Re: [Full-disclosure] Cirque du 0day HIJACKED!!!
Don't play coy to me and don't give me no sass. I told you once and I'll tell you again, don't fuck with me cause i'm bad. You don't want to know the world of pain you're stepping into you autistic dracula lookin motherfucker. Stealing my motherfucking CFP? Guess what, asshole. I was one of the earliest hackers in the 1980s. I KNEW Kevin Mitnick. Phone Phreaking is as secondary to me as skullfucking your daughter. I'm going to keep calling your house, OVER AND OVER, and the phone company will NEVER be able to trace the call. You're going down. On Fri, Apr 25, 2008 at 4:49 PM, I)ruid [EMAIL PROTECTED] wrote: On Thu, 2008-04-24 at 14:40 -0700, Andrew A wrote: Stop lying to everyone. Caughq.org got owned and rm'd. Looks like Michael Chatner is a more fitting individual to run the Cirque than you, buddy. Rght... that's why when I put a new power supply in it this morning it booted with it's filesystem intact, right? (: -- I)ruid, C²ISSP [EMAIL PROTECTED] http://druid.caughq.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
On Fri, Apr 25, 2008 at 10:48 PM, n3td3v [EMAIL PROTECTED] wrote: David, your research was responsible for the SQL Slammer Worm... but that makes you elite doesn't it, not a black hat. No wonder the UK security service is interested in you, but I wouldn't call it an achievement, that calls you irresponsible in my view. David is responsible for the Slammer worm because he discovered the vulnerability that it used? Personally I would have placed the blame on either Microsoft's bad development processes which allowed these types of bugs to be released undiscovered. In fact, after Slammer and Code Red worms, Microsoft implemented a Security Development Lifecycle in order to prevent these types of bugs going forward. Or perhaps place the blame on Systems administrators who installed Microsoft SQL server exposed to the Internet on so many systems, and failed to patch them in the 6 months after the vulnerability was discovered. Or perhaps blame the worm writer who turned a vulnerability into code that made such a large impact on the net. In fact, if Security Researchers are to blame for any bad uses of the vulnerabilities they discovered then what are you doing here? Why should ANYONE want to take part in your vulnerability notification day if you believe that the UK Security Service should be tracking these people. Considering you claim to be so close to them, wouldn't that just be registering with that agency? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cirque du 0day HIJACKED!!!
*gets popcorn* -- Razi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
G. D. Fuego schrieb: In fact, if Security Researchers are to blame for any bad uses of the vulnerabilities they discovered then what are you doing here? AND: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I thought exactly the same. Security is a process. If someone doesn't understand, that it's better to know the vulnerabilities to defend, he didn't understand it. It's hard to protect yourself if you don't know what you're up against. (Ed Felton) I'd say: nominate the nominator! Greetings, wishi ---__- wishinet.blogspot.com just wishi - does Netninpo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
G. D. Fuego schrieb: In fact, if Security Researchers are to blame for any bad uses of the vulnerabilities they discovered then what are you doing here? AND: ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I thought exactly the same. Security is a process. If someone doesn't understand, that it's better to know the vulnerabilities to defend, he didn't understand it. It's hard to protect yourself if you don't know what you're up against. (Ed Felton) I'd say: nominate the nominator! Greetings, wishi ---__- wishinet.blogspot.com just wishi - does Netninpo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
n3td3v schrieb: David, your research was responsible for the SQL Slammer Worm... but that makes you elite doesn't it, not a black hat. No wonder the UK security service is interested in you, but I wouldn't call it an achievement, that calls you irresponsible in my view. Never read such stupid comments here before :). You want this award, don't you? You seem to be qualified. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany. David is a CHECK team leader and holds SC clearance. http://www.davidlitchfield.com/ Yes... I'd create a PWNIE for the best nomination to PWN. Greetings, wishi ---__- wishinet.blogspot.com just wishi - does Netninpo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
n3td3v schrieb: David, your research was responsible for the SQL Slammer Worm... but that makes you elite doesn't it, not a black hat. No wonder the UK security service is interested in you, but I wouldn't call it an achievement, that calls you irresponsible in my view. Never read such stupid comments here before :). You want this award, don't you? You seem to be qualified. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany. David is a CHECK team leader and holds SC clearance. http://www.davidlitchfield.com/ Yes... I'd create a PWNIE for the best nomination to PWN. Greetings, wishi ---__- wishinet.blogspot.com just wishi - does Netninpo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LoL i think you mail client is fucked up! cheers Ferdinand Am 26.04.2008 um 18:01 schrieb wishi: n3td3v schrieb: David, your research was responsible for the SQL Slammer Worm... but that makes you elite doesn't it, not a black hat. No wonder the UK security service is interested in you, but I wouldn't call it an achievement, that calls you irresponsible in my view. Never read such stupid comments here before :). You want this award, don't you? You seem to be qualified. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany. David is a CHECK team leader and holds SC clearance. http://www.davidlitchfield.com/ Yes... I'd create a PWNIE for the best nomination to PWN. Greetings, wishi ---__- wishinet.blogspot.com just wishi - does Netninpo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (Darwin) iD8DBQFIE2iZivpgT1glX4cRAlSkAJ9axiQkwcoJItpCstsY6J7vmIjlaACdHD6Z x2paV/uoCfiVfKD+7OSYo7c= =BllU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Cirque du 0day HIJACKED!!!
you reply to everyone else but skip my email about your botnet? I guess that means its up and running well? On Fri, Apr 25, 2008 at 6:49 PM, I)ruid [EMAIL PROTECTED] wrote: On Thu, 2008-04-24 at 14:40 -0700, Andrew A wrote: Stop lying to everyone. Caughq.org got owned and rm'd. Looks like Michael Chatner is a more fitting individual to run the Cirque than you, buddy. Rght... that's why when I put a new power supply in it this morning it booted with it's filesystem intact, right? (: -- I)ruid, C²ISSP [EMAIL PROTECTED] http://druid.caughq.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: Re: Could n3td3v win a Pwni e award?
Yes man, sorry for this. That was no Spam attack, but a crazy smtpd - that rejected but sent. It's fixed now. I think every software contains it's own WTF experiences. That's one of those ;) Original Message Subject: Re: [Full-disclosure] Could n3td3v win a Pwnie award? Date: Sat, 26 Apr 2008 19:38:32 +0200 From: Ferdinand Klinzer [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 LoL i think you mail client is fucked up! cheers Ferdinand Am 26.04.2008 um 18:01 schrieb wishi: n3td3v schrieb: David, your research was responsible for the SQL Slammer Worm... but that makes you elite doesn't it, not a black hat. No wonder the UK security service is interested in you, but I wouldn't call it an achievement, that calls you irresponsible in my view. Never read such stupid comments here before :). You want this award, don't you? You seem to be qualified. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany. David is a CHECK team leader and holds SC clearance. http://www.davidlitchfield.com/ Yes... I'd create a PWNIE for the best nomination to PWN. Greetings, wishi ---__- wishinet.blogspot.com just wishi - does Netninpo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (Darwin) iD8DBQFIE2iZivpgT1glX4cRAlSkAJ9axiQkwcoJItpCstsY6J7vmIjlaACdHD6Z x2paV/uoCfiVfKD+7OSYo7c= =BllU -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Its time to take rick rolling seriously
Actually, yes. I made a video about something similar the other day, you can find it at: http://www.youtube.com/watch?v=Yu_moia-oVI It elaborates on a few of your ideas, but refutes some others. -- Razi On 4/26/08, n3td3v [EMAIL PROTECTED] wrote: -- Forwarded message -- From: n3td3v [EMAIL PROTECTED] Date: Sat, Apr 5, 2008 at 2:17 AM Subject: Its time to take rick rolling seriously To: n3td3v [EMAIL PROTECTED] We need a big list of all the rick roll URL's, so we can protect the public against it. Network operators need a list of rick roll URL's to add to the block list. Can someone harvest all the rick roll URL's and post them as one list for folks to copypaste into their block lists? Some of the rick rolls don't go to Youtube, some of them are sophisticated javascript that we need to clampdown on, so not to waste productivity and resources on these sites getting executed accidentally. If you don't think this is a security issue, its time to wake up. RICK ROLLING HIGHLIGHTS THE EASE OF PHISHING ATTACKS If you look at how many hits the Youtube rick roll got alone, then that goes someway in showing your average joe how easy it is to compromise folks through phishing. Sure, it looks harmless enough, but the bottom like is, the Youtube link (don't click) http://youtube.com/watch?v=eBGIQ7ZuuiU has generated upto 9,290,352 views in only a few months since the craze took off via mostly social bookmarking sites such as Digg, Reddit. Those could easily equal into 9,290,352 malicious phishes, 9,290,352 credit cards and 9,290,352 identity frauds. Now, what happens if the cyber criminals catch onto the rick roll and start cyber rolling everyone with malicious code or links to a forged banking site, then that's really going to be bad. So who is keeping track of rick rolling, so it doesn't turn into a cyber roll where folks get compromised? The media and others should use the rick rolling as a wake up call as to how easy it is for folks to be fooled, and if its just rick ashley this time, it might be more than never gonna give you up next time, because it could be your cyber security and bank info you're giving up in the future, so i'm calling on network security professionals and the media to use rick rolling as a highlight case of the dangers posed by social engineering and phishing by hackers, which can ultimately lead to data loss and disaster. rick rolling should be used to highlight awareness of the threat posed by link-based-phishing towards your everyday average single mom, retired couple or the 9,290,352 folks who have to date been rick rolled, who are the next potentially phished. And, not all, rick rolling could be used be an attacker to see how gullible his target is to links, before carrying out a full on phishing attack, so there are many issues here with rick rolling which the security community may not have grasped up till now. If you think its stupid, 9,290,352 were and thats alarming says n3td3v. There are stupid people out there and rick rolling could be an easy way to find the stupid people before your ultimate attack. Carry on the uses of rick rolling below this e-mail by cyber attackers and the indications its giving out to folks on how easy phishing and socialing engineering really is on the internet today. I see a new craze of cyber rolling coming which hackers can exploit and i'm not sure if I like it very much, its fun and games at the moment, but just wait to the hackers catch on and things develop with the rick roll trend. I'm worried, are you? All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
wishi, On Sat, 26 Apr 2008 12:19:46 -0400 wishi [EMAIL PROTECTED] wrote: I thought exactly the same. Security is a process. If someone doesn't understand, that it's better to know the vulnerabilities to defend, he didn't understand it. I think you have this mixed up. Security a destination, not a process. J -- Hotel pics, info and virtual tours. Click here to book a hotel online. http://tagline.hushmail.com/fc/Ioyw6h4eRCkobHLuhyV8XnOy1Ppjn6yp7M4ga0qmkoxDr5kJKim3dG/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
On Sat, Apr 26, 2008 at 10:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: wishi, On Sat, 26 Apr 2008 12:19:46 -0400 wishi [EMAIL PROTECTED] wrote: I thought exactly the same. Security is a process. If someone doesn't understand, that it's better to know the vulnerabilities to defend, he didn't understand it. I think you have this mixed up. Security a destination, not a process. If that was true then the system you secure today would be safe untouched a year from now or the year after that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
Indeed. There is no such thing as secure. Security is a process, one that never ends. If it did, many of us would be out of a job. ;) On Sun, Apr 27, 2008 at 12:01 AM, G. D. Fuego [EMAIL PROTECTED] wrote: On Sat, Apr 26, 2008 at 10:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: wishi, On Sat, 26 Apr 2008 12:19:46 -0400 wishi [EMAIL PROTECTED] wrote: I thought exactly the same. Security is a process. If someone doesn't understand, that it's better to know the vulnerabilities to defend, he didn't understand it. I think you have this mixed up. Security a destination, not a process. If that was true then the system you secure today would be safe untouched a year from now or the year after that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
at least you wouldn't have to remove trojans and tracking cookies off your customer's machines then On Sat, Apr 26, 2008 at 11:39 PM, Micheal Cottingham [EMAIL PROTECTED] wrote: Indeed. There is no such thing as secure. Security is a process, one that never ends. If it did, many of us would be out of a job. ;) On Sun, Apr 27, 2008 at 12:01 AM, G. D. Fuego [EMAIL PROTECTED] wrote: On Sat, Apr 26, 2008 at 10:32 PM, Joey Mengele [EMAIL PROTECTED] wrote: wishi, On Sat, 26 Apr 2008 12:19:46 -0400 wishi [EMAIL PROTECTED] wrote: I thought exactly the same. Security is a process. If someone doesn't understand, that it's better to know the vulnerabilities to defend, he didn't understand it. I think you have this mixed up. Security a destination, not a process. If that was true then the system you secure today would be safe untouched a year from now or the year after that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
