272 c9ba33356e5bb93efbcf77b6e142e498
  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.diff.gz
Size/MD5 checksum:   102236 6a73afdc41561116f156326fd9d7fd0a
  http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.dsc
Size/MD5 checksum: 1084 0331998422b6b0e7d8461050918762a0

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch1_all.deb
Size/MD5 checksum:   892958 b72f4306cdcc411968bc54491ac6696b
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch1_all.deb
Size/MD5 checksum:45176 6ca4f99c22bf3e6eec0079e8a01a68ef

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:  1096368 6523296d1d1613a7cfd36bd265c974f7
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:   184368 c7e3133c196127974d6b71c67358c246
  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:39260 b8d5365d556d5b64963e3b6178d68b22
  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:86290 45dfb12be30b25e61cf8bf460e97911e
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:   174548 b1ee2a0d2bb0735d0b2bbf7c0e40476e
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:94398 15b3f227f555b1941989759912973848
  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:  1608552 b80b721d60e124eb4c05f435030871ea
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_alpha.deb
Size/MD5 checksum:72420 6737d2589f6a677163c4c87e635dd0fd

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_amd64.deb
Size/MD5 checksum:  1085590 2be48ac8d50f01f7ecf2a5b114ec6d05
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_amd64.deb
Size/MD5 checksum:   161610 4239e0f75c12f2210a3df46906dcd04c
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_amd64.deb
Size/MD5 checksum:85250 0ea980db61895312baaf357a226bf184
  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_amd64.deb
Size/MD5 checksum:80708 cefeab800fbd1e48171372203d23f603
  
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_amd64.deb
Size/MD5 checksum:52852 af100770f7496a6e3ab8d03283c3c170
  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_amd64.deb
Size/MD5 checksum:  1574368 fbcc426835208cdf90a16c2d8d876ea5
  
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_amd64.deb
Size/MD5 checksum:36356 4ced6fa9d3fa0f490d42b706d6fbc2d7
  

[Full-disclosure] Bluetooth Security; Bluetooth Penetration Testing Framework

2007-11-18 Thread Odley Mike
Bluetooth Penetration Testing Framework
http://bluetooth-pentest.narod.ru/

Bluetooth hackers community blog focused on security
http://bluetoothsecurity.wordpress.com/

Bt maillist
http://darkircop.org/mailman/listinfo/bt

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Bluetooth Security; Bluetooth Penetration Testing Framework

2007-11-18 Thread crazy frog crazy frog
good resource.

On Nov 18, 2007 6:06 PM, Odley Mike [EMAIL PROTECTED] wrote:
 Bluetooth Penetration Testing Framework
 http://bluetooth-pentest.narod.ru/

 Bluetooth hackers community blog focused on security
 http://bluetoothsecurity.wordpress.com/

 Bt maillist
 http://darkircop.org/mailman/listinfo/bt

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




-- 
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] How to become a Computer Security Professional ?

2007-11-18 Thread M. Shirk
The first step is to never send email to the full-disclosure list ever again.

The second step is to learn the word google.

Shirkdog
' or 1=1-- 

http://www.shirkdog.us

 Date: Sat, 17 Nov 2007 19:08:46 +0600
 From: [EMAIL PROTECTED]
 To: full-disclosure@lists.grok.org.uk
 Subject: [Full-disclosure] How to become a Computer Security Professional ?
 
 What are the steps to follow to become a computer security professional ?,
 to be able to research vulnerabilities ?, code exploits ?  What do I have to
 learn ? and which learning resources and books would be nice ? I've learned
 C programming, C# programming, PHP , SQL and i know how to use Linux and
 right now, i'm learning assembly language and linux programming . is it the
 right way to go ? should I learn Windows programming as well ?
 
 It's always been my dream.
 
 Waiting for any suggestions ?
 
 __
 Message sent through the Mailserver of IUT
 
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 
 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

_
Your smile counts. The more smiles you share, the more we donate.  Join in.
www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Crash in LIVE555 Media Server 2007.11.01

2007-11-18 Thread Luigi Auriemma

###

 Luigi Auriemma

Application:  LIVE555 Media Server
  http://www.live555.com/mediaServer/
Versions: = 2007.11.01
Platforms:*nix, Windows, Mac and others
Bug:  crash caused by access to unallocated memory
Exploitation: remote, versus server
Date: 18 Nov 2007
Author:   Luigi Auriemma
  e-mail: [EMAIL PROTECTED]
  web:aluigi.org


###


1) Introduction
2) Bug
3) The Code
4) Fix


###

===
1) Introduction
===


LIVE555 Media Server is an open source RTSP server application released
under LGPL.


###

==
2) Bug
==


The function which handles the incoming queries from the clients is
affected by a vulnerability which allows an attacker to crash the
server remotely using the smallest RTSP query possible to use.

This problem is caused by the absence of an instruction for checking if
the amount of client's data (reqStrSize) is longer or equal than 8
bytes because the function makes use of unsigned numbers, so 7 - 8 is
not -1 but 4294967295, resulting in a crash caused by the reaching of
the end of the allocated memory.

From liveMedia/RTSPCommon:

Boolean parseRTSPRequestString(char const* reqStr,
   unsigned reqStrSize,
  ...
  unsigned i;
  for (i = 0; i  resultCmdNameMaxSize-1  i  reqStrSize; ++i) {

...

  // Skip over the prefix of any rtsp:// or rtsp:/ URL that follows:
  unsigned j = i+1;
  while (j  reqStrSize  (reqStr[j] == ' ' || reqStr[j] == '\t')) ++j;
  for (j = i+1; j  reqStrSize-8; ++j) {
...


###

===
3) The Code
===


http://aluigi.org/poc/live555x.zip


###

==
4) Fix
==


Version 2007.11.18


###


--- 
Luigi Auriemma
http://aluigi.org

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] [ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code

2007-11-18 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200711-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Poppler, KDE: User-assisted execution of arbitrary code
  Date: November 18, 2007
  Bugs: #196735, #198409
ID: 200711-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Poppler and various KDE components are vulnerable to multiple memory
management issues possibly resulting in the execution of arbitrary
code.

Background
==

Poppler is a cross-platform PDF rendering library originally based on
Xpdf. KOffice is an integrated office suite for KDE. KWord is the
KOffice word processor. KPDF is a KDE-based PDF viewer included in the
kdegraphics package.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  app-text/poppler  0.6.1-r1   = 0.6.1-r1
  2  kde-base/kpdf 3.5.8-r1  *= 3.5.7-r3
   = 3.5.8-r1
  3  kde-base/kdegraphics  3.5.8-r1  *= 3.5.7-r3
   = 3.5.8-r1
  4  app-office/kword  1.6.3-r2   = 1.6.3-r2
  5  app-office/koffice1.6.3-r2   = 1.6.3-r2
---
 5 affected packages on all of their supported architectures.
---

Description
===

Alin Rad Pop (Secunia Research) discovered several vulnerabilities in
the Stream.cc file of Xpdf: An integer overflow in the
DCTStream::reset() method and a boundary error in the
CCITTFaxStream::lookChar() method, both leading to heap-based buffer
overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary
checking error in the DCTStream::readProgressiveDataUnit() method
causing memory corruption (CVE-2007-4352). Note: Gentoo's version of
Xpdf is patched to use the Poppler library, so the update to Poppler
will also fix Xpdf.

Impact
==

By enticing a user to view or process a specially crafted PDF file with
KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf,
ePDFView, and Evince or the CUPS printing system, a remote attacker
could cause an overflow, potentially resulting in the execution of
arbitrary code with the privileges of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Poppler users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =app-text/poppler-0.6.1-r1

All KPDF users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =kde-base/kpdf-3.5.7-r3

All KDE Graphics Libraries users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =kde-base/kdegraphics-3.5.7-r3

All KWord users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =app-office/kword-1.6.3-r2

All KOffice users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =app-office/koffice-1.6.3-r2

References
==

  [ 1 ] CVE-2007-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
  [ 2 ] CVE-2007-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
  [ 3 ] CVE-2007-5393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200711-22.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQKbHuhJ+ozIKI5gRAl/iAJ0XNSINVi0zD5q+JKbQ1EGRzkV6HACeNp/n

[Full-disclosure] [ GLSA 200711-23 ] VMware Workstation and Player: Multiple vulnerabilities

2007-11-18 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200711-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: VMware Workstation and Player: Multiple vulnerabilities
  Date: November 18, 2007
  Bugs: #193196
ID: 200711-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


VMware guest operating systems might be able to execute arbitrary code
with elevated privileges on the host operating system through multiple
flaws.

Background
==

VMware Workstation is a virtual machine for developers and system
administrators. VMware Player is a freeware virtualization software
that can run guests produced by other VMware products.

Affected packages
=

---
 Package /Vulnerable/   Unaffected
---
  1  vmware-workstation   6.0.1.55017 *= 5.5.5.56455
= 6.0.1.55017
  2  vmware-player2.0.1.55017 *= 1.0.5.56455
= 2.0.1.55017
---
 2 affected packages on all of their supported architectures.
---

Description
===

Multiple vulnerabilities have been discovered in several VMware
products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that
the DHCP server contains an integer overflow vulnerability
(CVE-2007-0062), an integer underflow vulnerability (CVE-2007-0063) and
another error when handling malformed packets (CVE-2007-0061), leading
to stack-based buffer overflows or stack corruption. Rafal Wojtczvk
(McAfee) discovered two unspecified errors that allow authenticated
users with administrative or login privileges on a guest operating
system to corrupt memory or cause a Denial of Service (CVE-2007-4496,
CVE-2007-4497). Another unspecified vulnerability related to untrusted
virtual machine images was discovered (CVE-2007-5617).

VMware products also shipped code copies of software with several
vulnerabilities: Samba (GLSA-200705-15), BIND (GLSA-200702-06), MIT
Kerberos 5 (GLSA-200707-11), Vixie Cron (GLSA-200704-11), shadow
(GLSA-200606-02), OpenLDAP (CVE-2006-4600), PAM (CVE-2004-0813,
CVE-2007-1716), GCC (CVE-2006-3619) and GDB (CVE-2006-4146).

Impact
==

Remote attackers within a guest system could possibly exploit these
vulnerabilities to execute code on the host system with elevated
privileges or to cause a Denial of Service.

Workaround
==

There is no known workaround at this time.

Resolution
==

All VMware Workstation users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
=app-emulation/vmware-workstation-5.5.5.56455

All VMware Player users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
=app-emulation/vmware-player-1.0.5.56455

References
==

  [ 1 ] CVE-2004-0813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0813
  [ 2 ] CVE-2006-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3619
  [ 3 ] CVE-2006-4146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4146
  [ 4 ] CVE-2006-4600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
  [ 5 ] CVE-2007-0061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0061
  [ 6 ] CVE-2007-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062
  [ 7 ] CVE-2007-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0063
  [ 8 ] CVE-2007-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716
  [ 9 ] CVE-2007-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4496
  [ 10 ] CVE-2007-4497
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4497
  [ 11 ] CVE-2007-5617
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5617
  [ 12 ] GLSA-200606-02
 http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
  [ 13 ] GLSA-200702-06
 http://www.gentoo.org/security/en/glsa/glsa-200702-06.xml
  [ 14 ] GLSA-200704-11
 http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml
  [ 15 ] GLSA-200705-15
 http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml
  [ 16 ] GLSA-200707-11
 http://www.gentoo.org/security/en/glsa/glsa-200707-11.xml
  [ 17 ] VMSA-2007-0006


[Full-disclosure] [ GLSA 200711-24 ] Mozilla Thunderbird: Multiple vulnerabilities

2007-11-18 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200711-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Mozilla Thunderbird: Multiple vulnerabilities
  Date: November 18, 2007
  Bugs: #196481
ID: 200711-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities have been reported in Mozilla Thunderbird,
which may allow user-assisted arbitrary remote code execution.

Background
==

Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  mozilla-thunderbird   2.0.0.9 = 2.0.0.9
  2  mozilla-thunderbird-bin   2.0.0.9 = 2.0.0.9
---
 2 affected packages on all of their supported architectures.
---

Description
===

Multiple vulnerabilities have been reported in Mozilla Thunderbird's
HTML browser engine (CVE-2007-5339) and JavaScript engine
(CVE-2007-5340) that can be exploited to cause a memory corruption.

Impact
==

A remote attacker could entice a user to read a specially crafted email
that could trigger one of the vulnerabilities, possibly leading to the
execution of arbitrary code.

Workaround
==

There is no known workaround at this time for all of these issues, but
some of them can be avoided by disabling JavaScript.

Resolution
==

All Mozilla Thunderbird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
=mail-client/mozilla-thunderbird-2.0.0.9

All Mozilla Thunderbird binary users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose
=mail-client/mozilla-thunderbird-bin-2.0.0.9

References
==

  [ 1 ] CVE-2007-5339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
  [ 2 ] CVE-2007-5340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340
  [ 3 ] GLSA 200711-14
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200711-24.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQK+juhJ+ozIKI5gRAvrmAJwIT9nGWtqALR9wOwqrpfCozEOVRgCfR36N
iiySbPAelqZNMW6jkMzSt6w=
=6BMP
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] Certificate spoofing issue with Mozilla, Konqueror, Safari 2

2007-11-18 Thread Nils Toedtmann
Moin *

Mozilla based browsers (Firefox, Netscape, ...), Konqueror and Safari 2
do not bind a user-approved webserver certificate to the originating
domain name. This makes the user vulnerable to certificate spoofing by
subjectAltName:dNSName extensions. 

I set up a demonstration at http://test.eonis.net/, check it out. For
details (vulnerable versions, vendor status, bug ids ...) see 

http://nils.toedtmann.net/pub/subjectAltName.txt

Attack scenario:

(1) Assumed a phisher could redirect a user's browser to his prepared
https webserver spoofing www.paypal.com (by DNS spoofing or domain
hijacking or other MITM attack). But the user's browser would raise
an unknown CA warning because the phisher does not have a
certificate for www.paypal.com issued by a browser-trusted CA
(that's what X.509 and TLS is all about!). Thus, the phisher defers
this step.

(2) The phisher creates another website www.example.com (not spoofed)
and a home brewed X.509 cert:

DN=CN=www.example.com
subjectAltName:dNSName=www.example.com
subjectAltName:dNSName=www.paypal.com

and lures the user to https://www.example.com/. The user gets an
unknown CA warning, but the subjectAltName:dNSName extensions
are not shown to him, so the cert looks ok. As he does not plan to
enter any private information, he accepts it (temporarily or
permanently) and proceeds.

(3) Any time later (if the cert got accepted temporarily this has to
happen within the same session), the phisher lures the user to his
spoofed https://www.paypal.com/, using the very same self-signed
certificate - NO WARNING!

In the end, the cert warning and the spoofing attempt get separated into
two events which appear to the user as being unrelated. I consider this
a severe cert-spoofing issue, aggravated by the fact that affected
browsers also match any hostname with subjectAltName:dNSName=*.

For Mozilla, this issue is known for more than three years without being
fixed.

Regards, /nils.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] [ GLSA 200711-25 ] MySQL: Denial of Service

2007-11-18 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200711-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: MySQL: Denial of Service
  Date: November 18, 2007
  Bugs: #198988
ID: 200711-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A Denial of Service vulnerability was found in MySQL.

Background
==

MySQL is a popular multi-threaded, multi-user SQL server.

Affected packages
=

---
 Package   /   Vulnerable   /   Unaffected
---
  1  dev-db/mysql   5.0.44-r2= 5.0.44-r2

Description
===

Joe Gallo and Artem Russakovskii reported an error in the
convert_search_mode_to_innobase() function in ha_innodb.cc in the
InnoDB engine that is leading to a failed assertion when handling
CONTAINS operations.

Impact
==

A remote authenticated attacker with ALTER privileges could send a
specially crafted request to a vulnerable database server possibly
leading to a Denial of Service.

Workaround
==

There is no known workaround at this time.

Resolution
==

All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =dev-db/mysql-5.0.44-r2

References
==

  [ 1 ] CVE-2007-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200711-25.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQLPVuhJ+ozIKI5gRAvNFAJwMO0s6m2J1Bcqq+ijMED9FAWgMewCZAVmB
lM7jI2TrO3q//snoBFgHL6U=
=OVzF
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] [ GLSA 200711-26 ] teTeX: Multiple vulnerabilities

2007-11-18 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200711-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: teTeX: Multiple vulnerabilities
  Date: November 18, 2007
  Bugs: #198238
ID: 200711-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities have been discovered in teTeX, possibly
allowing to execute arbitrary code or overwrite arbitrary files.

Background
==

teTeX is a complete TeX distribution for editing documents.

Affected packages
=

---
 Package /   Vulnerable   / Unaffected
---
  1  app-text/tetex   3.0_p1-r6  = 3.0_p1-r6

Description
===

Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the dvilj application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the dvips application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12).

Impact
==

A remote attacker could entice a user to process a specially crafted
DVI or PDF file which could lead to the execution of arbitrary code
with the privileges of the user running the application. A local
attacker could exploit the dvilj vulnerability to conduct a symlink
attack to overwrite arbitrary files.

Workaround
==

There is no known workaround at this time.

Resolution
==

All teTeX users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =app-text/tetex-3.0_p1-r6

References
==

  [ 1 ] CVE-2007-5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
  [ 2 ] CVE-2007-5936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5936
  [ 3 ] CVE-2007-5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5937
  [ 4 ] GLSA 200710-12
http://www.gentoo.org/security/en/glsa/glsa-200710-12.xml
  [ 5 ] GLSA 200711-22
http://www.gentoo.org/security/en/glsa/glsa-200711-22.xml

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200711-26.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQLzwuhJ+ozIKI5gRAuMZAJ40tEV0hf7XFRtCwJhjzwuJ/75oFgCfRMrI
bs1VAbnkmR5l9BS9vJviuDs=
=ECPJ
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] [ GLSA 200711-27 ] Link Grammar: User-assisted execution of arbitrary code

2007-11-18 Thread Pierre-Yves Rofes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200711-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Link Grammar: User-assisted execution of arbitrary code
  Date: November 18, 2007
  Bugs: #196803
ID: 200711-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow vulnerability has been discovered in Link Grammar.

Background
==

The Link Grammar parser is a syntactic parser of English, based on link
grammar, an original theory of English syntax.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  dev-libs/link-grammar  4.2.4-r1  = 4.2.4-r1

Description
===

Alin Rad Pop from Secunia Research discovered a boundary error in the
function separate_sentence() in file tokenize.c when processing an
overly long word which might lead to a stack-based buffer overflow.

Impact
==

A remote attacker could entice a user to parse a specially crafted
sentence, resulting in the remote execution of arbitrary code with the
privileges of the user running the application. Note that this
vulnerability may be triggered by an application using Link Grammar to
parse sentences (e.g. AbiWord).

Workaround
==

There is no known workaround at this time.

Resolution
==

All Link Grammar users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose =dev-libs/link-grammar-4.2.4-r1

References
==

  [ 1 ] CVE-2007-5395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5395

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200711-27.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQMZauhJ+ozIKI5gRAnveAJ4xF3udOAcBALkj2nx+sLtpProAQwCfYMtX
4y5wv2ftAZ6PDwA0/uaInlg=
=p0Qn
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] How to become a Computer Security Professional ?

2007-11-18 Thread Dude VanWinkle
On Nov 17, 2007 8:08 AM, Meef [EMAIL PROTECTED] wrote:
 What are the steps to follow to become a computer security professional ?,


Read all the phrack magazines, starting with #40 or later.

Learning ASM, Hex Math, C, Binary math, C++ can't hurt.

Study AJAX/XML/WebDAV/.Net/Java, web 2.0 is the future and vulnerable.

SQL is good, so is Oracle.

Learn the Management side of Security: End users will always be the
weakest link, and management is how you deal with them.

Social Engineering will never die, even though I have it through good
authority that buffer overflows will.

enjoy

-JP

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle

2007-11-18 Thread Simon Richter
Hi,

Florian Echtler さんは書きました:

 Just to make myself clear: I don't think it is a viable option to create
 email noise, I just pointed out that it makes more sense than TCP/HTTP
 noise.

There is already enough email noise thanks to spam. It might make sense
to reply to some of it though, to create the illusion of a fully
connected network (i.e. poison the data).

 As for using encryption: the fact that communication has happened (with
 respect to email, at least) can't be hidden, at least not if one or both
 ends of the communication are with a big public email provider.

Well, it might make sense to finally get a standard for email headers
within the easily encryptable data bits, so the outer message headers
would show only communication between some gateway service and the
communications endpoint.

Of course, there is always the option of a P2P darknet. :-)

   Simon

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] How to become a Computer Security Professional ?

2007-11-18 Thread worried security
On Nov 17, 2007 1:08 PM, Meef [EMAIL PROTECTED] wrote:
 What are the steps to follow to become a computer security professional ?,

Sorry, you will never make it to professionalism as you broke the
first and most important rule.

NEVER POST ON A PUBLIC MAILING LIST

The second most important rule of becoming a security professional is,
if you do need to post to a public mailing list then never do it under
a .edu or .gov or official company e-mail address, we will all just
point and laugh and have your account hi-jacked with the next
cross-site scripting flaw that gets to to the public mailing list.

The third most important rule to becoming a security professional is
never talk to people on public mailing lists who have broken rule one
and rule two or take whats said on public mailing lists seriously. As
soon as you take what is said on a public mailing list seriously is
the day you should cut your wrists.

Always get advice from a credible source after learning of a threat on
the public mailing lists.

The forth most important rule to becoming a security professional,
always use a throw-away e-mail account so it doesn't matter of script
kids hi-jack your e-mail account with the next cross-site scripting
vulnerablity that gets posted to the public mailing lists.

The fifth most important rule to becoming a security professional is
use an alias on public mailing lists, never use your real name, place
of work, place of education, place of living, as backfires cannot be
reversed. Once you've post something its post, archived around the
world and translated into more languages than you can shake a stick
at.

The sixth most important rule to becoming a security professional is
be paranoid. Yes, don't listen to people who say paranoia is bad for
you. In this industry it pays to be paranoid. Forget about your own
welfare, you've got millions of users and the economic stability of
the world to think about. Trade in your own life to save the life of
others. Indeed being a security professional will mean long hours, and
sleepless nights. Be prepared to be woken up in the middle of the
night and expect to have people shouting for answers down the phone to
you or rush you into the security operations center when news of a
major data breach reaches the inbox of your security team.

The seventh most important rule to becoming a security professional.
Think for yourself don't post ridiculous questions to a public mailing
list and expect to get the right answer, most folks will make anything
up and people generally cannot be trusted. Use search engines, read
books and free your mind from what other security researchers are
doing. Don't duplicate, originate your own work.

The eighth most important rule to becoming a good security
professional is have balls, if you think something is wrong, don't be
affraid to speak up, even if it means losing your job. Remember, the
security of other people comes before the security of your job
position. So if you think something is wrong, tell people about it,
and if they don't listen, then keep repeating it over and over. Never
give in and keep on trying to tell people about something you believe
in. You are a slave to the security of others, you don't come first
they do.

Ninth most important rule to becoming a good security professional.
Don't read public mailing lists, don't read security news sites, and
don't read web logs about what other people think about security. They
all suck, don't trust anyone in this world and don't believe the hype.
99.9% of anything post in public is attention grabbing bullshit, you
don't need it. Concentrate with whats going on within your own company
and screw all the others. Only read these mediums if its related to
what you're doing that day at work to fix a bug or thrawt a security
incident. Don't read about what could happen, stick to with whats
actually happening to you that day. Not what other people say is going
to happen next week.

Tenth most important rule to becoming a security professional, know
your enemy. Yes, get to know them, eavesdrop on them, send them gifts
and make them feel special. Your enemy is the single most important
person to you and your company's assets. If you don't know what your
enemy is doing then you don't have security. Remember though, don't
concetrate on other peoples enemies, concentrate on enemies for your
company. Don't read websites that say they are your enemy, because its
unlikely they really are. Your real enemies don't announce themselves
often and are unlikely to make public announcements about it, and the
ones that do are usually hoaxes.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] How to become a Computer Security Professional ?

2007-11-18 Thread Paul Schmehl
--On November 19, 2007 3:34:23 AM + worried security 
[EMAIL PROTECTED] wrote:

 The forth most important rule to becoming a security professional,
 always use a throw-away e-mail account so it doesn't matter of script
 kids hi-jack your e-mail account with the next cross-site scripting
 vulnerablity that gets posted to the public mailing lists.

You forgot the most important rule of all.  Pay no heed to bozos who post 
anonymously and don't even have a job in security.  Their advice is 
usually worth just as much as their reputation.

Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] How to become a Computer Security Professional ?

2007-11-18 Thread Richard Golodner
Get a good job where you can find best security practices being used
and learn from others who have been in the field. You will develop your own
set of tools and ideas, but the concepts are almost always the same. Defense
in depth is a good idea and it works.
11th most important rule. Never ever take advice that has ten rules
about something they know nothing about. 
N3TD3V, please go away. Come back under a different alias if you
must but please STFU! 
The guy wanted a serious answer and you broke many of your own
rules. Don't get your kilt all bunched up, just be serious for once in your
net-sec career.
Richard Golodner
Infratection IT Services


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] n3td3v denounces the actions of www.derangedsecurity.com

2007-11-18 Thread XSS Worm XSS Security Information Portal
This is a breathtakingly candid post. for once.

thank you!


On 11/17/07, worried security [EMAIL PROTECTED] wrote:

 On Nov 14, 2007 11:33 PM, Dan Egerstad [EMAIL PROTECTED] wrote:
  Do you know the powers? Powerrangers? Can they help me? Ohhh please help
 me
  ohhh you mighty...
 
  I'm free, kicking and not charged for shit... don't know who you are and
  couldn't care less but it does give something to laugh at =)
  Go play with the other kids now
 
  //D

 At the end of the day you're the dude with the secret service
 following you everywhere you go now in real life for at least the next
 6 /12 months or longer I would imagine.

 Enjoy the privacy or not as the case maybe.

 Sleepless nights, looking out your window every five minutes, turning
 round in the street seeing if anyones following you and generally not
 being able to trust people around you because they might be the secret
 service. Not knowing who the next phone call will be from, knowing
 everything you do on the internet is being watched by a human, every
 keystroke, every e-mail, every draft.

 I've been there, done that, bought the t-shirt.

 Its paranoia and it destroys you!!! It crushes you, this whole
 derangedsecurity.com stuff will crush you mentally if it hasn't
 already. I'm talking from experience, i've gone through these phrases
 of paranoia, it'll eat you alive.

 Maybe you're not feeling it yet, but it will creep up on you in a short
 while.

 Thats the down side to doing big hacks, the mental strain of not
 knowing if you've got away with it or not.

 One day you'll wish you hadn't your picture on those news articles and
 you hadn't drawn attention to yourself, it may take a few months for
 it to kick in if it hasn't already.

 The only reason its not already kicked in if it hasn't is you're
 young, guilible and immature, and you're still feeding off the ego
 rush of the media attention right now, but later in life it'll hit
 you!!!

 You're thinking i've not been charged for shit. The possibility of a
 criminal charge is the least of the problems which comes with fame,
 being known by a large amount of people is a bad experience walking
 down the street, trying to get employed by people and generally
 operating as a normal person in life.

 You wonder all the time Does he know!, Do they know. And you get
 the people who do know, know everything about you, but you've never
 met them in your life before, and it scares you!

 I've been approached by people in real life who know more about me and
 what I do online than I do, it ain't nice.

 Strange people start being a part of your life, and you know why, but
 its never officially confirmed by anyone. The paranoia and suspicion
 destroys you.

 But basically you get the worlds intelligence services following you
 around from different countries with different agendas to find out
 things about you.

 I imagined at first it would just be one team of survallience from one
 country, but you end up having folks from a handful of countries
 following you about in everyday life. And those individual
 survallience teams aren't connected with each other. You can be
 walking down a busy high street with a crowd of folks all around you,
 you think are legitimate folks, but they are actually secret service
 from multiple countries working independently of each other, who don't
 know each other, but they all have one thing in common, they are
 following you

 It sent the shitters up me and it'll do the same to you.

 And you get the folks who have nothing to do with government following
 you around, and thats the scarist part. You get independant
 investigators following you around from the worlds security companies
 who have their own intelligence wings. The big corporations hire folks
 to do this, just for the sake of knowing intelligence about you. And
 then you just get the normal weirdos following you about who aren't a
 part of any government or private investigation company, and thats
 what is the worst part. Oh, and the random people who claim to be news
 journalists, who could actually be anyone, walking upto you, knocking
 at your door, e-mailing etc. You take the first interview, then you
 realise, that could of been anyone. It screws you up in the head
 afterwards.

 When you become public in the security community, its not the secret
 service which are the biggest problems, there are 100's of companies
 who follow you about because they want their own intelligence about
 you. You see all these websites that offer intelligence, who aren't
 the government but offer yahoo,google etc intelligence on folks and
 get paid for it, its not just technical intelligence they have,
 they've got folks checking up on you in real life too.

 who's gonna be on your tail for a while:

 secret services (world wide) they follow you for national security
 reasons to build a real life profile of you.

 security companies (world wide) they follow you to build a real life
 profile on you so