Re: [Full-disclosure] Did n3td3v infulence Google Security Team
I also agree Thanks for saying what many others think Have a nice day everyone Maxime Ducharme -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de magickal1 Envoyé : 30 avril 2008 20:34 À : full-disclosure@lists.grok.org.uk Objet : [Full-disclosure] Did n3td3v infulence Google Security Team I don't often write to the list nor contribute much at all at this point mostly due to work commitments but I felt a need to this time. Why on earth was this posted to the list? it provided no usefull information. It had nothing to do with full disclosure of anything. all it did was waste my time and others. At this point the author of the post has made it to the filter to hit the trash bin straight off marked as read. Do us all a favor...stop posting this crap. Its pointless, provides no information and can be used for nothing. In a word this post ranked no higher than SPAM! My 2cents worth. Flame away chances are I'm not going to respond anyway. if [ !=n3td3v ] then; mv $post spam fi On Tuesday 29 April 2008 20:50:18 [EMAIL PROTECTED] wrote: Did n3td3v infulence Google Security Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] iDefense Security Advisory 04.30.08: Akamai Download Manager Arbitrary Program Execution Vulnerability
iDefense Security Advisory 04.30.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 30, 2008 I. BACKGROUND Akamai Download Manager is an integral component of Akamai's global distribution service. It is used to deliver big files quickly and reliably to users around world. It has been used by vendors such as Symantec and Microsoft to provide downloads to the public. Akamai provides both an ActiveX and a Java based Download Manager. If a user uses the ActiveX control once, it will remain installed on the users computer until manually removed. For more information, please visit following web sites. http://www.akamai.com/html/technology/products/http_downloads.html http://www.akamai.com/html/solutions/electronic_software_delivery.html II. DESCRIPTION Remote exploitation of a design error in Akamai Technologies, Inc's Download Manager allows attackers to execute arbitrary code in the context of the current user. The ActiveX control version has the following identifiers: Class: DownloadManager Control CLSID: 2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B CLSID: FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1 ProgId: MANAGER.DLMCtrl.1. File: C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx The Java version has the following identifiers: Class: com.akamai.dm.ui.applet.DMApplet.class JAR: dlm-java-2.2.2.0.jar This problem specifically exists due to two undocumented object parameters. By using these parameters, it is possible to cause Download Manager to automatically download and execute arbitrary binaries from attacker controlled locations. III. ANALYSIS Exploitation allows an attacker to execute arbitrary code in the context of the user viewing a maliciously crafted web page. In order to exploit this vulnerability, an attacker would need to persuade, or otherwise force, a user to view a malicious web page. This is usually accomplished by getting the targeted user to click a link in a form of electronic communication such as e-mail or instant messaging. While the attack is happening, the Download Manager user interface is displayed. However, in a normal attack scenario there is insufficient time to cancel the download before exploitation occurs. IV. DETECTION iDefense confirmed the existence of this vulnerability using version 2.2.2.1 of Akamai Technologies Inc's DownloadManagerV2.ocx. Additionally, iDefense confirmed the problem exists in version 2.2.2.0 of the Download Manager Java Applet. All versions prior to the fixed version are suspected to be vulnerable. V. WORKAROUND Setting kill-bits for the associated CLSIDs will prevent the ActiveX control from being loaded within Internet Explorer, thereby preventing exploitation. Disabling Java will prevent exploitation using the Java Applet version. VI. VENDOR RESPONSE Akamai has addressed this vulnerability with the release of version 2.2.3.5 of their Download Manager product. For more information, refer to their advisory. To download the updated version, visit the following URL. http://dlm.tools.akamai.com/tools/upgrade.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-6339 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 12/06/2007 Initial vendor notification 12/06/2007 Initial vendor response 04/30/2008 Public disclosure IX. CREDIT This vulnerability was reported to iDefense by Peter Vreugdenhil. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail [EMAIL PROTECTED] for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Team SHATTER Security Advisory Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02) April 28, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: The PL/SQL package DBMS_CDC_UTILITY owned by SYS has an instance of SQL Injection. A malicious user can call a vulnerable procedure of this package with specially crafted parameters and execute SQL statements with the elevated privileges of the SYS user. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_CDC_UTILITY can exploit this vulnerability. By default, users granted SELECT_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute SQL commands with SYS privileges. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_CDC_UTILITY package. Fix: Apply Oracle Critical Patch Update April 2008 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html http://www.appsecinc.com/resources/alerts/oracle/2008-01.shtml Timeline: Vendor Notification - 9/24/2007 Vendor Response - 9/28/2007 Fix - 4/15/2008 Public Disclosure - 4/28/2008 Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFIGdFQ9EOAcmTuFN0RAsEBAJ0fnftcWJ32upbc3v1WezVYIt4m2QCguvyt QaysA2lpI/qzMSktNdEQggY= =jgW9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Team SHATTER Security Advisory Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) April 28, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR2, 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the SYS.KUPF$FILE_INT package. This package contains the procedure GET_FULL_FILENAME which is vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.KUPF$FILE_INT can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.KUPF$FILE_INT package. Fix: Apply Oracle Critical Patch Update April 2008 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html http://www.appsecinc.com/resources/alerts/oracle/2008-02.shtml Timeline: Vendor Notification - 8/24/2007 Vendor Response - 8/29/2007 Fix - 4/15/2008 Public Disclosure - 4/28/2008 Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFIGdDJ9EOAcmTuFN0RAjZzAJ9tCnCrlzM2Ee2p+XvXw2QYigEdjgCggVJz vFz+7Ajire3QVAVDA+pKtK0= =GOf3 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Team SHATTER Security Advisory Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15) April 28, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 9iR1, 9iR2 (9.2.0.7 and previous patchsets) and 10gR1 Remote exploitable: Yes (Authentication to Database Server is needed) Credits: This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc. Details: Oracle Database Server provides the SYS.DBMS_AQJMS_INTERNAL package. This package contains the procedures AQ$_REGISTER and AQ$_UNREGISTER which are vulnerable to buffer overflow attacks. Impact: Any Oracle database user with EXECUTE privilege on the package SYS.DBMS_AQJMS_INTERNAL can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE, AQ_ADMINISTRATOR_ROLE or AQ_USER_ROLE have the required privilege. Exploitation of this vulnerability allows an attacker to execute arbitrary code. It can also be exploited to cause DoS (Denial of service) killing the Oracle server process. Vendor Status: Vendor was contacted and a patch was released. Workaround: Restrict access to the SYS.DBMS_AQJMS_INTERNAL package. Fix: Apply Oracle Critical Patch Update April 2008 available at Oracle Metalink. Links: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html http://www.appsecinc.com/resources/alerts/oracle/2008-03.shtml Timeline: Vendor Notification - 2/22/2005 Fix - 04/15/2008 Public Disclosure - 04/28/2008 Application Security, Inc's database security solutions have helped over 1000 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFIGdES9EOAcmTuFN0RAkVzAJ0WCwZ2qJT9SB6EBSbSL4HfUCEb4gCgtoWk XxS8q/0bi1GnLt99aCg4DJ0= =p8Zl -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1564-1] New wordpress packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1564-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst May 01, 2008 http://www.debian.org/security/faq - Package: wordpress Vulnerability : multiple Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-3639 CVE-2007-4153 CVE-2007-4154 CVE-2007-0540 Several remote vulnerabilities have been discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites. CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML. CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands. CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. [no CVE name yet] Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface. For the stable distribution (etch), these problems have been fixed in version 2.0.10-1etch2. For the unstable distribution (sid), these problems have been fixed in version 2.2.3-1. We recommend that you upgrade your wordpress package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54 http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.diff.gz Size/MD5 checksum:29327 663e0b7c1693ff63715e0253ad5cc036 http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.dsc Size/MD5 checksum: 891 2e297f530d472f47b40ba50ea04b1476 Architecture independent packages: http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2_all.deb Size/MD5 checksum: 521244 4851fe016749b1b9c819fd8d5785198e These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSBn2/Wz0hbPcukPfAQLb6gf+IJCvU6dxETAGIm85x1JxfcpWyRx3Ept5 toj+TNH90JgYJsH6nIb3dLwGsv9GhSP8DOfwVS3k6hw8D4bSTzTRg+ieRwRYh14h AYhcK4Xd6XmzP4QOUp34k8bBjup/Jp9ECtXQosh6TocLR5CLS0WV88miuzsDKvTy FZqTNrzA03n0lhxaIaqombN4g+pUQab6hazqsWJferqwpublDVSQzQFDuRXNnmN0 G8294cyBCDqN4TTaMwO9LPoRQQVJbr2lrKsmOdDKoFVOCNeKpU+gonIw9xWOM2kS /Sjn95y7pTAqTXirwbcdIXyqsDo1NIZrxN/al3tnv1ZY9NSy0v9Trw== =BmFA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-1565-1[EMAIL PROTECTED] http://www.debian.org/security/ dann frazier May 1, 2008 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : several vulnerabilities Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-6694 CVE-2008-0007 CVE-2008-1294 CVE-2008-1375 Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6694 Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). CVE-2008-0007 Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. CVE-2008-1294 David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. CVE-2008-1375 Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of priveleges. For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch3. The unstable (sid) and testing distributions will be fixed soon. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.18etch3 user-mode-linux 2.6.18-1um-2etch.18etch3 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.dsc Size/MD5 checksum: 740 950fed7ed7c289cfea9c1b39f0f41bc0 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.dsc Size/MD5 checksum: 740 6f6faa132a53e808bcc61823d140290a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.diff.gz Size/MD5 checksum: 5395308 ae08d42b58cd3cf93a23fe31615ac2fd http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum:14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.dsc Size/MD5 checksum: 892 ca5cdee7568704bc9f6c58f786d0daae http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.tar.gz Size/MD5 checksum:55267 981e9a0a1d79b1605164588eef7da492 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.dsc Size/MD5 checksum: 5672 4e4714f542968b30b2c3f94e203e1e04 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.tar.gz Size/MD5 checksum:55185 0a46d75b3ced870a96ea41b900f1ecaa http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.diff.gz Size/MD5 checksum:16873 868c1f27ad2c8db782bbd2bdc3618d70 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.dsc Size/MD5 checksum: 892 52c602d55bdc301a0622ed8a63745f29 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.diff.gz Size/MD5 checksum:16968 ff1657e11545a0f557b623962c52 Architecture independent packages:
[Full-disclosure] Happy Valdis Kletnieks Day
Happy Valdis Kletnieks Day, a new and innovative day where nothing gets post on FD!!! Valdis Kletnieks, Ureleet and others hope it will catch on and that it will take place every year. Its all about counter productive awareness, don't post anything on FD every May 1st. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Happy Valdis Kletnieks Day
Right back at you! BTW, yesterday was international labor day! Where people from all professions get a day off. I guess the security sector gets two days. -- Razi On 5/2/08, n3td3v [EMAIL PROTECTED] wrote: Happy Valdis Kletnieks Day, a new and innovative day where nothing gets post on FD!!! Valdis Kletnieks, Ureleet and others hope it will catch on and that it will take place every year. Its all about counter productive awareness, don't post anything on FD every May 1st. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Happy Valdis Kletnieks Day
On Thu, May 1, 2008 at 10:47 PM, Razi Shaban [EMAIL PROTECTED] wrote: Right back at you! BTW, yesterday was international labor day! Where people from all professions get a day off. I guess the security sector gets two days. Fuck the security sector!!! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Ureleet
You're fucking banned from n3td3v mailing list so don't even try anymore. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] HD Moore
Suck a cock big boy, you're going down. down, down. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
On Sat, Apr 26, 2008 at 2:13 PM, G. D. Fuego [EMAIL PROTECTED] wrote: Why should ANYONE want to take part in your vulnerability notification day if you believe that the UK Security Service should be tracking these people. Considering you claim to be so close to them, wouldn't that just be registering with that agency? Any day of the year you post on FD is registering with MI6. It makes no difference. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HD Moore
What the hell is this for? On 5/1/08, n3td3v [EMAIL PROTECTED] wrote: Suck a cock big boy, you're going down. down, down. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HD Moore
I mean really, what is this list becoming? Sent from my Verizon Wireless BlackBerry -Original Message- From: Nate McFeters [EMAIL PROTECTED] Date: Thu, 1 May 2008 18:15:33 To:n3td3v [EMAIL PROTECTED] Cc:n3td3v [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] HD Moore What the hell is this for? On 5/1/08, n3td3v [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Suck a cock big boy, you're going down. down, down. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Could n3td3v win a Pwnie award?
What's your point numbnuts? Its also registered with marc.info. Should I be afraid of a couple of linux geeks with squinty eyes and bad breath kicking down my door? (Or at least knocking politely) In case you're two stupid or paranoid to figure that one out ; no, no I shouldn't. Because like MI6 they couldn't give a flying fuck what some donkey has to say on FD unless it is backed up by some serious and reputable other information that this person is a threat. Christ your stupid. (and yet I still feel the need to respond at times... why is that? I must secretly crave your approval or want the glory and fame that comes with calling you out. Yes, that must be it.) On Thu, May 1, 2008 at 11:41 PM, n3td3v [EMAIL PROTECTED] wrote: On Sat, Apr 26, 2008 at 2:13 PM, G. D. Fuego [EMAIL PROTECTED] wrote: Why should ANYONE want to take part in your vulnerability notification day if you believe that the UK Security Service should be tracking these people. Considering you claim to be so close to them, wouldn't that just be registering with that agency? Any day of the year you post on FD is registering with MI6. It makes no difference. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.smashthestack.org http://www.unprotectedhex.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HD Moore
I have kettle popcorn, anybody interested? On Thu, May 1, 2008 at 7:23 PM, [EMAIL PROTECTED] wrote: I mean really, what is this list becoming? Sent from my Verizon Wireless BlackBerry -Original Message- From: Nate McFeters [EMAIL PROTECTED] Date: Thu, 1 May 2008 18:15:33 To:n3td3v [EMAIL PROTECTED] Cc:n3td3v [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] HD Moore What the hell is this for? On 5/1/08, n3td3v [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Suck a cock big boy, you're going down. down, down. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ureleet
i feel an immense loss in my life. On Thu, May 1, 2008 at 6:17 PM, n3td3v [EMAIL PROTECTED] wrote: You're fucking banned from n3td3v mailing list so don't even try anymore. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Andrew Wallace
n3td3v, or is it Andrew Wallace? It's about time someone disclosed your real name. You need to stop causing so much trouble. By the way, how is Abertay Dundee? Are you still going there? -- lounger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HD Moore
sad, that's ur answer. On Thu, May 1, 2008 at 7:23 PM, [EMAIL PROTECTED] wrote: I mean really, what is this list becoming? Sent from my Verizon Wireless BlackBerry -Original Message- From: Nate McFeters [EMAIL PROTECTED] Date: Thu, 1 May 2008 18:15:33 To:n3td3v [EMAIL PROTECTED] Cc:n3td3v [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] HD Moore What the hell is this for? On 5/1/08, n3td3v [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Suck a cock big boy, you're going down. down, down. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ureleet
Was there any reason for the both of you to include the mailing lists on your petty personal rants heretofore? 2008/5/2 Ureleet [EMAIL PROTECTED]: i feel an immense loss in my life. On Thu, May 1, 2008 at 6:17 PM, n3td3v [EMAIL PROTECTED] wrote: You're fucking banned from n3td3v mailing list so don't even try anymore. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] HD Moore
WTF this list is becoming 4chan but less cool. Ureleet wrote: sad, that's ur answer. On Thu, May 1, 2008 at 7:23 PM, [EMAIL PROTECTED] wrote: I mean really, what is this list becoming? Sent from my Verizon Wireless BlackBerry -Original Message- From: Nate McFeters [EMAIL PROTECTED] Date: Thu, 1 May 2008 18:15:33 To:n3td3v [EMAIL PROTECTED] Cc:n3td3v [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] HD Moore What the hell is this for? On 5/1/08, n3td3v [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Suck a cock big boy, you're going down. down, down. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] calling n3td3v out... of the closet
Not worth a shit has wanted to fuck hd, fuck the security sector, fuck mi6, fuck uereleet, fuck the security awarness day, fuck valdis, fuck everyone who has subscribed to fd. It makes me wonder if this is all about him being gay? We are all sorry that you can't come to feel good about where you put your wanker, but please leave it out of FD. n3tarsehole, if you are tired of your fingers smelling of pig vagina, special education students and handicapped senior citizens you should probably stop whacking to fantasies of HD performing acts of felatio and go ahead and finish your security+ certification so that you can get a job (rather than giving them) and buy some decent cunny. Than you can spend some of that money getting blown by pre-operative she males like you like, you know birds with balls and peckers. Until then, please SHUT UP. Love always, Mom and dad. P.S. dad wants to borrow some makeup, will you help him out? -- Click for information on obtaining a VA loan. http://tagline.hushmail.com/fc/Ioyw6h4d9CwT6XC5BYYmajvZPjzj2lQvmhhcgxQvCLhG2NXU6lb1BO/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ureleet
On Fri, May 2, 2008 at 10:31 AM, Pat [EMAIL PROTECTED] wrote: Was there any reason for the both of you to include the mailing lists on your petty personal rants heretofore? dude, they're the same person. 2008/5/2 Ureleet [EMAIL PROTECTED]: -- http://lets.coozi.com.au/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ureleet
On Fri, May 2, 2008 at 3:54 AM, silky [EMAIL PROTECTED] wrote: On Fri, May 2, 2008 at 10:31 AM, Pat [EMAIL PROTECTED] wrote: Was there any reason for the both of you to include the mailing lists on your petty personal rants heretofore? dude, they're the same person. Ureleet is nothing to do with n3td3v, he is very much an enemy!!! All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
