[Full-disclosure] Gadi Evron is a troll
Gadi Evron is a troll ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fwd: 'Hospital risk' from radio tags
-- Forwarded message -- From: security news [EMAIL PROTECTED] Date: Sun, Jun 29, 2008 at 6:39 PM Subject: 'Hospital risk' from radio tags To: [EMAIL PROTECTED] Lifesaving equipment in hospitals may be switched off by radio-frequency devices used to track people and machines, Dutch scientists claim. Radio frequency identification devices (RFIDs) are on the rise in healthcare, helping identify patients, and reveal the location of equipment. The Journal of the American Medical Association study found they could interfere with machines. But NHS computer specialists said RFIDs could eventually make patients safer. There are two types of RFID, one which transmits information, and another, passive, device which can be read by a powered machine when it is held nearby. They are small and cheap enough to be in everyday use in society, in everything from security and travel cards - such as London Transport's Oystercard, to anti-theft devices on goods in shops, and hospitals are starting to become aware of their potential. At Heartlands Hospital in Birmingham, patients heading for the operating theatre wear an RFID wristband, so that even when anaesthetised, their full identity, including a picture, can be downloaded into a PDA held nearby. Turned off The latest research, conducted at Vrije University in Amsterdam, tested the effect of holding both passive and powered RFID systems close to 41 medical devices, including ventilators, syringe pumps, dialysis machines and pacemakers. A total of 123 tests, three on each machine, were carried out, and 34 produced an incident in which the RFID appeared to have an effect - 24 of which were deemed either significant or hazardous. In some tests, RFIDs either switched off or changed the settings on mechanical ventilators, completely stopped the working of syringe pumps, caused external pacemakers to malfunction, and halted dialysis machines. The device did not have to be held right up to the machine to make this happen - some hazardous incidents happened when the RFID was more than 10 inches away. Patient safety Dr Donald Berwick, from the Institute of Healthcare Improvement in Cambridge, Massachusetts, said: Design in isolation is risky - even the most seductive technology will interact in the tightly-coupled healthcare world in ways physicians and other members of the healthcare team had better understand, or they and their patients may pay a dear price. A spokesman for NHS Connecting for Health, which manages various IT projects across the health service, said that RFIDs had the potential to deliver big improvements in patient safety, reducing mistakes caused by the wrong identification of patients. She said: Any product such as this which is for use in a healthcare setting has to meet a standard which means it is very unlikely to interfere with medical equipment. This risk is more likely to come from RFID tags from other sources - such as a travel card, a tag on clothing, or on another retail item. A spokesman for the Medicines and Healthcare Products Regulatory Agency said that, as for mobile phone use, individual Trusts needed to make risk assessments about the use of RFIDs. He said: Despite much debate in the literature on the subject of electromagnetic interference (EMI) of medical devices by mobile telephones and other sources of radiofrequency transmission, the MHRA has received very few reports of adverse events caused by this problem over the last seven years or so. Of those incidents reported, only a very small number have been proven to be as a direct result of EMI. http://news.bbc.co.uk/1/hi/health/7471008.stm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Mobile phone agenda time for security community
Its time to shift to mobile security, i'm sick of everything else, its just repeats of everything on the mailing list. We need a new focus guys, let's look at mobile, radio frequency, chip, hardware hack technologies. That's the biggest prime concern for the government that hack vectors are going to move into the mobile, radio frequency, chip, hardware side of things, because its what the government and the intelligence services rely on to bug people and / or to communicate with each other. Don't make it a vulnerability for just say for the iPhone, its got to be a hack thats compatible on multi networks, model devices to make it hardcore. Nobody gives a fuck about iPhone jailbreaks like c0ntex did, thats gay. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Let's make a spy-proof communications infrastructure
Colleagues: It is unworthy that people should be spending energy criticizing others' qualifications, personal habits, ancestry and destination (as the wording goes). I suspect that something much more useful can be possibly facilitated here (and elsewhere if anyone feels like it). Let me suggest that it should be possible to construct something like a cell phone network which will run like a peer to peer network, with routing determined heuristically and pretty much unpredictably, with message encryption, and with small enough electronics to package in something no larger than current cell phones. The current designs we have are the creatures of the old phone companies and presume things go through central offices. This has led to intrusions into user privacy by crooks and governments, and tends to make all manner of information we might not care to publish become effectively wide open to anyone who cares to steal it. However, consider that many internet p2p networks have been worked out (and are still being) to hide some of this. Consider that the old usenet protocol has no idea of global source or destination (though its flood fill algorithm is I suspect way too slow, still, to be used for messaging or voice traffic). If a network is designed so that every member only has some idea of its neighbors and which of them might be closer to the desired endpoint than it is, each node only has or needs a very local idea of addressing - something that might be relatively useless to central authorities or to crooks. The electronics to receive and send messages locally can be made very small and cheap. There are low power CPUs from places like TI and Atmel that run on microwatts, and WWV receivers can be had for $1 in chip form in bulk (per messages I have gotten). We have GPS boxes that you hold in your hand able to receive satellite transmissions. A few years back this would have been thought energetically impossible. If we devised some private communicator, it might expect to function in a very large net so long as some path existed to other communicators. While truly global routing might require some relays to bridge areas with few people, in urban areas and quite a few not-so-urban ones direct communication should be workable, at low enough power on any single frequency (yeah, make it spread spectrum) that formal licensing would not be needed. It should be noted that the address of any such system need not be fixed for huge times. To the extent you can get the systems to read, say, a time synchronization signal, systems might simply pick new addresses out of a suitably long number space. (If this is truly random, address collisions might be made so rare they can be ignored.) This would mean routing would need to be recomputed locally every so often but would make the notion of global address pretty well meaningless and unpredictable. (Use a heat source perhaps to generate random bits, so the randomness is from thermal noise. Nobody will be able to steal a key and figure the next address, or the last...). If a broadcast were available so each unit could sense nearby ones (where you make nearby as far away as you can) the constantly changing addresses won't cause problems discovering what else exists. If you have to scan an area, such discovery could be unsecurable. While I mention discovering where one is on a mesh, this might be tried with and without actual geographic coordinates. Nearness measured by a Hamming distance could be used for routing also. It might not be as efficient but if it worked it would mean routing gave eavesdroppers no hint as to physical location of anyone. If we want to keep private conversations private, this seems like a good thing. Authenticating people is I think separable from this; I have some other schemes to handle that. For a communicator, encryption should basically make traffic snooping impossible and make routing snooping infeasible even with adversaries who listen to a lot of traffic. The lessons of Blackberry should be heeded here: make the encryption all end to end, not step by step, with no backdoors built in and with open source code so tampering with these principles can be quickly caught and negated. Building such gadgets would be paid for by people wanting to use them, but note that the necessary infrastructure is just the existence of a large bunch of these things being used, sitting on peoples' belts or in pockets and passing traffic among one another. You start selling them in small offices or families, where the necessary groups will tend to be together a lot. Gradually people will notice that they can reach others. How to address some particular person then? I would suggest that some of the p2p research might be useful here. Perhaps have the gadget transmit a name or other identifier of the person there in some form. If for example we allow repositories of public keys, we might transmit John Smith has address where xx is
[Full-disclosure] Let's design a spy-proof communications infrastructure
Colleagues: It is unworthy that people should be spending energy criticizing others' qualifications, personal habits, ancestry and destination (as the wording goes). I suspect that something much more useful can be possibly facilitated here (and elsewhere if anyone feels like it). Let me suggest that it should be possible to construct something like a cell phone network which will run like a peer to peer network, with routing determined heuristically and pretty much unpredictably, with message encryption, and with small enough electronics to package in something no larger than current cell phones. The current designs we have are the creatures of the old phone companies and presume things go through central offices. This has led to intrusions into user privacy by crooks and governments, and tends to make all manner of information we might not care to publish become effectively wide open to anyone who cares to steal it. However, consider that many internet p2p networks have been worked out (and are still being) to hide some of this. Consider that the old usenet protocol has no idea of global source or destination (though its flood fill algorithm is I suspect way too slow, still, to be used for messaging or voice traffic). If a network is designed so that every member only has some idea of its neighbors and which of them might be closer to the desired endpoint than it is, each node only has or needs a very local idea of addressing - something that might be relatively useless to central authorities or to crooks. The electronics to receive and send messages locally can be made very small and cheap. There are low power CPUs from places like TI and Atmel that run on microwatts, and WWV receivers can be had for $1 in chip form in bulk (per messages I have gotten). We have GPS boxes that you hold in your hand able to receive satellite transmissions. A few years back this would have been thought energetically impossible. If we devised some private communicator, it might expect to function in a very large net so long as some path existed to other communicators. While truly global routing might require some relays to bridge areas with few people, in urban areas and quite a few not-so-urban ones direct communication should be workable, at low enough power on any single frequency (yeah, make it spread spectrum) that formal licensing would not be needed. It should be noted that the address of any such system need not be fixed for huge times. To the extent you can get the systems to read, say, a time synchronization signal, systems might simply pick new addresses out of a suitably long number space. (If this is truly random, address collisions might be made so rare they can be ignored.) This would mean routing would need to be recomputed locally every so often but would make the notion of global address pretty well meaningless and unpredictable. (Use a heat source perhaps to generate random bits, so the randomness is from thermal noise. Nobody will be able to steal a key and figure the next address, or the last...). If a broadcast were available so each unit could sense nearby ones (where you make nearby as far away as you can) the constantly changing addresses won't cause problems discovering what else exists. If you have to scan an area, such discovery could be unsecurable. While I mention discovering where one is on a mesh, this might be tried with and without actual geographic coordinates. Nearness measured by a Hamming distance could be used for routing also. It might not be as efficient but if it worked it would mean routing gave eavesdroppers no hint as to physical location of anyone. If we want to keep private conversations private, this seems like a good thing. Authenticating people is I think separable from this; I have some other schemes to handle that. For a communicator, encryption should basically make traffic snooping impossible and make routing snooping infeasible even with adversaries who listen to a lot of traffic. The lessons of Blackberry should be heeded here: make the encryption all end to end, not step by step, with no backdoors built in and with open source code so tampering with these principles can be quickly caught and negated. Building such gadgets would be paid for by people wanting to use them, but note that the necessary infrastructure is just the existence of a large bunch of these things being used, sitting on peoples' belts or in pockets and passing traffic among one another. You start selling them in small offices or families, where the necessary groups will tend to be together a lot. Gradually people will notice that they can reach others. How to address some particular person then? I would suggest that some of the p2p research might be useful here. Perhaps have the gadget transmit a name or other identifier of the person there in some form. If for example we allow repositories of public keys, we might transmit John Smith has address where xx is
Re: [Full-disclosure] What the UK government care about in a hacker
finally something sane. i agree. On Fri, Jun 27, 2008 at 8:50 PM, n3td3v [EMAIL PROTECTED] wrote: On Sat, Jun 28, 2008 at 1:38 AM, Ureleet [EMAIL PROTECTED] wrote: u know how old this article is? A couple of months old and a prime example of that the intelligence services don't give a fuck about fire fox, internet explorer, opera and other gay applications people post application flaws about on Full-Disclosure. I want to see things post that actually affect national security and the government actually give a fuck about. Let's move away from stupid computer applications and start focusing on national security if you want to be an elite hacker, nobody cares about applications, buffer overflow and the like, its over and done with, its old skool, nobody gives a fuck anymore. If you want to impress the government then start on mobile, radio frequency, chip / hardware hacks. The security community has got to evolve, we can't be sitting here in 2020 still getting wet and excited about an internet explorer or quick time flaws, its getting gay, its nearly 2009... All the best, n3td3v On Thu, Jun 26, 2008 at 5:45 PM, n3td3v [EMAIL PROTECTED] wrote: On Thu, Jun 26, 2008 at 2:08 AM, n3td3v [EMAIL PROTECTED] wrote: I think we've gone beyond the F-Secure has said stage, I think folks are looking for something more. I think the security space has evolved already in respect of home user hackers, the security professional circuit and with the government. Infact the government are finding it hard to keep up with what's possible by the government and what's technologically possible by joe average in his bedroom. A few years ago it was impossible for joe average to shoot the live scene of a national emergency via his cell phone, email that footage to a national television station and that to be used as prime time evidence of the incident, now it is. With this I look onto the media, its still using F-Secure press releases for its news round. Your average joe is now able to creep behind the media wall and get the news before the outlet gets time to read up. The fact, the media is becoming less important in the security arena for bringing us news. Your average joe can configure google.com/ig to give them keyword news thats coming onto the news wires and google.com/alerts can too. What used to be a government fundamental for the intelligence services, is now becoming a challenge for them to know what user is signed upto what and how much they know. Before it was more straight forward, they would know what news sites were available as civilian intelligence sources but now its becoming less obvious. The intelligence community are having to dig deep into online community to see what is possibly being plotted and what sources of information they have and the technique in which its gathered. Today the world is changing, what used to be charted water only reserved for the intelligence services is now also being used by the civilian population. It's scary times, hackers have the best ability to over come the intelligence services, not the script kids, but the hackers! The main focus for the British intelligence service is mobile and anything to do with radio frequency hacks, including RFID type stuff, that's high on the British government look out. The media are hyping about mobile phone worm, while this hype *is* unfounded right now, thats not to say its not top on the British government's watch list of most desirable vulnerability threat vector against national infrastructure of government and civilian population. The hax0r credibility score board from the government's point of view isn't hacks in safari, fire fox or internet explorer, its telecommunications and radio frequency hacks right now. So while you and your friends might think browser hacks, etc.. think again, the real stuff that gets the UK government interested in you is radio, mobile and chip hacks, anything to do with electronics and communication, they don't actually give a fuck about applications, DNS hacks, Cisco router hacks and the like. While those things like DNS hacks, Cisco router hacks and the like are internet critical, they aren't national security critical... So hackers, if you want the most hax0r credibility points and attention with the UK government, think national infrastructure, radio frequency, chip hacks and mobile telecommunication interception. If you want head hunted into the UK government cyber defensive, offensive and research departments go for those vectors... keep away from silly stuff like web browser hacks, DNS poisoning, Cisco etc. How will the UK government contact you? Brute guys will jump out of a range rover land rover which will have darkened windows and will give you an offer you can't refuse after abducting you for five minutes based on your
Re: [Full-disclosure] Gadi Evron is a troll
dont start, you were just getting good! 2008/6/29 n3td3v [EMAIL PROTECTED]: Gadi Evron is a troll ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Mobile phone agenda time for security community
yeah. stick to these topics instead of talking about gadi. dont hate on gadi for trying. On Sun, Jun 29, 2008 at 1:58 PM, n3td3v [EMAIL PROTECTED] wrote: Its time to shift to mobile security, i'm sick of everything else, its just repeats of everything on the mailing list. We need a new focus guys, let's look at mobile, radio frequency, chip, hardware hack technologies. That's the biggest prime concern for the government that hack vectors are going to move into the mobile, radio frequency, chip, hardware side of things, because its what the government and the intelligence services rely on to bug people and / or to communicate with each other. Don't make it a vulnerability for just say for the iPhone, its got to be a hack thats compatible on multi networks, model devices to make it hardcore. Nobody gives a fuck about iPhone jailbreaks like c0ntex did, thats gay. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gadi Evron is a troll
On Sun, Jun 29, 2008 at 7:29 PM, Ureleet [EMAIL PROTECTED] wrote: dont start, you were just getting good! What do you mean getting good, i've been good the whole time homo! All the best, n3td3v 2008/6/29 n3td3v [EMAIL PROTECTED]: Gadi Evron is a troll ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Endless loop in Halo 1.07
### Luigi Auriemma Application: Halo: Combat Evolved http://www.microsoft.com/games/pc/halo.aspx Versions: = 1.07 Platforms:Windows Bug: endless loop Exploitation: remote, versus server Date: 29 Jun 2008 Author: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:aluigi.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === Halo is the great FPS game developed by Bungie Studios and ported on PC by Gearbox Software (http://www.gearboxsoftware.com). Although it has been released at the end of 2003, it's still one of the most played games with hundreds of internet servers. ### == 2) Bug == This vulnerability is exactly like the old one I found over 3 years ago in version 1.06 (haloloop) and which was fixed (or it's the case of saying partially fixed) in version 1.07: an endless loop caused by a malformed in-game packet which freezes completely the server. ### === 3) The Code === http://aluigi.org/poc/haloloop2.zip ### == 4) Fix == No fix. ### --- Luigi Auriemma http://aluigi.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Let's make a spy-proof communications infrastructure
On Sun, Jun 29, 2008 at 6:24 PM, Mary and Glenn Everhart [EMAIL PROTECTED] wrote: Colleagues: It is unworthy that people should be spending energy criticizing others' qualifications, personal habits, ancestry and destination (as the wording goes). I suspect that something much more useful can be possibly facilitated here (and elsewhere if anyone feels like it). Let me suggest that it should be possible to construct something like a cell phone network which will run like a peer to peer network, with routing determined heuristically and pretty much unpredictably, with message encryption, and with small enough electronics to package in something no larger than current cell phones. The current designs we have are the creatures of the old phone companies and presume things go through central offices. This has led to intrusions into user privacy by crooks and governments, and tends to make all manner of information we might not care to publish become effectively wide open to anyone who cares to steal it. However, consider that many internet p2p networks have been worked out (and are still being) to hide some of this. Consider that the old usenet protocol has no idea of global source or destination (though its flood fill algorithm is I suspect way too slow, still, to be used for messaging or voice traffic). If a network is designed so that every member only has some idea of its neighbors and which of them might be closer to the desired endpoint than it is, each node only has or needs a very local idea of addressing - something that might be relatively useless to central authorities or to crooks. The electronics to receive and send messages locally can be made very small and cheap. There are low power CPUs from places like TI and Atmel that run on microwatts, and WWV receivers can be had for $1 in chip form in bulk (per messages I have gotten). We have GPS boxes that you hold in your hand able to receive satellite transmissions. A few years back this would have been thought energetically impossible. If we devised some private communicator, it might expect to function in a very large net so long as some path existed to other communicators. While truly global routing might require some relays to bridge areas with few people, in urban areas and quite a few not-so-urban ones direct communication should be workable, at low enough power on any single frequency (yeah, make it spread spectrum) that formal licensing would not be needed. It should be noted that the address of any such system need not be fixed for huge times. To the extent you can get the systems to read, say, a time synchronization signal, systems might simply pick new addresses out of a suitably long number space. (If this is truly random, address collisions might be made so rare they can be ignored.) This would mean routing would need to be recomputed locally every so often but would make the notion of global address pretty well meaningless and unpredictable. (Use a heat source perhaps to generate random bits, so the randomness is from thermal noise. Nobody will be able to steal a key and figure the next address, or the last...). If a broadcast were available so each unit could sense nearby ones (where you make nearby as far away as you can) the constantly changing addresses won't cause problems discovering what else exists. If you have to scan an area, such discovery could be unsecurable. While I mention discovering where one is on a mesh, this might be tried with and without actual geographic coordinates. Nearness measured by a Hamming distance could be used for routing also. It might not be as efficient but if it worked it would mean routing gave eavesdroppers no hint as to physical location of anyone. If we want to keep private conversations private, this seems like a good thing. Authenticating people is I think separable from this; I have some other schemes to handle that. For a communicator, encryption should basically make traffic snooping impossible and make routing snooping infeasible even with adversaries who listen to a lot of traffic. The lessons of Blackberry should be heeded here: make the encryption all end to end, not step by step, with no backdoors built in and with open source code so tampering with these principles can be quickly caught and negated. Building such gadgets would be paid for by people wanting to use them, but note that the necessary infrastructure is just the existence of a large bunch of these things being used, sitting on peoples' belts or in pockets and passing traffic among one another. You start selling them in small offices or families, where the necessary groups will tend to be together a lot. Gradually people will notice that they can reach others. How to address some particular person then? I would suggest that some of the p2p research might be useful here. Perhaps have the gadget transmit a name or other identifier of the
[Full-disclosure] Fwd: Security Conference Spam, Should we put up with it?
From the same guy who spammed us with EuSecWest 2008, and refuses to buy banner ads on web sites like any other legitimate company, I bring you BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008). All the best, n3td3v Forwarded conversation Subject: [Full-disclosure] BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008) From: Dragos Ruiu [EMAIL PROTECTED] Date: Fri, Jun 27, 2008 at 5:05 PM To: full-disclosure@lists.grok.org.uk BA-Con 2008 CALL FOR PAPERS BUENOS AIRES, Argentina -- The first annual BA-Con applied technical security conference - where the eminent figures in the international and South American security industry will get together and share best practices and technology - will be held in Buenos Aires on September 30 and October 1st. 2008. The most significant new discoveries about computer network hack attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a series of informative tutorials. The BA-Con meeting provides local and international researchers a relaxed, comfortable environment to learn from informative tutorials on key developments in security technology, and collaborate and socialize with their peers in one of South America's largest metropolises. All material will be translated into both Spanish and English. Evening social activities will be planned to provide personal networking opportunities. The BA-Con conference will also feature the availability of the Security Masters Dojo expert network security sensei instructors, and their advanced, and intermediate, hands-on training courses - featuring small class sizes and practical application exercises to maximize information transfer. We would like to announce the opportunity to submit papers, lightning talk proposals for selection by the international BA-Con technical review committee. Please make your paper proposal submissions before July 11th, 2008. Some invited papers have been confirmed, but a limited number of speaking slots are still available. The conference is responsible for travel and accommodations for the speakers. If you have a proposal for a tutorial session then please email a synopsis of the material and your biography, papers and, speaking background to secwest08 [at] ba-con.com.ar . Only slides will be needed for the September paper deadline, full text does not have to be submitted - but will be accepted and translated on a best effort basis if available. The BA-Con 2008 conference consists of tutorials on technical details about current issues, innovative techniques and best practices in the information security realm. The audiences are a multi-national mix of professionals involved on a daily basis with security work: security product vendors, programmers, security officers, and network administrators. We give preference to technical details and new education for a technical audience. The conference itself is a single track series of presentations in a lecture theater environment. The presentations offer speakers the opportunity to showcase on-going research and collaborate with peers while educating and highlighting advancements in security products and techniques. The focus is on innovation, tutorials, and education instead of product pitches. Some commercial content is tolerated, but it needs to be backed up by a technical presenter - either giving a valuable tutorial and best practices instruction or detailing significant new technology in the products. Paper proposals should consist of the following information: 1. Presenter, and geographical location (country of origin/passport) and contact info (e-mail, postal address, phone, fax). 2. Employer and/or affiliations. 3. Brief biography, list of publications and papers. 4. Any significant presentation and educational experience/background. 5. Topic synopsis, Proposed paper title, and a one paragraph description. 6. Reason why this material is innovative or significant or an important tutorial. 7. Optionally, any samples of prepared material or outlines ready. 8. Will you have full text available or only slides? 9. Please list any other publications or conferences where this material has been or will be published/submitted. 10. Do you have any special demo or network requirements for your presentation? Please include the plain text version of this information in your email as well as any file, pdf, sxw, ppt, or html attachments. Please forward the above information to secwest08 [at] ba-con.com.ar to be considered for placement on the speaker roster, have your lightning talk scheduled. We would like to extend a special thanks to our local
[Full-disclosure] Fwd: what problem are we solving? (was Re: ICANN opens up Pandora'sBox of
Classic Gadi Evron Gayness! He's currently trolling the I.S.P community via NANOG mailing list. Because the Internet is not governemned, common misbelief aside. It's a mess of capitalism and anarchism. In fact, The Internet is the only functioning anarchu. Hilarious TROLLING effort by Gadi, keep up the good work. All the best, n3td3v -- Forwarded message -- From: Gadi Evron [EMAIL PROTECTED] Date: Sun, Jun 29, 2008 at 9:42 PM Subject: Re: what problem are we solving? (was Re: ICANN opens up Pandora'sBox of To: Jim Popovitch [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] On Sun, 29 Jun 2008, Jim Popovitch wrote: On Sun, Jun 29, 2008 at 1:21 PM, Peter Beckman [EMAIL PROTECTED] wrote: Let the search engines organize the web, not DNS. OK, (assuming you believe that), why keep dns around. Why not go back to just IP addrs and hosts files for those that need them. Because the Internet is not governemned, common misbelief aside. It's a mess of capitalism and anarchism. In fact, The Internet is the only functioning anarchu. I see no reason why search engines won't, they already do, whether we want to admit it or not, for the home user they ARE the Internet. Gadi. -Jim P. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Gadi Evron is a troll
Homosapien? I'm pretty sure he is a human. On Sun, Jun 29, 2008 at 2:39 PM, n3td3v [EMAIL PROTECTED] wrote: On Sun, Jun 29, 2008 at 7:29 PM, Ureleet [EMAIL PROTECTED] wrote: dont start, you were just getting good! What do you mean getting good, i've been good the whole time homo! All the best, n3td3v 2008/6/29 n3td3v [EMAIL PROTECTED]: Gadi Evron is a troll ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Save Gary Mckinnon
Gary Mckinnon is going to be locked away for 64 years for doing a default password scan of the U.S military. We need to save this guys life, yes he was stupid, yes he was dumb, yes he shouldn't have done it. He is a weirdo who tried to find out about UFO research within military ranks, should we send Gary Mckinnon away the same as a suicide bomber terrorist? The U.S military are going to make an example of this man, an example that is unjust, we need to save Gary, save Gary... save Gary! All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Let's make a spy-proof communications infrastructure
Yes as i've been saying already the intelligence services for years like MI5, MI6 have been laughing at Full-Disclosure for years about us and the media getting excited about internet explorer, fire fox, opera, safari drama and the other likes. While that may be stimulating for some, it hasn't chipped a single inch out of the government and the intelligence services. The biggest government hack of all time? Some faggot weirdo called Gary Mckinnon probing the Pentagon and other government networks with a text file of manufacturer default passwords, and he is about to be extradited to the U.S.A for it and be put in jail for 65 years, lmao!!! The government are laughing their asses off at how softcore the world elite hackers are, we need to crank up a gear and give the government something to think about. I'm not talking about anything illegal or breaking the law, i'm talking about lawful critical vulnerability discosure on the mailing lists thats going to make the intelligence services and the government wake up and bring real credibility to the mailing list. Right now, folks releasing quicktime flaws and other gay shit, thats so 1999, its time to research and disclose stuff thats going to get you stopped at passport control and have your vulnerability research taken off you for analysis when you plan to do a speech at a security conference etc. Like say, we need to move away from gay shit, and think about the government and the intelligence services, they are currently walking all over all of us, its time to get even technically. All the best, n3td3v Put your money where your mouth is. What have you released that will make the government respect this list? Secondly, what does FD and the world of elite hackers have in common? Nothing. -- ciao JT ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/