Re: [Full-disclosure] Snort Signature to detect credit cards

[Randal T. Rioux]

FYI - http://www.emergingthreats.net

This was discussed on the snort-sigs mailing list back in 2003. Check out
http://marc.info/?l=snort-sigs&m=106601612825950&w=2

Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
contains some PCRE CC# checks. This will show you some:

$ more emerging-policy.rules | grep Number


Randy


On Thu, May 8, 2008 11:02 pm, Simon Smith wrote:
> You sure you got that URL right?
>
> Ray P wrote:
>> The free rule sets from http://www.emergingthreats.com have this
>> capability. Look in the Policy section.
>>
>> RAy
>>
>> 
>> From: [EMAIL PROTECTED]
>> To: full-disclosure@lists.grok.org.uk
>> Date: Thu, 8 May 2008 12:44:15 -0600
>> Subject: [Full-disclosure] Snort Signature to detect credit cards
>>
>>
>> Does anyone have a snort signature to detect credit cards or social
>> security numbers?
>>
>> Thank you in advance,
>>
>> Jeff
>>
>>
>> 
>> Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
>> 
>>
>>
>> 
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
>
> - simon
>
> --
> http://www.snosoft.com
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Snort Signature to detect credit cards

[T Biehn]

Time to start encoding them using JS now, solutions solutions solutions.

On Fri, May 9, 2008 at 4:15 AM, Randal T. Rioux <[EMAIL PROTECTED]> wrote:
> FYI - http://www.emergingthreats.net
>
> This was discussed on the snort-sigs mailing list back in 2003. Check out
> http://marc.info/?l=snort-sigs&m=106601612825950&w=2
>
> Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
> contains some PCRE CC# checks. This will show you some:
>
> $ more emerging-policy.rules | grep Number
>
>
> Randy
>
>
> On Thu, May 8, 2008 11:02 pm, Simon Smith wrote:
>> You sure you got that URL right?
>>
>> Ray P wrote:
>>> The free rule sets from http://www.emergingthreats.com have this
>>> capability. Look in the Policy section.
>>>
>>> RAy
>>>
>>> 
>>> From: [EMAIL PROTECTED]
>>> To: full-disclosure@lists.grok.org.uk
>>> Date: Thu, 8 May 2008 12:44:15 -0600
>>> Subject: [Full-disclosure] Snort Signature to detect credit cards
>>>
>>>
>>> Does anyone have a snort signature to detect credit cards or social
>>> security numbers?
>>>
>>> Thank you in advance,
>>>
>>> Jeff
>>>
>>>
>>> 
>>> Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
>>> 
>>>
>>>
>>> 
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> --
>>
>> - simon
>>
>> --
>> http://www.snosoft.com
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Happy Birthday Israel!

[Andrew A]

There are two possibilities for you. Either you are a Jew, and are trying to
attack me to take community consensus away from the truth, or you are a goy
who has no idea what Judaism is about. Either way, I'm going to tell you the
truth of the Jewish meme.

The Jews consider themselves a chosen people. According to the law of both
the Torah and the Talmud, the Jews believe they have political and economic
rights that the goy do not. What in their philosophy grants them these
rights?

The answer is a contract with a malevolent, evil god. The Jews like to
present their God as a universal one, but it actually a very specific god:
an animistic spirit of a volcano in the desert Sinai which manifested itself
to Moses during an eruption in the form of a burning bush. In one of the
single greatest acts of pretexting in history (aided by repeated genocides
of Ammonites, Moabites, etc) the Jews managed to convince other people that
their god was everyone's god.

So the issue with the Jews is the conditions of this contract. The terms of
the covenant are outlined in Deuteronomy chapter 6. In this, Jews are
instructed to create a box to hang outside their house with the words of the
covenant written on a piece of paper inside it. This device is called a
Mezuzah, contains Deuteronomy 6:4-9 written inside it, and is hung outside
the home of every Jew that keeps the covenant. After verse 6:9, verses
6:10-11 reveal the reward that the Jews get for following the covenant, and
their real agenda:
"And it shall be, when the LORD thy God shall have brought thee into the
land which he sware unto thy fathers, to Abraham, to Isaac, and to Jacob, to
give thee great and goodly cities, which thou buildedst not, And houses full
of all good things, which thou filledst not, and wells digged, which thou
diggedst not, vineyards and olive trees, which thou plantedst not; when thou
shalt have eaten and be full;"

Have you ever heard a statement so fundamentally advocating parasitism from
any other religion in the world? This is not some random statement out of
context, these are the direct statements after the prayer which is at the
very core of the Jewish covenant. The Jews believe they have a divine right
to militarism, parasitism and genocide. If a Jew claims he does not, he is
either a liar, or knows nothing of his evil religion.

Later in Deuteronomy, Moses describes what "good" Jews are to do to the
native peoples of the lands that they Jewish forces "liberate" either by
force or by swindling, first in 7:16
"And thou shalt consume all the people which the LORD thy God shall deliver
thee; thine eye shall have no pity upon them: neither shalt thou serve their
gods; for that will be a snare unto thee."
And again in 20:16
"But of the cities of these people, which the LORD thy God doth give thee
for an inheritance, thou shalt save alive nothing that breatheth"

The Jews are just as eager to steal our homes, our farms, the fruits of our
labor, and completely and utterly wipe us out now as they were to kill the
Ammonites, Moabites, Canaanites, etc then. And so, they have uprooted great
constitutional governments founded in the ethics of Nordic and Greek
Pantheism, as well as Christianity, and replaced them with tyrannical
bureaucracies in Jewish interests. So they have taken our free currencies
and replaced them with fiat-based currencies to the benefit of multinational
banking dynasties (the Chairman of the US Federal Reserve, for example, is
an Orthodox Jew, and every member of the reserve board is an Orthodox Jew).
So they Balkanize us with third world mud genetics and slowly dismantle our
right to bear arms. We are expected to not resist as welfare-raised niggers
rape our daughters (According to U.S. Justice Department figures over 34,460
White women are sexually assaulted or raped by Black men each year, and less
than ten White men rape Black women) and steal all of our goods which are
not bolted down to something. We are expect to shut up as Jews, having taken
control of the media through the non-elected positions in the FCC, broadcast
their propaganda as infotainment and pump our children's heads full of
immoral, oversexualized garbage.

Not me. I will speak of Judaism freely as it truly is: a nightmarish
parasite that is destroying everything that is good in the world. As long as
there remains a single member of a disgusting, despicable religion that
believes it has the divine right to the fruits of others' labor, to
militarism, to genocide, then there will be no peace. Not just no peace for
far off places such as Palestine and Lebanon, but for the United States and
the rest of the world as well.


On Thu, May 8, 2008 at 4:26 PM, Mercury Vapour <[EMAIL PROTECTED]> wrote:

> Andrew A.:
>
> I have read your bullshit rants in the past, and it is clear that you have
> some serious problems and are completely delusional.  You must see yourself
> as being a deity of some type.  What is your purpose anyway?
>
> You fit in well with the othe

Re: [Full-disclosure] Snort Signature to detect credit cards

[poo]

exactly what do you want to achieve with this signature?
need money for porn?

On Fri, May 9, 2008 at 5:02 AM, Simon Smith <[EMAIL PROTECTED]> wrote:

> You sure you got that URL right?
>
> Ray P wrote:
> > The free rule sets from http://www.emergingthreats.com have this
> > capability. Look in the Policy section.
> >
> > RAy
> >
> >
> 
> > From: [EMAIL PROTECTED]
> > To: full-disclosure@lists.grok.org.uk
> > Date: Thu, 8 May 2008 12:44:15 -0600
> > Subject: [Full-disclosure] Snort Signature to detect credit cards
> >
> >
> > Does anyone have a snort signature to detect credit cards or social
> > security numbers?
> >
> > Thank you in advance,
> >
> > Jeff
> >
> >
> > 
> > Get Free (PRODUCT) RED™ Emoticons, Winks and Display Pics. Check it out!
> > 
> >
> >
> >
> > 
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
>
> - simon
>
> --
> http://www.snosoft.com
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
smile tomorrow will be worse
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Out of Office AutoReply: Snort Signature to det ect credit cards

[Randal T. Rioux]

On Fri, May 9, 2008 4:23 am, West, Bill (USA) wrote:
> I am no longer on-site full time and have limited access to e-mail. I will
> respond to you as soon as I can. If your issue is an emergency, please use
> the contacts below.
>
> Emergencies for MTU Users: Contact Augustin Schuster, +1-860-667-6620
> Emergencies for T-Systems & MTU Management: Contact Mike Bouranis,
> +1-248-276-3459
>
> Thanks
>

Folks, it is 2008. Like cell phones, e-mail autoresponders are no longer
cool. Use a separate address for mailing lists (like a personal or
disposable one) so we don't get bombarded with your junk.

Did I mention the social engineering treasures sent around the world with
each one? Do you really work in security?

Gah!

Randy


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Snort Signature to detect credit cards

[Siim Põder]

Randal T. Rioux wrote:
> FYI - http://www.emergingthreats.net
> 
> This was discussed on the snort-sigs mailing list back in 2003. Check out
> http://marc.info/?l=snort-sigs&m=106601612825950&w=2
> 
> Also, as Ray mentioned, the Emerging Threats emerging-policy.rules
> contains some PCRE CC# checks. This will show you some:

I wrote a dynamic plugin for detecting CC numbers (requires snort 2.6+):

http://p6drad-teel.net/~windo/release/creditcard.tar.gz

It checks prefixes (visa/amex/etc), number length and the luhn code (the
last digit) + allows arbitrary grouping by dashes and/or spaces.

Siim

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Out of Office AutoReply: Snort Signature to det ect credit cards

[Nick FitzGerald]

Randal T. Rioux to Bill West:

> > I am no longer on-site full time and have limited access to e-mail. I will
> > respond to you as soon as I can. If your issue is an emergency, please use
> > the contacts below.
<>
> 
> Did I mention the social engineering treasures sent around the world with
> each one? Do you really work in security?

Maybe this kind of thing is why he no longer...



Regards,

Nick FitzGerald


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Free IT Security Training

[scott]

Over the past several weeks, I’ve been gathering free training resources
to share with the IT security community.  

Training that I’ve collected and others have sent to me can be found at:

http://www.FreeITSecurityTraining.com

Thanks to everyone who provided resources.  If you haven't already, I hope
that you will take a short time to register and post any free resources you
have encountered over the years.

Registration isn’t required to access training that others have shared. 
I encourage you to pass this info along to anyone who might be interested.

If you have any questions or comments, you can reach me at:

[EMAIL PROTECTED]

Best regards,

Scott ([EMAIL PROTECTED])


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability

[Deniz Cevik]

Affected Software/Device: Oracle Application Server Portal

Vulnerability: Authentication Bypass

Tested Version: 10G

Risk: Medium

Description: 

Oracle Application Server Portal (OracleAS Portal) is a Web-based
application for building and deploying portals. It provides a secure,
manageable environment for accessing and interacting with enterprise
software services and information resources.

Initially /dav_portal/portal/ directory is being protected using basic
authentication. It is possible to bypass and access content of
dav_portal by adding a specially crafted cookie value in the http
request header.

Sample Request:

In order to construct a special http request first visit
"http:/site/pls/portal/%0A" url. This request adds special session id
into cookie. Subsequent connection attempts to
"http://site/dav_portal/portal/"; will reveal the contents of directory
without any authentication.

Deniz CEVIK
www.intellectpro.com.tr

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] List Charter

[John Cartwright]

[Full-Disclosure] Mailing List Charter
John Cartwright <[EMAIL PROTECTED]>
 

- Introduction & Purpose -

This document serves as a charter for the [Full-Disclosure] mailing 
list hosted at lists.grok.org.uk.

The list was created on 9th July 2002 by Len Rose, and is primarily 
concerned with security issues and their discussion.  The list is 
administered by John Cartwright.

The Full-Disclosure list is hosted and sponsored by Secunia.


- Subscription Information -

Subscription/unsubscription may be performed via the HTTP interface 
located at http://lists.grok.org.uk/mailman/listinfo/full-disclosure.

Alternatively, commands may be emailed to 
[EMAIL PROTECTED], send the word 'help' in 
either the message subject or body for details.

 
- Moderation & Management -

The [Full-Disclosure] list is unmoderated. Typically posting will be
restricted to members only, however the administrators may choose to 
accept submissions from non-members based on individual merit and 
relevance.

It is expected that the list will be largely self-policing, however in
special circumstances (eg spamming, misappropriation) then offending 
members may be removed from the list by the management.

An archive of postings is available at 
http://lists.grok.org.uk/pipermail/full-disclosure/.
 

- Acceptable Content -

Any information pertaining to vulnerabilities is acceptable, for 
instance announcement and discussion thereof, exploit techniques and 
code, related tools and papers, and other useful information.

Gratuitous advertisement, product placement, or self-promotion is 
forbidden.  Disagreements, flames, arguments, and off-topic discussion 
should be taken off-list wherever possible.

Humour is acceptable in moderation, providing it is inoffensive. 
Politics should be avoided at all costs.

Members are reminded that due to the open nature of the list, they 
should use discretion in executing any tools or code distributed via
this list.
 

- Posting Guidelines -

The primary language of this list is English. Members are expected to 
maintain a reasonable standard of netiquette when posting to the list. 

Quoting should not exceed that which is necessary to convey context, 
this is especially relevant to members subscribed to the digested 
version of the list.

The use of HTML is discouraged, but not forbidden. Signatures will 
preferably be short and to the point, and those containing 
'disclaimers' should be avoided where possible.

Attachments may be included if relevant or necessary (e.g. PGP or 
S/MIME signatures, proof-of-concept code, etc) but must not be active 
(in the case of a worm, for example) or malicious to the recipient.

Vacation messages should be carefully configured to avoid replying to 
list postings. Offenders will be excluded from the mailing list until 
the problem is corrected.

Members may post to the list by emailing 
[EMAIL PROTECTED] Do not send subscription/
unsubscription mails to this address, use the -request address 
mentioned above.


- Charter Additions/Changes -

The list charter will be published at 
http://lists.grok.org.uk/full-disclosure-charter.html.

In addition, the charter will be posted monthly to the list by the 
management.

Alterations will be made after consultation with list members and a 
concensus has been reached.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Happy Birthday Israel!

[Skratz0r]

Why are you bothering arguing on the internet?
Really?

I think I speak for quite a lot of us when I say this is so for us,  
to listen to you
gripe about religion and other topics.

Please constrain your emails to topics related to what the mailing  
list is about.
Thanks.

~ Skratz0r


   Andrew A --
   Re: [Full-disclosure] Happy Birthday Israel!
> There are two possibilities for you. Either you are a Jew, and are  
> trying to attack me to take community consensus away from the  
> truth, or you are a goy who has no idea what Judaism is about.  
> Either way, I'm going to tell you the truth of the Jewish meme.
>
> The Jews consider themselves a chosen people. According to the law  
> of both the Torah and the Talmud, the Jews believe they have  
> political and economic rights that the goy do not. What in their  
> philosophy grants them these rights?
>
> The answer is a contract with a malevolent, evil god. The Jews like  
> to present their God as a universal one, but it actually a very  
> specific god: an animistic spirit of a volcano in the desert Sinai  
> which manifested itself to Moses during an eruption in the form of  
> a burning bush. In one of the single greatest acts of pretexting in  
> history (aided by repeated genocides of Ammonites, Moabites, etc)  
> the Jews managed to convince other people that their god was  
> everyone's god.
>
> So the issue with the Jews is the conditions of this contract. The  
> terms of the covenant are outlined in Deuteronomy chapter 6. In  
> this, Jews are instructed to create a box to hang outside their  
> house with the words of the covenant written on a piece of paper  
> inside it. This device is called a Mezuzah, contains Deuteronomy  
> 6:4-9 written inside it, and is hung outside the home of every Jew  
> that keeps the covenant. After verse 6:9, verses 6:10-11 reveal the  
> reward that the Jews get for following the covenant, and their real  
> agenda:
> "And it shall be, when the LORD thy God shall have brought thee  
> into the land which he sware unto thy fathers, to Abraham, to  
> Isaac, and to Jacob, to give thee great and goodly cities, which  
> thou buildedst not, And houses full of all good things, which thou  
> filledst not, and wells digged, which thou diggedst not, vineyards  
> and olive trees, which thou plantedst not; when thou shalt have  
> eaten and be full;"
>
> Have you ever heard a statement so fundamentally advocating  
> parasitism from any other religion in the world? This is not some  
> random statement out of context, these are the direct statements  
> after the prayer which is at the very core of the Jewish covenant.  
> The Jews believe they have a divine right to militarism, parasitism  
> and genocide. If a Jew claims he does not, he is either a liar, or  
> knows nothing of his evil religion.
>
> Later in Deuteronomy, Moses describes what "good" Jews are to do to  
> the native peoples of the lands that they Jewish forces "liberate"  
> either by force or by swindling, first in 7:16
> "And thou shalt consume all the people which the LORD thy God shall  
> deliver thee; thine eye shall have no pity upon them: neither shalt  
> thou serve their gods; for that will be a snare unto thee."
> And again in 20:16
> "But of the cities of these people, which the LORD thy God doth  
> give thee for an inheritance, thou shalt save alive nothing that  
> breatheth"
>
> The Jews are just as eager to steal our homes, our farms, the  
> fruits of our labor, and completely and utterly wipe us out now as  
> they were to kill the Ammonites, Moabites, Canaanites, etc then.  
> And so, they have uprooted great constitutional governments founded  
> in the ethics of Nordic and Greek Pantheism, as well as  
> Christianity, and replaced them with tyrannical bureaucracies in  
> Jewish interests. So they have taken our free currencies and  
> replaced them with fiat-based currencies to the benefit of  
> multinational banking dynasties (the Chairman of the US Federal  
> Reserve, for example, is an Orthodox Jew, and every member of the  
> reserve board is an Orthodox Jew). So they Balkanize us with third  
> world mud genetics and slowly dismantle our right to bear arms. We  
> are expected to not resist as welfare-raised niggers rape our  
> daughters (According to U.S. Justice Department figures over 34,460  
> White women are sexually assaulted or raped by Black men each year,  
> and less than ten White men rape Black women) and steal all of our  
> goods which are not bolted down to something. We are expect to shut  
> up as Jews, having taken control of the media through the non- 
> elected positions in the FCC, broadcast their propaganda as  
> infotainment and pump our children's heads full of immoral,  
> oversexualized garbage.
>
> Not me. I will speak of Judaism freely as it truly is: a  
> nightmarish parasite that is destroying everything that is good in  
> the world. As long as there remains a single member of a  
> 

[Full-disclosure] [ GLSA 200805-06 ] Firebird: Data disclosure

[Robert Buchholz]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200805-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Firebird: Data disclosure
  Date: May 09, 2008
  Bugs: #216158
ID: 200805-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Firebird allows remote connections to the administrative account
without verifying credentials.

Background
==

Firebird is a multi-platform, open source relational database.

Affected packages
=

---
 Package  /  Vulnerable  /  Unaffected
---
  1  dev-db/firebird < 2.0.3.12981.0-r6>= 2.0.3.12981.0-r6

Description
===

Viesturs reported that the default configuration for Gentoo's init
script ("/etc/conf.d/firebird") sets the "ISC_PASSWORD" environment
variable when starting Firebird. It will be used when no password is
supplied by a client connecting as the "SYSDBA" user.

Impact
==

A remote attacker can authenticate as the "SYSDBA" user without
providing the credentials, resulting in complete disclosure of all
databases except for the user and password database (security2.fdb).

Workaround
==

There is no known workaround at this time.

Resolution
==

All Firebird users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot -v ">=dev-db/firebird-2.0.3.12981.0-r6"

Note: /etc/conf.d is protected by Portage as a configuration directory.
Do not forget to use "etc-update" or "dispatch-conf" to overwrite the
"firebird" configuration file, and then restart Firebird.

References
==

  [ 1 ] CVE-2008-1880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1880

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200805-06.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


signature.asc
Description: This is a digitally signed message part.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200805-07 ] Linux Terminal Server Project: Multiple vulnerabilities

[Robert Buchholz]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200805-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Linux Terminal Server Project: Multiple vulnerabilities
  Date: May 09, 2008
  Bugs: #215699
ID: 200805-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Multiple vulnerabilities have been discovered in components shipped
with LTSP which allow remote attackers to compromise terminal clients.

Background
==

The Linux Terminal Server Project adds thin-client support to Linux
servers.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-misc/ltsp< 5.0Vulnerable!
---
 NOTE: Certain packages are still vulnerable. Users should migrate
   to another package if one is available or wait for the
   existing packages to be marked stable by their
   architecture maintainers.

Description
===

LTSP version 4.2, ships prebuilt copies of programs such as the Linux
Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA
200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA
200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30)
which were subject to multiple security vulnerabilities since 2006.
Please note that the given list of vulnerabilities might not be
exhaustive.

Impact
==

A remote attacker could possibly exploit vulnerabilities in the
aforementioned programs and execute arbitrary code, disclose sensitive
data or cause a Denial of Service within LTSP 4.2 clients.

Workaround
==

There is no known workaround at this time.

Resolution
==

LTSP 4.2 is not maintained upstream in favor of version 5. Since
version 5 is not yet available in Gentoo, the package has been masked.
We recommend that users unmerge LTSP:

# emerge --unmerge net-misc/ltsp

If you have a requirement for Linux Terminal Servers, please either set
up a terminal server by hand or use one of the distributions that
already migrated to LTSP 5. If you want to contribute to the
integration of LTSP 5 in Gentoo, or want to follow its development,
find details in bug 177580.

References
==

  [ 1 ] GLSA 200705-02
http://www.gentoo.org/security/en/glsa/glsa-200705-02.xml
  [ 2 ] GLSA 200705-06
http://www.gentoo.org/security/en/glsa/glsa-200705-06.xml
  [ 3 ] GLSA 200705-22
http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml
  [ 4 ] GLSA 200705-24
http://www.gentoo.org/security/en/glsa/glsa-200705-24.xml
  [ 5 ] GLSA 200710-06
http://www.gentoo.org/security/en/glsa/glsa-200710-06.xml
  [ 6 ] GLSA 200710-16
http://www.gentoo.org/security/en/glsa/glsa-200710-16.xml
  [ 7 ] GLSA 200710-30
http://www.gentoo.org/security/en/glsa/glsa-200710-30.xml
  [ 8 ] GLSA 200711-08
http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml
  [ 9 ] GLSA 200801-09
http://www.gentoo.org/security/en/glsa/glsa-200801-09.xml
  [ 10 ] Gentoo bug 177580: Port LTSP 5 to Gentoo
 https://bugs.gentoo.org/177580

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200805-07.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


signature.asc
Description: This is a digitally signed message part.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200805-08 ] InspIRCd: Denial of Service

[Robert Buchholz]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200805-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: InspIRCd: Denial of Service
  Date: May 09, 2008
  Bugs: #215704
ID: 200805-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A buffer overflow in InspIRCd allows remote attackers to cause a Denial
of Service.

Background
==

InspIRCd (Inspire IRCd) is a modular C++ IRC daemon.

Affected packages
=

---
 Package   /  Vulnerable  / Unaffected
---
  1  net-irc/inspircd  < 1.1.19  >= 1.1.19

Description
===

The "namesx" and "uhnames" modules do not properly validate network
input, leading to a buffer overflow.

Impact
==

A remote attacker can send specially crafted IRC commands to the
server, causing a Denial of Service.

Workaround
==

Unload the "uhnames" module in the InspIRCd configuration.

Resolution
==

All InspIRCd users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/inspircd-1.1.19"

References
==

  [ 1 ] CVE-2008-1925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1925

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200805-08.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


signature.asc
Description: This is a digitally signed message part.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Jesse Bacon]

ld like, however, to point out that your comments are nothing more
> > than a reflection of your own inadequacies.  It seems your membership in
> the
> > human race has been invalidated by your need to threaten others with
> nuclear
> > annihilation.  I hope you find solace in your efforts to bring terror to
> > others.  You certainly surpass the standard model of the idiot in
> > unparalleled magnitude.
> >
> > I wish peace in the self-limiting and pathetic world you live in.  Maybe
> > one day you will see who you really are, and apologize to the people you
> > have hurt.  But then, some people never come clean.
> >
> > MAZEL TOV !
> >
> >
> > On Thu, May 8, 2008 at 3:35 PM, Andrew A <[EMAIL PROTECTED]> wrote:
> >
> >> 60 years of being a parasite upon the free world
> >>
> >> 60 years of believing you have a divine right to militarism
> >>
> >> 60 years of genocide
> >>
> >> 60 years of greedy, filthy jews
> >>
> >> the rapture is coming, and you'll all be nuked.
> >>
> >> On Thu, May 8, 2008 at 7:59 AM, avivra <[EMAIL PROTECTED]> wrote:
> >>
> >>>   Today we are celebrating, here in Israel, 60 years<
> http://israel60.gov.il/englishnews/categoryList.aspx>of being an
> independent country. As part of the celebration, I'm releasing a
> >>> new 0day vulnerability.
> >>> One of our customs in Independence day is to play a "treasure hunt<
> http://en.wikipedia.org/wiki/Treasure_hunt>"
> >>> game. In this game there is a treasure hidden somewhere in our
> beautiful
> >>> country, and we get mysterious clues that help us find this treasure by
> >>> traveling to <http://en.wikipedia.org/wiki/Galilee> many<
> http://en.wikipedia.org/wiki/Golan_Heights>
> >>> great <http://en.wikipedia.org/wiki/Negev> sites<
> http://en.wikipedia.org/wiki/Judean_Desert>all over Israel.
> >>> In the spirit of this day, I've decided not to release full details
> about
> >>> this vulnerability yet, but rather play a little "treasure hunt" game.
> >>> Somewhere in my blog <http://aviv.raffon.net/>, I embedded a
> >>> proof-of-concept code which exploits this 0day vulnerability.
> >>>
> >>> Clues for finding the 0day treasure can be found here:
> >>> http://aviv.raffon.net/2008/05/07/HappyBirthdayIsrael.aspx
> >>>
> >>>
> >>>
> >>> --Aviv
> >>>
> >>> ___
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>
> >>
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> >
> > --
> > - Scott
> >
> > Ex Nihilo Nihil
> -- next part --
> An HTML attachment was scrubbed...
> URL:
> http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080509/db00f3b3/attachment-0001.html
>
> --
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 39, Issue 20
> ***
>



-- 
Jesse Bacon
(703)625-4076
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

Dead Roberts,

On Fri, 09 May 2008 10:36:43 -0400 Jesse Bacon 
<[EMAIL PROTECTED]> wrote:
>Listen you self righteous, do-nothing, uninformed,  sheeps arse.
>Misquoting  verses from the old testament  and adding in  little  
>bits  of
>your own fascism doesn't show anybody how much of a scholar you 
>are.  Jews
>are taught to respect their fellow man and protect the innocent.  
>Thats
>that.  Please keep your ignorance off of this list because we are 
>trying to
>support the freedom of information,  not your right to make people 
>listen to
>your bigoted rantings.  Serious developers and scholars unite!  
>Its time to
>use our resources (such as this list and the people that read it!) 
>to start
>making a difference.  I am not saying you should leave the group,  
>I'm just
>saying unless you are posting something useful save it for someone 
>who gives
>a shit what you think...a social forum for example.  By the way, 
>you have
>late fees at Blockbuster. Peace cracker!
>

Blockbuster doesn't have late fees "cracker". But even if they did 
that shit wouldn't have been clever.

J
"Fuck Zionism and Fuck You Too" - Linus Torvalds

--
Scan, remove and block Spyware. Click now!
http://tagline.hushmail.com/fc/Ioyw6h4dKPZm5aRPFtB8frEnkhBe6o3e9BHWnZRz91W9QFrEyGGDzC/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Download Vulnerability in Internet Explorer 6 & 7

[Jediah]

This vulnerability may have limited destructive powers based on the current
description that I've come up with - it is also possible that someone else
with more time on their hands can come up with other variants that would be
a bit more destructive. It does require bad habits on both the
web-administrators and the users side - but isn't that often the center of
vulnerabilities?


Web application Scenario:

1.Website accepts file uploads from users 
2.Website follows recommended security for file uploads including two that
are important to this discussion:
a.The document being uploaded is not stored in a directory that is
accessible by Web Users (it is served up from a back end process when
requested by users) 
b.The users do not have execute permissions on the documents that are stored
on the server (only permissions that are granted for download)

Attack scenario:

1.Attacker uploads HTML file to site
a.This HTML file contains:
i.Copy of logon form from the website, including relative pathing to website
for cascading style sheets, images, etc.
ii.Attacker modifies form post location, so form posts go to a site the
attacker controls 
2.Website provides other users the ability based on their authorization to
download and view the HTML file that the attacker uploads

IE Response:

1.Authenticated users click on HTML file and are presented with the download
popup, file is streamed from a repository other than a web accessible
location from the server 
2.When prompted, users choose "Open"  from the download popup, allowing
default application to open the downloaded file 
3.IE opens the HTML page in the current IE window (this has been verified
against both IE 6 and IE 7), but IE does not change the security zone, or
the URL of the IE address bar, so now the user sees the (modified) logon
page of the site, but is given no indication (apart from opening and
reviewing source code) that this page is not hosted on the site they are
visiting 
4.IE, thinking the HTML page has been served up from the remote site in the
normal use case, also resolves all relative paths (cascading style sheets,
images, etc) from the server 
5.User - while thinking it odd that they are being prompted to logon again,
looks and sees they are still in the same security zone, and URL of their
trusted website 
6.User logs on again (sending credentials to the attacker), and attacker
does anything he wants with the post (serve up the actual file, redirect
back to the original site, etc.)


Contrast IE's response to FireFox's response.

FireFox response:

1.Authenticated users click on HTML file and choose to download, when
prompted, users choose "Open"  for HTML file, allowing default application
to open the downloaded file 
2.Default browser (or alternate browser) opens the HTML page from local
internet cache after download complete 
3.Browser does not resolve relative paths, and URL is changed to show it's
running from a local location 
4.Attack is obvious, User doesn't proceed.



Perhaps I've missed something that makes this of no use to an attacker, and
perhaps I've missed something that makes this an even bigger problem than I
realized - but none-the-less, here it is.

r/Darth Jedi


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Garrett M. Groff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I think it's time to cut out this anti-semitic crap. It violates the list
charter and it's just embarrassing (to those who hold such hateful
opinions). If you want to be complicit in hateful propaganda that echoes
that of the mindless Islamic fascism that is so rampant in many parts of
the world, then so be it (best of luck with that). But pls do so outside of
the context of this list, or better yet, not at all.

- - G


- - Original Message - 
From: "Joey Mengele" <[EMAIL PROTECTED]>
To: ; <[EMAIL PROTECTED]>
Sent: Friday, May 09, 2008 11:14 AM
Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20


> Dead Roberts,
>
> On Fri, 09 May 2008 10:36:43 -0400 Jesse Bacon
> <[EMAIL PROTECTED]> wrote:
>>Listen you self righteous, do-nothing, uninformed,  sheeps arse.
>>Misquoting  verses from the old testament  and adding in  little
>>bits  of
>>your own fascism doesn't show anybody how much of a scholar you
>>are.  Jews
>>are taught to respect their fellow man and protect the innocent.
>>Thats
>>that.  Please keep your ignorance off of this list because we are
>>trying to
>>support the freedom of information,  not your right to make people
>>listen to
>>your bigoted rantings.  Serious developers and scholars unite!
>>Its time to
>>use our resources (such as this list and the people that read it!)
>>to start
>>making a difference.  I am not saying you should leave the group,
>>I'm just
>>saying unless you are posting something useful save it for someone
>>who gives
>>a shit what you think...a social forum for example.  By the way,
>>you have
>>late fees at Blockbuster. Peace cracker!
>>
>
> Blockbuster doesn't have late fees "cracker". But even if they did
> that shit wouldn't have been clever.
>
> J
> "Fuck Zionism and Fuck You Too" - Linus Torvalds
>
> --
> Scan, remove and block Spyware. Click now!
> http://tagline.hushmail.com/fc/Ioyw6h4dKPZm5aRPFtB8frEnkhBe6o3e9BHWnZRz91
> W9QFrEyGGDzC/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.6.2 (Build 2014) - not licensed for commercial use: 
www.pgp.com

wj8DBQFIJG5ySGIRT5oVahwRAmU3AJ9MKH6fgFqDEvEMmECwUhH8AkQrPwCg+ECE
qfAaoKpLW2mrSA/bX8VHMTo=
=g9F6
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

Dead Groff,

Please keep your anti Muslim rants off list.

J

On Fri, 09 May 2008 11:33:05 -0400 "Garrett M. Groff" 
<[EMAIL PROTECTED]> wrote:
>I think it's time to cut out this anti-semitic crap. It violates 
>the list
>charter and it's just embarrassing (to those who hold such hateful
>opinions). If you want to be complicit in hateful propaganda that 
>echoes
>that of the mindless Islamic fascism that is so rampant in many 
>parts of
>the world, then so be it (best of luck with that). But pls do so 
>outside of
>the context of this list, or better yet, not at all.
>
>- G
>
>
>- Original Message - 
>From: "Joey Mengele" <[EMAIL PROTECTED]>
>To: ; <[EMAIL PROTECTED]>
>Sent: Friday, May 09, 2008 11:14 AM
>Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, 
>Issue 20
>
>
>> Dead Roberts,
>>
>> On Fri, 09 May 2008 10:36:43 -0400 Jesse Bacon
>> <[EMAIL PROTECTED]> wrote:
>>>Listen you self righteous, do-nothing, uninformed,  sheeps arse.
>>>Misquoting  verses from the old testament  and adding in  little
>>>bits  of
>>>your own fascism doesn't show anybody how much of a scholar you
>>>are.  Jews
>>>are taught to respect their fellow man and protect the innocent.
>>>Thats
>>>that.  Please keep your ignorance off of this list because we 
>are
>>>trying to
>>>support the freedom of information,  not your right to make 
>people
>>>listen to
>>>your bigoted rantings.  Serious developers and scholars unite!
>>>Its time to
>>>use our resources (such as this list and the people that read 
>it!)
>>>to start
>>>making a difference.  I am not saying you should leave the 
>group,
>>>I'm just
>>>saying unless you are posting something useful save it for 
>someone
>>>who gives
>>>a shit what you think...a social forum for example.  By the way,
>>>you have
>>>late fees at Blockbuster. Peace cracker!
>>>
>>
>> Blockbuster doesn't have late fees "cracker". But even if they 
>did
>> that shit wouldn't have been clever.
>>
>> J
>> "Fuck Zionism and Fuck You Too" - Linus Torvalds
>>
>> --
>> Scan, remove and block Spyware. Click now!
>> 
>http://tagline.hushmail.com/fc/Ioyw6h4dKPZm5aRPFtB8frEnkhBe6o3e9BHW
>nZRz91
>> W9QFrEyGGDzC/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/

--
Travel cheap, travel smart.  Save now!  Click Here.
http://tagline.hushmail.com/fc/Ioyw6h4dxvWnTb6VHMwcsTkoPrIjSOB4MM8mIZV3QAbimcLhEgHTvi/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Garrett M. Groff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

There are Muslims and then there are Islamic fascists. You seem to think
they are the same thing, which doesn't exactly point to strong analytical
skills on your part. Or were you just using inflammatory rhetoric?

Flame away, if you must...

- - G



- - - Original Message - 
From: "Joey Mengele" <[EMAIL PROTECTED]>
To: ; <[EMAIL PROTECTED]>
Sent: Friday, May 09, 2008 3:45 PM
Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20


> Dead Groff,
>
> Please keep your anti Muslim rants off list.
>
> J
>
> On Fri, 09 May 2008 11:33:05 -0400 "Garrett M. Groff"
> <[EMAIL PROTECTED]> wrote:
>>I think it's time to cut out this anti-semitic crap. It violates
>>the list
>>charter and it's just embarrassing (to those who hold such hateful
>>opinions). If you want to be complicit in hateful propaganda that
>>echoes
>>that of the mindless Islamic fascism that is so rampant in many
>>parts of
>>the world, then so be it (best of luck with that). But pls do so
>>outside of
>>the context of this list, or better yet, not at all.
>>
>>- G
>>
>>
>>- Original Message - 
>>From: "Joey Mengele" <[EMAIL PROTECTED]>
>>To: ; <[EMAIL PROTECTED]>
>>Sent: Friday, May 09, 2008 11:14 AM
>>Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39,
>>Issue 20
>>
>>
>>> Dead Roberts,
>>>
>>> On Fri, 09 May 2008 10:36:43 -0400 Jesse Bacon
>>> <[EMAIL PROTECTED]> wrote:
Listen you self righteous, do-nothing, uninformed,  sheeps arse.
Misquoting  verses from the old testament  and adding in  little
bits  of
your own fascism doesn't show anybody how much of a scholar you
are.  Jews
are taught to respect their fellow man and protect the innocent.
Thats
that.  Please keep your ignorance off of this list because we
>>are
trying to
support the freedom of information,  not your right to make
>>people
listen to
your bigoted rantings.  Serious developers and scholars unite!
Its time to
use our resources (such as this list and the people that read
>>it!)
to start
making a difference.  I am not saying you should leave the
>>group,
I'm just
saying unless you are posting something useful save it for
>>someone
who gives
a shit what you think...a social forum for example.  By the way,
you have
late fees at Blockbuster. Peace cracker!

>>>
>>> Blockbuster doesn't have late fees "cracker". But even if they
>>did
>>> that shit wouldn't have been clever.
>>>
>>> J
>>> "Fuck Zionism and Fuck You Too" - Linus Torvalds
>>>
>>> --
>>> Scan, remove and block Spyware. Click now!
>>>
>>http://tagline.hushmail.com/fc/Ioyw6h4dKPZm5aRPFtB8frEnkhBe6o3e9BHW
>>nZRz91
>>> W9QFrEyGGDzC/
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>
> --
> Disease Information Online - Click here!
> http://tagline.hushmail.com/fc/Ioyw6h4fNEriRSyrWZqPQCQT85IROCqM2m1YwOSku2
> qoXNvCj1qelp/
>

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.6.2 (Build 2014) - not licensed for commercial use: 
www.pgp.com

wj8DBQFIJLMaSGIRT5oVahwRAvTYAJ9f7Ydk30vx853JsE90HO1fvOrRlwCggfpA
DAceMzm6u0ngyAaGLsiFGO4=
=wmWj
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Erik Harrison]

just add 'joey.mengele <[EMAIL PROTECTED]>' to the same filter as
you have setup with n3td3v to fling this sort of trash into your deleted
email folder. it helps.

On Fri, May 9, 2008 at 4:25 PM, Garrett M. Groff <[EMAIL PROTECTED]>
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> There are Muslims and then there are Islamic fascists. You seem to think
> they are the same thing, which doesn't exactly point to strong analytical
> skills on your part. Or were you just using inflammatory rhetoric?
>
> Flame away, if you must...
>
> - - G
>
>
>
> - - - Original Message -
> From: "Joey Mengele" <[EMAIL PROTECTED]>
> To: ; <[EMAIL PROTECTED]>
> Sent: Friday, May 09, 2008 3:45 PM
> Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20
>
>
> > Dead Groff,
> >
> > Please keep your anti Muslim rants off list.
> >
> > J
> >
> > On Fri, 09 May 2008 11:33:05 -0400 "Garrett M. Groff"
> > <[EMAIL PROTECTED]> wrote:
> >>I think it's time to cut out this anti-semitic crap. It violates
> >>the list
> >>charter and it's just embarrassing (to those who hold such hateful
> >>opinions). If you want to be complicit in hateful propaganda that
> >>echoes
> >>that of the mindless Islamic fascism that is so rampant in many
> >>parts of
> >>the world, then so be it (best of luck with that). But pls do so
> >>outside of
> >>the context of this list, or better yet, not at all.
> >>
> >>- G
> >>
> >>
> >>- Original Message -
> >>From: "Joey Mengele" <[EMAIL PROTECTED]>
> >>To: ; <[EMAIL PROTECTED]>
> >>Sent: Friday, May 09, 2008 11:14 AM
> >>Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39,
> >>Issue 20
> >>
> >>
> >>> Dead Roberts,
> >>>
> >>> On Fri, 09 May 2008 10:36:43 -0400 Jesse Bacon
> >>> <[EMAIL PROTECTED]> wrote:
> Listen you self righteous, do-nothing, uninformed,  sheeps arse.
> Misquoting  verses from the old testament  and adding in  little
> bits  of
> your own fascism doesn't show anybody how much of a scholar you
> are.  Jews
> are taught to respect their fellow man and protect the innocent.
> Thats
> that.  Please keep your ignorance off of this list because we
> >>are
> trying to
> support the freedom of information,  not your right to make
> >>people
> listen to
> your bigoted rantings.  Serious developers and scholars unite!
> Its time to
> use our resources (such as this list and the people that read
> >>it!)
> to start
> making a difference.  I am not saying you should leave the
> >>group,
> I'm just
> saying unless you are posting something useful save it for
> >>someone
> who gives
> a shit what you think...a social forum for example.  By the way,
> you have
> late fees at Blockbuster. Peace cracker!
> 
> >>>
> >>> Blockbuster doesn't have late fees "cracker". But even if they
> >>did
> >>> that shit wouldn't have been clever.
> >>>
> >>> J
> >>> "Fuck Zionism and Fuck You Too" - Linus Torvalds
> >>>
> >>> --
> >>> Scan, remove and block Spyware. Click now!
> >>>
> >>http://tagline.hushmail.com/fc/Ioyw6h4dKPZm5aRPFtB8frEnkhBe6o3e9BHW
> >>nZRz91
> >>> W9QFrEyGGDzC/
> >>>
> >>> ___
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >
> > --
> > Disease Information Online - Click here!
> >
> http://tagline.hushmail.com/fc/Ioyw6h4fNEriRSyrWZqPQCQT85IROCqM2m1YwOSku2
> > qoXNvCj1qelp/
> >
>
> -BEGIN PGP SIGNATURE-
> Version: PGP Desktop 9.6.2 (Build 2014) - not licensed for commercial use:
> www.pgp.com
>
> wj8DBQFIJLMaSGIRT5oVahwRAvTYAJ9f7Ydk30vx853JsE90HO1fvOrRlwCggfpA
> DAceMzm6u0ngyAaGLsiFGO4=
> =wmWj
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] XSS and CSRF vulnerability on cPanel 11

[Matteo Carli]

1. DESCRIPTION OF THE SOFTWARE

cPanel is a hosting automation tool.
WHM interface provides access to the heart of the cPanel and WHM package
and allows a Server Administrator to simply configure a few options and
be on their way to hosting web sites.

2. DESCRIPTION OF THE VULNERABILITY

There are XSS (identified by CVE-2008-2070) and CSRF (identified by
CVE-2008-2071) vulnerabilities on cPanel software.

On WHM there is a simple pattern for XSS defense, but this function
is not well implemented so it's possible to bypass it using a simple
cheat. This is a simple proof of concept:

  >><<<

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

gmgdesign,

What is the difference between being prejudiced against islamist 
fascists and being prejudiced against the jews? I await your 
analytical response.

J

On Fri, 09 May 2008 16:25:18 -0400 "Garrett M. Groff" 
<[EMAIL PROTECTED]> wrote:
>There are Muslims and then there are Islamic fascists. You seem to 
>think
>they are the same thing, which doesn't exactly point to strong 
>analytical
>skills on your part. Or were you just using inflammatory rhetoric?
>
>Flame away, if you must...
>
>- G
>
>
>
>- - Original Message - 
>From: "Joey Mengele" <[EMAIL PROTECTED]>
>To: ; <[EMAIL PROTECTED]>
>Sent: Friday, May 09, 2008 3:45 PM
>Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, 
>Issue 20
>
>
>> Dead Groff,
>>
>> Please keep your anti Muslim rants off list.
>>
>> J
>>
>> On Fri, 09 May 2008 11:33:05 -0400 "Garrett M. Groff"
>> <[EMAIL PROTECTED]> wrote:
>>>I think it's time to cut out this anti-semitic crap. It violates
>>>the list
>>>charter and it's just embarrassing (to those who hold such 
>hateful
>>>opinions). If you want to be complicit in hateful propaganda 
>that
>>>echoes
>>>that of the mindless Islamic fascism that is so rampant in many
>>>parts of
>>>the world, then so be it (best of luck with that). But pls do so
>>>outside of
>>>the context of this list, or better yet, not at all.
>>>
>>>- G
>>>
>>>
>>>- Original Message - 
>>>From: "Joey Mengele" <[EMAIL PROTECTED]>
>>>To: ; 
><[EMAIL PROTECTED]>
>>>Sent: Friday, May 09, 2008 11:14 AM
>>>Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39,
>>>Issue 20
>>>
>>>
 Dead Roberts,

 On Fri, 09 May 2008 10:36:43 -0400 Jesse Bacon
 <[EMAIL PROTECTED]> wrote:
>Listen you self righteous, do-nothing, uninformed,  sheeps 
>arse.
>Misquoting  verses from the old testament  and adding in  
>little
>bits  of
>your own fascism doesn't show anybody how much of a scholar 
>you
>are.  Jews
>are taught to respect their fellow man and protect the 
>innocent.
>Thats
>that.  Please keep your ignorance off of this list because we
>>>are
>trying to
>support the freedom of information,  not your right to make
>>>people
>listen to
>your bigoted rantings.  Serious developers and scholars unite!
>Its time to
>use our resources (such as this list and the people that read
>>>it!)
>to start
>making a difference.  I am not saying you should leave the
>>>group,
>I'm just
>saying unless you are posting something useful save it for
>>>someone
>who gives
>a shit what you think...a social forum for example.  By the 
>way,
>you have
>late fees at Blockbuster. Peace cracker!
>

 Blockbuster doesn't have late fees "cracker". But even if they
>>>did
 that shit wouldn't have been clever.

 J
 "Fuck Zionism and Fuck You Too" - Linus Torvalds

 --
 Scan, remove and block Spyware. Click now!

>>>http://tagline.hushmail.com/fc/Ioyw6h4dKPZm5aRPFtB8frEnkhBe6o3e9B
>HW
>>>nZRz91
 W9QFrEyGGDzC/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
>>
>> --
>> Disease Information Online - Click here!
>> 
>http://tagline.hushmail.com/fc/Ioyw6h4fNEriRSyrWZqPQCQT85IROCqM2m1Y
>wOSku2
>> qoXNvCj1qelp/
>>

--
Bills adding up? Click here for free information on payday loans.
http://tagline.hushmail.com/fc/Ioyw6h4d80oKLhw8KjUBCU7YU6B1o2fZIE9CKxPzNLTp1HK2aBZgkY/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Valdis . Kletnieks]

On Fri, 09 May 2008 18:49:41 EDT, Joey Mengele said:
> gmgdesign,
> 
> What is the difference between being prejudiced against islamist 
> fascists and being prejudiced against the jews? I await your 
> analytical response.

"islamic fascists" is a (probably null) subset of "muslims", while
"jews" is not a similar small subset of itself.

I suppose it would be silly to point out that "fascism" has a totally different
goalset than "islamic fundamentalists", with an even bigger divergence of
philosophy than the Shiite-Sunni rift...



pgpP6JwUvYuY9.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

Dear Valdis,

What is your point?

And you should elaborate on the claim that islamic fascists aren't 
a subset of muslims. I would like you to show your work please, so 
I can see how you arrived at the conclusion that muslims are not 
muslims LOLOLOL.

J

On Fri, 09 May 2008 19:24:33 -0400 [EMAIL PROTECTED] wrote:
>On Fri, 09 May 2008 18:49:41 EDT, Joey Mengele said:
>> gmgdesign,
>> 
>> What is the difference between being prejudiced against islamist 
>
>> fascists and being prejudiced against the jews? I await your 
>> analytical response.
>
>"islamic fascists" is a (probably null) subset of "muslims", while
>"jews" is not a similar small subset of itself.
>
>I suppose it would be silly to point out that "fascism" has a 
>totally different
>goalset than "islamic fundamentalists", with an even bigger 
>divergence of
>philosophy than the Shiite-Sunni rift...

--
Need cash? Apply now for a credit loan with fast approval.
http://tagline.hushmail.com/fc/Ioyw6h4d9GyaVygaHZTpj53hoyWCyeDEZqFrSL3cLOygtiJMXCLHiY/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Andrew A]

Violence and fascism is not at the core of Islamic law.

Parasitism, theft, and fraud is central to the covenant of the Jews.

That is the difference. To be a Jew is to be a thief. To be a Muslim is to
be honorable.

On Fri, May 9, 2008 at 4:24 PM, <[EMAIL PROTECTED]> wrote:

> On Fri, 09 May 2008 18:49:41 EDT, Joey Mengele said:
> > gmgdesign,
> >
> > What is the difference between being prejudiced against islamist
> > fascists and being prejudiced against the jews? I await your
> > analytical response.
>
> "islamic fascists" is a (probably null) subset of "muslims", while
> "jews" is not a similar small subset of itself.
>
> I suppose it would be silly to point out that "fascism" has a totally
> different
> goalset than "islamic fundamentalists", with an even bigger divergence of
> philosophy than the Shiite-Sunni rift...
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

Also, I got this for you Valdis, scholarly source WikiPedia to 
teach you about set theory since you went through all that trouble 
to read 9 RFCs for me:

http://en.wikipedia.org/wiki/Set_theory
http://en.wikipedia.org/wiki/Subset

"Any set is a subset of itself, but not a proper subset." - 
WikiPedia

You see, jews are a subset of jews. LOLOLOL, check your work!

J

On Fri, 09 May 2008 19:24:33 -0400 [EMAIL PROTECTED] wrote:
>On Fri, 09 May 2008 18:49:41 EDT, Joey Mengele said:
>> gmgdesign,
>> 
>> What is the difference between being prejudiced against islamist 
>
>> fascists and being prejudiced against the jews? I await your 
>> analytical response.
>
>"islamic fascists" is a (probably null) subset of "muslims", while
>"jews" is not a similar small subset of itself.
>
>I suppose it would be silly to point out that "fascism" has a 
>totally different
>goalset than "islamic fundamentalists", with an even bigger 
>divergence of
>philosophy than the Shiite-Sunni rift...

--
Save on Cell Phones. Click Now!
http://tagline.hushmail.com/fc/Ioyw6h4eWoQv7RZFVtYHUA43jntsRC6xSCo3OU71UAAI2yfT5omfUU/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Valdis . Kletnieks]

On Fri, 09 May 2008 19:38:24 EDT, Joey Mengele said:
> Also, I got this for you Valdis, scholarly source WikiPedia to 
> teach you about set theory since you went through all that trouble 
> to read 9 RFCs for me:
> 
> http://en.wikipedia.org/wiki/Set_theory
> http://en.wikipedia.org/wiki/Subset
> 
> "Any set is a subset of itself, but not a proper subset." - 
> WikiPedia
> 
> You see, jews are a subset of jews. LOLOLOL, check your work!

You need to read more carefully.  I didn't say "jews" wasn't a subset of itself,
I said that "jews" wasn't a *SMALL* subset of itself the way "islamic
fascists" is a small (possibly empty) subset of "muslims".


pgpWJtXNO2CyQ.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

Valdis,

Please show the theorems you used to arrive at this conclusion.

J

On Fri, 09 May 2008 19:41:18 -0400 [EMAIL PROTECTED] wrote:
>On Fri, 09 May 2008 19:38:24 EDT, Joey Mengele said:
>> Also, I got this for you Valdis, scholarly source WikiPedia to 
>> teach you about set theory since you went through all that 
>trouble 
>> to read 9 RFCs for me:
>> 
>> http://en.wikipedia.org/wiki/Set_theory
>> http://en.wikipedia.org/wiki/Subset
>> 
>> "Any set is a subset of itself, but not a proper subset." - 
>> WikiPedia
>> 
>> You see, jews are a subset of jews. LOLOLOL, check your work!
>
>You need to read more carefully.  I didn't say "jews" wasn't a 
>subset of itself,
>I said that "jews" wasn't a *SMALL* subset of itself the way 
>"islamic
>fascists" is a small (possibly empty) subset of "muslims".

--
Click to find deals on GPS Systems, don't get lost.
http://tagline.hushmail.com/fc/Ioyw6h4eWUEOtC14JfEm5C6Z2pKsaz00lLtOZ2H9kYpLV0Xhc7kEg4/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

Valdis,

Furthermore, using scholarly resource WikiPedia, I have been able 
to find more flaw in your statement. As it turns out, the jews 
actually *are* a small subset:

http://en.wikipedia.org/wiki/Jewish_population

That is small dude! LOLOL.

Now, we both have accepted that any set is a subset of itself, it 
is now proven that jews are a small subset of jews. QED AKA LOLOL.

J

On Fri, 09 May 2008 19:41:18 -0400 [EMAIL PROTECTED] wrote:
>On Fri, 09 May 2008 19:38:24 EDT, Joey Mengele said:
>> Also, I got this for you Valdis, scholarly source WikiPedia to 
>> teach you about set theory since you went through all that 
>trouble 
>> to read 9 RFCs for me:
>> 
>> http://en.wikipedia.org/wiki/Set_theory
>> http://en.wikipedia.org/wiki/Subset
>> 
>> "Any set is a subset of itself, but not a proper subset." - 
>> WikiPedia
>> 
>> You see, jews are a subset of jews. LOLOLOL, check your work!
>
>You need to read more carefully.  I didn't say "jews" wasn't a 
>subset of itself,
>I said that "jews" wasn't a *SMALL* subset of itself the way 
>"islamic
>fascists" is a small (possibly empty) subset of "muslims".

--
Click to find the latest solutions to enhance your small business.
http://tagline.hushmail.com/fc/Ioyw6h4eDJdVO4MMMaVuY4qK6Ndkh410rG2uFwEDxwpeZzYx3OdTdu/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ZF04 has been released!

[robert . lemos]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I, Robert Lemos (see robertlemos.com, I need hits!) have
collaborated with the ZF0 team to bring you this piece. Check out
my blog or milw0rm or http://cypher0.h18.ru//zf04.txt for more
information! I am talking to SecurityFocus about making it a
featured item, so don't forget to check securityfocus.com and
robertlemos.com for further details in the upcoming weeks!

Thank you dearies,

Bobby "Bologna" Lemos
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkgk4AAACgkQtbZn08vCLooplwP/Set7Imb1vbZtkX7buSkGktGUpL7G
PVfrn88A6N9D6z4wIB1UdI96BsVb363796GPcSOJzhj2r0uy3F1n42pfYGBr4d3wbaWI
l1EKrXY2C3H5Vo+0YzpJjP0Eqe9DUsr83yq8HtG4HQh1k85h2TMBkthea0SiMcCswS6J
/0nzuIc=
=ptzm
-END PGP SIGNATURE-

--
Click here for great computer networking solutions!
http://tagline.hushmail.com/fc/Ioyw6h4fM6mvm22pKuAv9YE3cXfm4EFzw7YIxZJFl64pMMqcSZt5tm/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ZF04 has been released!

[robert . lemos]

I, Robert Lemos (see robertlemos.com, I need hits!) have
collaborated with the ZF0 team to bring you this piece. Check out
my blog or milw0rm or http://cypher0.h18.ru//zf04.txt for more
information! I am talking to SecurityFocus about making it a
featured item, so don't forget to check securityfocus.com and
robertlemos.com for further details in the upcoming weeks!

Thank you dearies,

Bobby "Bologna" Lemos

--
Need cash? Apply now for a credit loan with fast approval.
http://tagline.hushmail.com/fc/Ioyw6h4d9Gyiv6nESV9TAQBvCr8C4r1hkqmjBFVGxTf92DBCslgqSE/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Happy Birthday Israel!

[Andrew A]

How do you know what Jews are taught? Do you know Hebrew? Are you a Jew?
Have you read the Torah and the Talmud front to back?

I am not misquoting verses from the old testament. I am copying them
unaltered from the KJV translation, not taking them out of context, with the
chapter and verse provided so that people who doubt my words may check for
themselves. There is absolutely no ambiguity to the commandments of Moses to
eradicate non-Jews.

On Fri, May 9, 2008 at 7:35 AM, Jesse Bacon <[EMAIL PROTECTED]> wrote:

>
> Listen you self righteous, do-nothing, uninformed,  sheeps arse.
> Misquoting  verses from the old testament  and adding in  little  bits  of
> your own fascism does show anybody how much of a scholar you are.  Jews are
> taught to respect their fellow man and protect the innocent.  Thats that.
> Please keep your ignorance off of this list because we are trying to support
> the freedom of information,  not your right to make people listen to your
> bigoted rantings.  Serious developers and scholars unite!  Its time to use
> our resources (such as this list and the people that read it!) to start
> making a difference.  I am not saying you should leave the group,  I'm just
> saying unless you are posting something useful save it for someone who gives
> a shit what you think...a social forum for example.  By the way, you have
> late fees at Blockbuster. Peace cracker!
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[scott]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joey Mengele wrote:
| Valdis,
|
| Furthermore, using scholarly resource WikiPedia, I have been able
| to find more flaw in your statement. As it turns out, the jews
| actually *are* a small subset:
|
| http://en.wikipedia.org/wiki/Jewish_population
|
| That is small dude! LOLOL.
|
| Now, we both have accepted that any set is a subset of itself, it
| is now proven that jews are a small subset of jews. QED AKA LOLOL.
|
| J
|
| On Fri, 09 May 2008 19:41:18 -0400 [EMAIL PROTECTED] wrote:
|> On Fri, 09 May 2008 19:38:24 EDT, Joey Mengele said:
|>> Also, I got this for you Valdis, scholarly source WikiPedia to
|>> teach you about set theory since you went through all that
|> trouble
|>> to read 9 RFCs for me:
|>>
|>> http://en.wikipedia.org/wiki/Set_theory
|>> http://en.wikipedia.org/wiki/Subset
|>>
|>> "Any set is a subset of itself, but not a proper subset." -
|>> WikiPedia
|>>
|>> You see, jews are a subset of jews. LOLOLOL, check your work!
|> You need to read more carefully. I didn't say "jews" wasn't a
|> subset of itself,
|> I said that "jews" wasn't a *SMALL* subset of itself the way
|> "islamic
|> fascists" is a small (possibly empty) subset of "muslims".
|
| --
| Click to find the latest solutions to enhance your small business.
| 
http://tagline.hushmail.com/fc/Ioyw6h4eDJdVO4MMMaVuY4qK6Ndkh410rG2uFwEDxwpeZzYx3OdTdu/
|
| ___
| Full-Disclosure - We believe in it.
| Charter: http://lists.grok.org.uk/full-disclosure-charter.html
| Hosted and sponsored by Secunia - http://secunia.com/
|
This whole list has now gotten used to attacks and other BS.

So everyone joins in on others' BS.

Jees. Welcome to the 'Jerry Springer' of sec!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSCTpKStWFGFGzKRfAQKj4w//TrtN8JX95M056OSqbYhOAQQuKLq+hcnc
Xe0XZvC5lfW6zVsnC2Vi1bsj/6WcpGO32YUVewyCnJlt2i9brRXQNgQ2JQpAqAyO
McR625s880J+pJqzKsajmgULJRqh1mmTeoBOPRbH9Ej/JmjgXLyPrkbDcWPzaDdV
MBHZ7+9IUC2IqIyb09XJpPzCDZp6nrmxhfLqOILaMVoV2Qgm4l/uqP6dI0FuLp4x
UiA4mDCHadhkJTJI3RM0nwEfdN0Rll/oCcCAUSZ1PAnA2GZYxoHTQS6S2qMBmtLj
2KHnKzO0uPkHcFCSpfdyDRwi5Nswz4hGkVs4efVYts9kFa+/PzqFLJuZaDyuHqTa
LIU+HD79Z1oMnJKi5twL17zCTdcx1dDQnJkE6ypxL9H9UYdxhuvF6GPfQy7ZLOUL
wZsOV8FybLvEyX0YfQCzX7uELza7CmNRDzIQyIO7ClKcOyz+/dGz4atRJdDq8NZ4
yBc0vp2J8Z9UOQKrHECAI9IrLQMMUWHf/Poo6nsMf9U6iCQ4NPq/5IR1aJ7ZzTHv
OWcV26BOIL/Y8lgBqKtz7U1TbpLGOA3UIsFeKq4qGNRZfdtH7GlXAM2nHtj3Er/Q
SZsN99b2PjGUw1o2WE87OjHwG3bgrpixFbE1cCVHivNxvbEvo7/x4iRe0eaKDXcj
yiki/8qlPZ4=
=XAt9
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[coderman]

On Fri, May 9, 2008 at 4:50 PM, Joey Mengele <[EMAIL PROTECTED]> wrote:
> ...
> Now, we both have accepted that any set is a subset of itself,...
> QED AKA LOLOL.
>
> J

Dear Dr. Joey J Mengele, PhD.:

while attempting to disprove this assertion of yours, i came across an
unexpected fact that is not only shocking but also self evident with
surprising clarity.

given the set of humans with the ability to write,

and given the set of humans who post more than three responses to a
thread on Full-Disclosure,

and given the set of humans whom I would enjoy beating into a swollen
bloody pulp with my bare fists,

i discovered that not only are the latter two sets a subset of the
first, but they are also near identical sets!!


i have also devised a theory well supported by the available data that
unless corrective measures are taken, the size of all sets mentioned
above will trend toward infinity.

would you kindly provide me your street address and photograph while i
tape up my knuckles and dust off that old lead fist pack?  n3t4rd was
at least proactive enough to seed the net with the requisite details
prior to my embarking on this righteous mission.

thank you good doctor,

best regards.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] ZF04 has been released!

[Professor Micheal Chatner]

This is a great security document. This is what we are talking about
when we talk about full disclosure. Keep up the great work Mr. Robert
Lemos! It's from the tireless efforts of security researchers such as
you that we can keep up the fight for disclosing things fully.

-- Professor Micheal Chatner, M.D., CISSP

On Fri, May 9, 2008 at 5:11 PM,  <[EMAIL PROTECTED]> wrote:
> I, Robert Lemos (see robertlemos.com, I need hits!) have
> collaborated with the ZF0 team to bring you this piece. Check out
> my blog or milw0rm or http://cypher0.h18.ru//zf04.txt for more
> information! I am talking to SecurityFocus about making it a
> featured item, so don't forget to check securityfocus.com and
> robertlemos.com for further details in the upcoming weeks!
>
> Thank you dearies,
>
> Bobby "Bologna" Lemos
>
> --
> Need cash? Apply now for a credit loan with fast approval.
> http://tagline.hushmail.com/fc/Ioyw6h4d9Gyiv6nESV9TAQBvCr8C4r1hkqmjBFVGxTf92DBCslgqSE/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20

[Joey Mengele]

Dear Codeman,

>
>would you kindly provide me your street address and photograph 
>while i
>tape up my knuckles and dust off that old lead fist pack?  n3t4rd 
>was
>at least proactive enough to seed the net with the requisite 
>details
>prior to my embarking on this righteous mission.

Only faggots tape up their knuckles.

>
>thank you good doctor,
>
>best regards.

J
"I am taping up my knuckles and threatening violence on the 
internet" -  Faggot

--
Click to see huge collection of discounted designer watches.
http://tagline.hushmail.com/fc/Ioyw6h4dibSY7QQfLcogbpLMt5q1eEpEWGsHpWBKRVlHLcZi0nsRY0/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Joey, joey, joey...

[Joey Mengele]

*GO* shoot up.

On Fri, 09 May 2008 21:46:08 -0400 [EMAIL PROTECTED] wrote:
>Why make such an asshat of yourself. You don't remeber me, but 
>
>I know who you are. We are closer than you think. Remember when 
>you 
>
>fucked up? Now be an adult and come on out and admit to the list 
>that you are 2 things, 1-a hater and 2- a pussy. 
> Stay tuned FD as we begin to reveal the mystery behind Dr. 
>Mengele.
> I would love to see you give out your details to coderman 
>before I do.
>   UK Bastid 
>   
>
>--
>Click here to find the rental car that fits your needs.
>http://tagline.hushmail.com/fc/Ioyw6h4eRvEJAGIQ3tqBAGveJV4mAYOnxieV
>Xqf5rgqSx1KmjIvubH/

--
Click to see huge collection of discounted designer watches.
http://tagline.hushmail.com/fc/Ioyw6h4dibSqdJEvmVEtXk6j3S1pNbVLfqwVpALGVcg6OPWmiezccY/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Joey, joey, joey...

[Professor Micheal Chatner]

Will someone tell me what *ANY* of this has to do with full
disclosure? WILL SOMEONE PLEASE TELL ME?!?!

-- Professor Micheal Chatner, M.D., CISSP?

On Fri, May 9, 2008 at 8:05 PM, Joey Mengele <[EMAIL PROTECTED]> wrote:
> *GO* shoot up.
>
> On Fri, 09 May 2008 21:46:08 -0400 [EMAIL PROTECTED] wrote:
>>Why make such an asshat of yourself. You don't remeber me, but
>>
>>I know who you are. We are closer than you think. Remember when
>>you
>>
>>fucked up? Now be an adult and come on out and admit to the list
>>that you are 2 things, 1-a hater and 2- a pussy.
>> Stay tuned FD as we begin to reveal the mystery behind Dr.
>>Mengele.
>> I would love to see you give out your details to coderman
>>before I do.
>>   UK Bastid
>>
>>
>>--
>>Click here to find the rental car that fits your needs.
>>http://tagline.hushmail.com/fc/Ioyw6h4eRvEJAGIQ3tqBAGveJV4mAYOnxieV
>>Xqf5rgqSx1KmjIvubH/
>
> --
> Click to see huge collection of discounted designer watches.
> http://tagline.hushmail.com/fc/Ioyw6h4dibSqdJEvmVEtXk6j3S1pNbVLfqwVpALGVcg6OPWmiezccY/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Joey, joey, joey...

[Jonathan Miles]

Hi Professor "I can never have to many cocks in my mouth at one time",

Glad to see you're doing well...

Sincerely,
~J


On Fri, May 9, 2008 at 10:17 PM, Professor Micheal Chatner <
[EMAIL PROTECTED]> wrote:

> Will someone tell me what *ANY* of this has to do with full
> disclosure? WILL SOMEONE PLEASE TELL ME?!?!
>
> -- Professor Micheal Chatner, M.D., CISSP?
>
> On Fri, May 9, 2008 at 8:05 PM, Joey Mengele <[EMAIL PROTECTED]>
> wrote:
> > *GO* shoot up.
> >
> > On Fri, 09 May 2008 21:46:08 -0400 [EMAIL PROTECTED] wrote:
> >>Why make such an asshat of yourself. You don't remeber me, but
> >>
> >>I know who you are. We are closer than you think. Remember when
> >>you
> >>
> >>fucked up? Now be an adult and come on out and admit to the list
> >>that you are 2 things, 1-a hater and 2- a pussy.
> >> Stay tuned FD as we begin to reveal the mystery behind Dr.
> >>Mengele.
> >> I would love to see you give out your details to coderman
> >>before I do.
> >>   UK Bastid
> >>
> >>
> >>--
> >>Click here to find the rental car that fits your needs.
> >>http://tagline.hushmail.com/fc/Ioyw6h4eRvEJAGIQ3tqBAGveJV4mAYOnxieV
> >>Xqf5rgqSx1KmjIvubH/
> >
> > --
> > Click to see huge collection of discounted designer watches.
> >
> http://tagline.hushmail.com/fc/Ioyw6h4dibSqdJEvmVEtXk6j3S1pNbVLfqwVpALGVcg6OPWmiezccY/
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Joey, joey, joey...

[Professor Micheal Chatner]

You probably don't even have a CISSP.

-- Professor Micheal Chatner, M.D., CISSP

On Fri, May 9, 2008 at 8:29 PM, Jonathan Miles
<[EMAIL PROTECTED]> wrote:
> Hi Professor "I can never have to many cocks in my mouth at one time",
>
> Glad to see you're doing well...
>
> Sincerely,
> ~J
>
>
> On Fri, May 9, 2008 at 10:17 PM, Professor Micheal Chatner
> <[EMAIL PROTECTED]> wrote:
>>
>> Will someone tell me what *ANY* of this has to do with full
>> disclosure? WILL SOMEONE PLEASE TELL ME?!?!
>>
>> -- Professor Micheal Chatner, M.D., CISSP?
>>
>> On Fri, May 9, 2008 at 8:05 PM, Joey Mengele <[EMAIL PROTECTED]>
>> wrote:
>> > *GO* shoot up.
>> >
>> > On Fri, 09 May 2008 21:46:08 -0400 [EMAIL PROTECTED] wrote:
>> >>Why make such an asshat of yourself. You don't remeber me, but
>> >>
>> >>I know who you are. We are closer than you think. Remember when
>> >>you
>> >>
>> >>fucked up? Now be an adult and come on out and admit to the list
>> >>that you are 2 things, 1-a hater and 2- a pussy.
>> >> Stay tuned FD as we begin to reveal the mystery behind Dr.
>> >>Mengele.
>> >> I would love to see you give out your details to coderman
>> >>before I do.
>> >>   UK Bastid
>> >>
>> >>
>> >>--
>> >>Click here to find the rental car that fits your needs.
>> >>http://tagline.hushmail.com/fc/Ioyw6h4eRvEJAGIQ3tqBAGveJV4mAYOnxieV
>> >>Xqf5rgqSx1KmjIvubH/
>> >
>> > --
>> > Click to see huge collection of discounted designer watches.
>> >
>> > http://tagline.hushmail.com/fc/Ioyw6h4dibSqdJEvmVEtXk6j3S1pNbVLfqwVpALGVcg6OPWmiezccY/
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>> >
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20 (very OT)

[Garrett M. Groff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Not silly to point that out at all. I borrowed the media term du jour
("Islamic fascists," or alternately, "Islamofascists"). I typically use the
term "Salafist radicals" since it's more technically correct and less
inflammatory (well, not necessarily on FD), but that term often
necessitates more explanation.

- - G


You wrote:
"islamic fascists" is a (probably null) subset of "muslims", while
"jews" is not a similar small subset of itself.

I suppose it would be silly to point out that "fascism" has a totally
different
goalset than "islamic fundamentalists", with an even bigger divergence of
philosophy than the Shiite-Sunni rift...


- - - Original Message - 
From: <[EMAIL PROTECTED]>
To: "Joey Mengele" <[EMAIL PROTECTED]>
Cc: ; <[EMAIL PROTECTED]>
Sent: Friday, May 09, 2008 7:24 PM
Subject: Re: [Full-disclosure] Full-Disclosure Digest, Vol 39, Issue 20


-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.6.2 (Build 2014) - not licensed for commercial use: 
www.pgp.com

wj8DBQFIJSa9SGIRT5oVahwRAqKGAJ9VbrmZxItPnDSdoG2TiRiqdjKUpACfZ2Ls
G5se4xLyQfBX6pgk/uE81XQ=
=eFNp
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/