[Full-disclosure] 0day services
Hey, As many people here, I am selling 0day for Windows UNIX. Please mail me if you are *really* intersted (any other email will be deleted). Sincerely. -- Self Storage Options - Click Here. http://tagline.hushmail.com/fc/Ioyw6h4eNgRXQ4Q1Z8A5MeMIO3JjVcvfgTjE7sJNC7yDuTxwk3xeB6/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day services
[EMAIL PROTECTED] wrote: Hey, As many people here, I am selling 0day for Windows UNIX. Please mail me if you are *really* intersted (any other email will be deleted). Sincerely. -- Self Storage Options - Click Here. http://tagline.hushmail.com/fc/Ioyw6h4eNgRXQ4Q1Z8A5MeMIO3JjVcvfgTjE7sJNC7yDuTxwk3xeB6/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ learn2spell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [SECURITY] [DSA 1639-1] New twiki packages execution of arbitrary code
Steve,
I just had a look at your patch and it seems to me that you just filter out
the remote command execution and not the file disclosure in Twiki.
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.diff.gz
The configure file is patched with this
if ( $image =~ /^([-.\w]+)$/ ) {
$image = $1;
}
You are basically allowing the ../../../ which can be used for
../../../etc/passwd
In terms of example, what you have done is filter out
/bin/configure?action=image;image=|ls%20-l|;type=text/plain
and not
/bin/configure?action=image;image=|../../../../../../etc/passwd|;type=text/plain
Regards,
webDEViL
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day services
Don't email if you aren't serious! It seems like you are not interested. On Sun, Sep 21, 2008 at 1:36 AM, rholgstad [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Hey, As many people here, I am selling 0day for Windows UNIX. Please mail me if you are *really* intersted (any other email will be deleted). Sincerely. -- Self Storage Options - Click Here. http://tagline.hushmail.com/fc/Ioyw6h4eNgRXQ4Q1Z8A5MeMIO3JjVcvfgTjE7sJNC7yDuTxwk3xeB6/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ learn2spell ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Social flaws / vulnerabilities in 'Last account activity' on Gmail
On Sun, Sep 21, 2008 at 4:01 AM, [EMAIL PROTECTED] wrote: On Sat, 20 Sep 2008 21:47:55 BST, AaRoNg11 said: If the job was that sensitive of a job, do you really think they'd be using gmail to send important information? Remember - n3td3v is in the British Isles, where clusterfuck IT is rampant in the government sector. You know, like Let's lose the financial details of *EVERY SINGLE FRIKKING FAMILY IN THE COUNTRY on an UNENCRYPTED DISK. Oh, why was the disk unencrypted? Because the policy on how to securely transfer the data was deemed so sensitive that it was only accessible to upper management - the people *doing* the work didn't have access to the policy of how to do it right. Maybe we can take this over to [EMAIL PROTECTED] or whatever name he gives the new mailing list when John Cartwright finally gets the finger out. We need a non-technical, unbiased, unmoderated version of full-disclosure where people can post rants, raves, speeches, ideas, views, opinons, news items, the dirty on employees, gossip, security conferences, or other intelligence thats non-technical. A place where people like n3td3v don't get made to feel bad for posting their views on whats going on in the security community. There seems to be a feeling that anyone who is non-technical is unwelcome on full-disclosure and end up getting written about on securityfocus by robert lemos and made to feel a bad person. :( This is unfair, in the bigger scope of things, there just isn't anywhere to go to post non-technical stuff thats unmoderated. So instead of being nasty to n3td3v and writing about him on securityfocus and declaring a hunt for n3td3v, let's just create a new mailing list where people like me won't get made uncomfortable for posting. The bottom line is, there is no non-technical, unbiased, unmoderated version of full-disclosure and there should be one. We need a cyber political mailing list, where anything goes, right now it just seems that people don't really want n3td3v around, but thats not because n3td3v has done something wrong, its just because there is no where else suitable to post about cyber politics thats non-technical, unbiased, unmoderated. I don't like posting to full-disclosure if I feel unwelcome, but I don't want to be muzzled, I want John Cartwright to setup a new mailing list for the non-technical issues. This is my proposal im putting forward, so let's talk about it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Exploit creation - The random approach or Playing with random to build exp loits
Exploit creation The random approach or Playing with random to build exploits Sunday, September 21, 2008 By Nelson Brito [EMAIL PROTECTED] -[ Introduction It is just a matter of time to get things worse on the Internet. We saw worms getting more and more sophisticated in last decade, and, believe me, it could be worst. Nowadays we have botnets and a lot of worms and the respective variants, but what if a stealth worm reaches the Internet today? Are we prepared to deal with this kind of threat? Are we walk to the right direction to get this kind of threat controlled in a short period of time? Do we remember 2003? That said there is no other answer than: No, we are not prepared and we will surrender if such bad thing happens again. Why am I saying that? You will figurate. Just for the records: I will not write that much, even because it is very, very simple, and I do believe some one else will write a good stuff for academic audiences. If you still believe in Santa Claus, please, stop reading right now, because this paper will show that bad things can get worse, and worse, and worse, if we are not paying attention on the signs. And according to some people: it is all old news, and the techniques were already presented by someone, somewhere. Ok, then! -[ What happened during 2003? Two incredible things happened: 1. Slammer was the very first Flash Worm, incredible fast in its dissemination, it only took 15 minutes to crash all the Internet infra-structure and let us know that a new age was coming out. 2. Blaster was the very first worm targeting almost all Microsoft Windows OS versions, incredible infecting machines around the world. After Blaster we saw Sasser, and, apparently, underground became to use a worm template to make new worms dissemination. These two facts combined could give us a good lesson. But, even after 1988, we didn't learn how to deal with worms and I think we have a long, long path to reach this point. So, imagine a worm using polymorphic techniques. It is the worst nightmare we couldnt even imagine. -[ Polymorphic Code This is not a new topic and some researchers have been talking about this for years and years, but all our attention was gave to the shellcode. And even during my research, when I talked to someone about the perspective of having a real polymorphic code, people always got confused with polymorphic shellcode. No, I am not writing another paper about polymorphic shellcode, there are too many papers flying around since ADM created ADMutate, good papers about nop sled, jmp sled, junk code insertion, etc I am writing about a real polymorphic code: a code that every time it executes it will have a new appearance, a new fingerprint, being almost unpredictable, and, yes, I will use some of the previous techniques to move forward and step ahead creating a real polymorphic attack. I have sent the ENG code already, but this is a paper to show what the techniques are and the possible damages can be caused if hackers apply such techniques in their codes. Polymorphic code means that a code will change every time it executes, making it unpredictable. What we have, so far, are static codes, and I never saw any dynamic code exploiting any vulnerability. That is the reason some IPS/IDS can easily add signatures. -[ ENG (Encore Next Generation) Techniques First of all, to make a polymorphic code we have to be sure we have all the requirements to achieve the concept that a polymorphic code must be unpredictable, and it means random. I choose the MS02-039[1], because I have all the requirements for this proof of concept: 1. Microsoft Windows Buffer Overflow[2]; 2. Buffer to overflow is not too big; 3. More than just one Return Address[3]; 4. Incredible high number of writable addresses only in SQLSORT.DLL[4]. -[ MS02-039 Exploit Structure Before we start talking about the techniques applied in ENG, lets take a look on how the exploit structure must be. David Litchfield Very First Exploit [VECTOR] [BUFFER ] [RETURN ADDRESS] [JUMP] [WRITABLE ADDRESS ] [NOPS ] [SHELLCODE] [0x04 ] [...] [0x42b0c9dc] [0x0e] [0x42ae7001 (SP0) | 0x42ae7001 (SP1-2)] [0x90 ] [STATIC ] Slammer Worm [VECTOR] [BUFFER ] [RETURN ADDRESS] [JUMP] [WRITABLE ADDRESS ] [NOPS ] [SHELLCODE] [0x04 ] [0x01 ] [0x42b0c9dc] [0x0e] [0x42ae7001 (SP0) | 0x42ae7001 (SP1-2)] [0x90 ] [SLAMMER ] HD Moore Metsploit Framework [VECTOR] [BUFFER ] [RETURN ADDRESS] [JUMP] [WRITABLE ADDRESS ] [NOPS ] [SHELLCODE] [0x04 ] [RANDOM ] [0x42b48774] [0x69] [0x7ffde0cc (SP0) | 0x7ffde0cc (SP1-2)] [RANDOM] [SLAMMER ] Now, we know how we must build the exploit, and I think we can do a great job randomizing all the fields. Here are the fields ENG needs to deal with: attack vector, buffer, return address, jumps, writable address, nops, and shellcode. -[ Attack Vector For this vulnerability there are three vectors [5]:
[Full-disclosure] [ GLSA 200809-11 ] HAVP: Denial of Service
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: HAVP: Denial of Service Date: September 21, 2008 Bugs: #234715 ID: 200809-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A Denial of Service vulnerability has been reported in HAVP. Background == HAVP is a HTTP AntiVirus Proxy. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-proxy/havp0.89 = 0.89 Description === Peter Warasin reported an infinite loop in sockethandler.cpp when connecting to a non-responsive HTTP server. Impact == A remote attacker could send requests to unavailable servers, resulting in a Denial of Service. Workaround == There is no known workaround at this time. Resolution == All HAVP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-proxy/havp-0.89 References == [ 1 ] CVE-2008-3688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-11.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200809-10 ] Mantis: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mantis: Multiple vulnerabilities Date: September 21, 2008 Bugs: #26 ID: 200809-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities have been reported in Mantis. Background == Mantis is a PHP/MySQL/Web based bugtracking system. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 www-apps/mantisbt1.1.2 = 1.1.2 Description === Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manage_user_create.php (CVE-2008-2276), a Cross-Site Scripting vulnerability in return_dynamic_filters.php (CVE-2008-3331), and an insufficient input validation in adm_config_set.php (CVE-2008-3332). A directory traversal vulnerability in core/lang_api.php (CVE-2008-) has also been reported. Impact == A remote attacker could exploit these vulnerabilities to execute arbitrary HTML and script code, create arbitrary users with administrative privileges, execute arbitrary PHP commands, and include arbitrary files. Workaround == There is no known workaround at this time. Resolution == All Mantis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-apps/mantisbt-1.1.2 References == [ 1 ] CVE-2008-2276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2276 [ 2 ] CVE-2008-3331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3331 [ 3 ] CVE-2008-3332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3332 [ 4 ] CVE-2008- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008- Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200809-10.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The new 'cyber politica' mailing list thats planned for the non-technical elite
Don't you already have your own mailing list? Go there. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The new 'cyber politica' mailing list thats planned for the non-technical elite
Hi, my comment wasn't meant to flame you. I was basically trying to say that if you used your email for sensitive stuff, and it had been compromised, the intruder finding out your IP address is the least of your worries. I'm sorry if it was interpreted as a flame. Anyway, I like the idea of a non-technical mailing list. I'd be sure to sign up :) On Sun, Sep 21, 2008 at 7:02 PM, n3td3v [EMAIL PROTECTED] wrote: On Sun, Sep 21, 2008 at 12:34 PM, n3td3v [EMAIL PROTECTED] wrote: On Sun, Sep 21, 2008 at 4:01 AM, [EMAIL PROTECTED] wrote: On Sat, 20 Sep 2008 21:47:55 BST, AaRoNg11 said: If the job was that sensitive of a job, do you really think they'd be using gmail to send important information? Remember - n3td3v is in the British Isles, where clusterfuck IT is rampant in the government sector. You know, like Let's lose the financial details of *EVERY SINGLE FRIKKING FAMILY IN THE COUNTRY on an UNENCRYPTED DISK. Oh, why was the disk unencrypted? Because the policy on how to securely transfer the data was deemed so sensitive that it was only accessible to upper management - the people *doing* the work didn't have access to the policy of how to do it right. Maybe we can take this over to [EMAIL PROTECTED] or whatever name he gives the new mailing list when John Cartwright finally gets the finger out. We need a non-technical, unbiased, unmoderated version of full-disclosure where people can post rants, raves, speeches, ideas, views, opinons, news items, the dirty on employees, gossip, security conferences, or other intelligence thats non-technical. A place where people like n3td3v don't get made to feel bad for posting their views on whats going on in the security community. There seems to be a feeling that anyone who is non-technical is unwelcome on full-disclosure and end up getting written about on securityfocus by robert lemos and made to feel a bad person. :( This is unfair, in the bigger scope of things, there just isn't anywhere to go to post non-technical stuff thats unmoderated. So instead of being nasty to n3td3v and writing about him on securityfocus and declaring a hunt for n3td3v, let's just create a new mailing list where people like me won't get made uncomfortable for posting. The bottom line is, there is no non-technical, unbiased, unmoderated version of full-disclosure and there should be one. We need a cyber political mailing list, where anything goes, right now it just seems that people don't really want n3td3v around, but thats not because n3td3v has done something wrong, its just because there is no where else suitable to post about cyber politics thats non-technical, unbiased, unmoderated. I don't like posting to full-disclosure if I feel unwelcome, but I don't want to be muzzled, I want John Cartwright to setup a new mailing list for the non-technical issues. This is my proposal im putting forward, so let's talk about it. I say 'cyber-politica' is a decent name for it we can have. Although im concerned the 'cyber' might go out of fashion over the years, so if you have cyber in the name it might get outdated. I think the new mailing list will be perfect for me and gadi types, then we won't be annoying the list anymore about what we think of everyone and cyber security. I think full-disclosure has had enough of opinionated people like me and gadi who chime in when we feel like it, it appears to upset the full-disclosure crowd, so a new mailing list would be brilliant for the non-technical crowd who still want to chime in when we're not happy about something. When people like me and gadi types post our opinionated views about people and cyber security, folks don't always reply and give their views, because they think the mailing list isn't supposed to be about the non-technical subject, so are reluctant to get involved incase it increases the 'noise'. What's needed is a non-technical mailing list where the non-technical elite can hang out. US-CERT.gov website already have technical and non-technical sections, so why can't full-disclosure be split in two? Its obvious me and gadi are not welcome on the current format full-disclosure, so we need a new mailing list for the non-technical elite. I was very upset to be bashed by robert lemos and his friends via news articles and blogs, so now its time for a place we can go and not upset people anymore. It was never my intention to upset folks but thats what seems to have happened. They seem to think the full-disclosure list is being destroyed by the non-technical elite. So why not give the non-technical elite a mailing list of their own, so people won't get upset because we post an email that hasn't got a vulnerability or exploit in it. We should leave the full-disclosure list for technical users, and the non-technical users have their own mailing list to post on, then nobody can be accused
[Full-disclosure] Directory traversal in the webadmin of Unreal Tournament 3 1.3
###
Luigi Auriemma
Application: Unreal Tournament 3
http://www.unrealtournament3.com
Versions: 1.3 ONLY (both build 3601 and 3614)
older versions are safe
Platforms:Windows and Linux
Bug: directory traversal in the web interface
Exploitation: remote, versus server
Date: 21 Sep 2008
Author: Luigi Auriemma
e-mail: [EMAIL PROTECTED]
web:aluigi.org
###
1) Introduction
2) Bug
3) The Code
4) Fix
###
===
1) Introduction
===
Unreal Tournament 3 (UT3) is the latest game of the famous homonim
series developed by Epic Games (http://www.epicgames.com).
###
==
2) Bug
==
UT3, as any other game based on the Unreal engine, has an internal web
server called uWeb for controlling the own server remotely using a web
browser.
This interface is disabled by default and in the case of UT3 are needed
the additional files located on http://ut3webadmin.elmuerte.com (choice
made by Epic for fixing possibly issues more quickly).
In the last 1.3 patch released the 13th August 2008 has been made a bad
and unusual modification to uWeb.
In fact the WebAdmin component is composed by two sub components/classes
called UTServerAdmin (used for everything) and UTImageServer used only
for the handling of the HTTP requests for the files in the /images
folder.
In the script of the ImageServer component in version 1.3 has been made
the following change which has removed the limitation of downloading
only files with the extentions JPG, JPEG, GIF, BMP and PNG:
ImageServer.uc of version 1.2:
...
else
{
Response.HTTPError(404);
return;
}
Response.IncludeBinaryFile( Path $ Image );
ImageServer.uc of version 1.3:
...
else
{
Response.SendStandardHeaders(application/octet-stream, true);
}
Response.IncludeBinaryFile( Path $ Image );
Not a so dangerous thing except that the directory traversal which has
EVER affected this part of the engine and which has never been possible
to exploit due to the filters on the extensions of the requested files
(an image can't be classified as sensible data moreover if there is
no way to know the exact locations of these files) now allows any
external unauthenticated attacker to download files from the system.
In fact when a file is requested the engine first looks in the home
folder of the user who has launched the UT3 server (for example
C:\Documents and Settings\Administrator\My Documents\My Games\Unreal
Tournament 3) because the configuration files used by the server are
located just there and then in the folder of the game, so having the
server installed on another partition doesn't limit the problem.
For example, it's enough to request the file
/images/../../UTGame/Config/UTGame.INI to see all the configuration
of the server which includes also the admin password to gain access to
the same webadmin interface.
In the example I have used the INI extension instead of ini because
this particular extension seems filtered internally so it's enough to
use one or more upper case chars in it to bypass the check while there
are no strange behaviours for the other extensions or files.
###
===
3) The Code
===
http://aluigi.org/poc/ut3webown.txt
nc SERVER 80 -v -v ut3webown.txt
###
==
4) Fix
==
No fix
###
---
Luigi Auriemma
http://aluigi.org
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The new 'cyber politica' mailing list thats planned for the non-technical elite
It refers to neither. I'm sorry, i'm new to this list so I assumed that n3td3v's post was serious. On Sun, Sep 21, 2008 at 7:48 PM, Razi Shaban [EMAIL PROTECTED] wrote: Aaron, there's something you don't seem to get here. n3td3v is a troll. I'm hoping that eleven refers to your college graduation year and not your high school graduation; if it's the first you might know what a troll is. If not, look it up. -- Razi -- Aaron Goulden ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The new 'cyber politica' mailing list thats planned for the non-technical elite
It is serious, like most of my posts. I'm not a troll, maybe gobbles was, but im not related to him. robert lemos just wrote bullshit to flame me trying to say I was gobbles. I hadn't even known anything about him (gobbles) until after I started posting to the list. It just seems to be a coincidence that gobbles left the list and then n3td3v appeared. we're not connected in any shape or form. I originally came on the list to talk about yahoo and a certain employee who works there who backstabbed me and my friends, by giving me intelligence about the inner workings of yahoo to me in return for intelligence about hackers in the yahoo scene at the time. He used this information to get a job as a yahoo messenger security engineer. He now works as a senior yahoo software engineer, and for years i've complained to yahoo about him, but yahoo can't take action without conclusive evidence, even though there is plenty of suggestive evidence. He is probably still feeding out information to hackers in exchange for information about yahoo hackers, and he could possibly be coding backdoors into yahoo software for the intelligence services in a covert operation which yahoo officials don't know about. And, some members of the yahoo security team are also part of it, and are stopping the claim about the employee getting passed to the management of yahoo who would investigate the employee more seriously. For years ive sent info to the yahoo security team about this individual, but they don't communicate back if the intelligence is being taken seriously or if they just trash what I say. The employee in question was originally part of the yahoo hacker scene, he got head hunted through another employee and fast tracked into the company as and when it was obvious yahoo was becoming a multi-nation corporation. He told me none of his other co-workers knew he got fast tracked into yahoo, and that its a secret how he got in. He has used 'intelligence' methods to get higher and higher into the corporation, exchanging intelligence about yahoo for intelligence about yahoo hackers. He was originally in the military in france then for some mysterious reason he dropped everything, moved to U.S and began working in yahoo. Ain't most intelligence officers have military background to begin with? There are tons of suggestive evidence about him, but nothing thats conclusive that can oust him from the company. All the best, n3td3v On Sun, Sep 21, 2008 at 7:58 PM, AaRoNg11 [EMAIL PROTECTED] wrote: It refers to neither. I'm sorry, i'm new to this list so I assumed that n3td3v's post was serious. On Sun, Sep 21, 2008 at 7:48 PM, Razi Shaban [EMAIL PROTECTED] wrote: Aaron, there's something you don't seem to get here. n3td3v is a troll. I'm hoping that eleven refers to your college graduation year and not your high school graduation; if it's the first you might know what a troll is. If not, look it up. -- Razi -- Aaron Goulden ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1640-1] New python-django packages fix cross site request forgery
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1640-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst September 20, 2008http://www.debian.org/security/faq - Package: python-django Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-3909 CVE-2007-5712 Debian Bug : 497765 448838 Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. The is possible regardless of the Django plugin to prevent cross site request forgery being enabled. The Common Vulnerabilities and Exposures project identifies this issue as CVE-2008-3909. In this update the affected feature is disabled; this is in accordance with upstream's preferred solution for this situation. This update takes the opportunity to also include a relatively minor denial of service attack in the internationalisaton framework, known as CVE-2007-5712. For the stable distribution (etch), these problems have been fixed in version 0.95.1-1etch2. For the unstable distribution (sid), these problems have been fixed in version 1.0-1. We recommend that you upgrade your python-django package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2.dsc Size/MD5 checksum: 940 62d31adf6a658ab089df66916148d2d8 http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1.orig.tar.gz Size/MD5 checksum: 1297839 07f09d8429916481e09e84fd01e97355 http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2.diff.gz Size/MD5 checksum: 8069 6e5e17af4148911137b1a8aebaa8096c Architecture independent packages: http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2_all.deb Size/MD5 checksum: 1025742 93417b16a120eada12b807b8372cc858 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSNT1Q2z0hbPcukPfAQLGLQgAsA4MuOT8zyDNY/lR4ONjr+t1eJr583er u77Z3nn5zGn6DoOUEww7tRV04I2iMI+s2jAbFLcw8j3Q7U+AY3HXtJq0Tlk2Zyup OKAZdiCNIYMR4gulWrs0MQG0cWePLvK5hjSL2Hmol651p288vVQ1k/CknCVX8j0s L/l+fB1XhOCvF2Mk985iBT5ZVw9fpHHjiK+QVE3HEayGNHzEr9oTE/GEhIYv6SZ0 eIWzmNHVYmBuevMun7Hn31AqYe4WRAfza+AWryt8RnGCGOVLbRFJ2YO4zsNh+9Ps p0GLXWM4JKqferyzZgwsl2/1sb7PdtWWgWynQbOSG/7NxsG5SyHDmA== =1lGA -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1641-1] New phpmyadmin packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1641-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst September 20, 2008http://www.debian.org/security/faq - Package: phpmyadmin Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096 Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4096 Remote authenticated users could execute arbitrary code on the host running phpMyAdmin through manipulation of a script parameter. CVE-2008-3457 Cross site scripting through the setup script was possible in rare circumstances. CVE-2008-3456 Protection has been added against remote websites loading phpMyAdmin into a frameset. CVE-2008-3197 Cross site request forgery allowed remote attackers to create a new database, but not perform any other action on it. For the stable distribution (etch), these problems have been fixed in version 4:2.9.1.1-8. For the unstable distribution (sid), these problems have been fixed in version 4:2.11.8.1-2. We recommend that you upgrade your phpmyadmin package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8.dsc Size/MD5 checksum: 1011 37114453aaf82b81dce82755e64ec033 http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8.diff.gz Size/MD5 checksum:54521 a5b37a0f2d161337cc2acd5653c42312 http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz Size/MD5 checksum: 3500563 f598509b308bf96aee836eb2338f523c Architecture independent packages: http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8_all.deb Size/MD5 checksum: 3607794 01749fe13d966bba1c6394ff2c185204 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSNT3HWz0hbPcukPfAQIE0wf+In02iCbrhM9hSwsrRTPg5luM/SHZNlTw TQ673K6gRq22vJilEXJAZU/O6z1fUBNmgS+xSuPBiowcKb3MXdC6CIpbbLDcviA/ SLXqdJeOVu3abuenze6iC8Xc3ovxAgP+1UUhZPjmReYFWoFd1LkL1UkFdLPc9E7/ mqprk/CD4SeWSlr0j6mENet1aqsgj7FyYKDBZDzoGqqkxUUFebhH+IWNvs3swSUN DqVyFPWKJjWB4CBIHShJmWgOsyZ52iT1e4j2qpaTQybyvqccdRWz7FZiS0C7WuIs CMzz50QirUu08eOmx5CCRSCr6FelPV1xIEtm9i/L5++neONs2cxXoQ== =do4b -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1642-1] New horde3 packages fix cross site scripting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1642-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst September 20, 2008http://www.debian.org/security/faq - Package: horde3 Vulnerability : cross site scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-3823 Will Drewry discovered that the Horde, allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting. For the stable distribution (etch), this problem has been fixed in version 3.1.3-4etch4. For the testing distribution (lenny), this problem has been fixed in version 3.2.1+debian0-2+lenny1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your horde3 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.dsc Size/MD5 checksum: 1076 2f84d0bcc79176fd975a2e33402c1a3f http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz Size/MD5 checksum: 5232958 fbc56c608ac81474b846b1b4b7bb5ee7 http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.diff.gz Size/MD5 checksum:13225 c1a2fd542348e7b1110dd76b3077620b Architecture independent packages: http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4_all.deb Size/MD5 checksum: 5259800 6a9bee45882c4613788e7f51648ca24b These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSNT4u2z0hbPcukPfAQK/rAf/Z8qAwKcdZ+VQHPckbh6Ak8AGVHXbmeT6 GoRogJ3TGYcTVO+SjgEoVQQDtoiEMQ+xGBV5Z1IHZW+ZlwTfVB1Ntp++R3fWXYb7 5EsbmKBXiUpQ3r/lsl1gccfGK5qrciIYxUDG9wo6IZEGWZGM3smiLUH56tD58PNU xaDKmanHda1DaYJpkvwrLogDfnrBS+5ZLeAcEF5d9m7trKZbO1z4mY2p4ApiN5LM 2iyX3c6Oi3BgHo8w4/z1VhGlWtnorKL3uJ1CKjnExdmX1TpHdKjmVrTJZhVMkPVN 3tKAbCWVvUXePanLR5iERt/q35aCbWxD8hHrv6UjBsRh+Erjrhw0+w== =+3XT -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1634-2] New wordnet packages fix regression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1634-2 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst September 20, 2008http://www.debian.org/security/faq - Package: wordnet Vulnerability : stack and heap overflows Problem type : local (remote) Debian-specific: no CVE id(s) : CVE-2008-2149 Debian Bug : 481186 498855 A regression was discovered in the original patch addressing this issue for WordNet, which this update fixes. For reference the text of the original advisory follows. Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. For the stable distribution (etch), these problems have been fixed in version 1:2.1-4+etch2. For the unstable distribution (sid), these problems have been fixed in version 1:3.0-13. We recommend that you upgrade your wordnet package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2.dsc Size/MD5 checksum: 772 79778d56b18a02598ee5b6fd96ab08a3 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2.diff.gz Size/MD5 checksum:23138 e0c766b20c9b7a0af75d95ba45b450a1 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1.orig.tar.gz Size/MD5 checksum: 6379385 95a6e8144254a92a5ea0e97771ef9d07 Architecture independent packages: http://security.debian.org/pool/updates/main/w/wordnet/wordnet-base_2.1-4+etch2_all.deb Size/MD5 checksum: 8701512 4455bf81c9015708cb74eab60ccd2bcc http://security.debian.org/pool/updates/main/w/wordnet/wordnet-sense-index_2.1-4+etch2_all.deb Size/MD5 checksum: 2242610 07c445b555abf08a505128392008f993 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_alpha.deb Size/MD5 checksum: 109538 4803d423c191e9faa98384326c8d6d70 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_alpha.deb Size/MD5 checksum:80824 4dbf0d39d155acc639aea8483a08972b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_amd64.deb Size/MD5 checksum:65198 3cc2012ba668fd282398befb9afc1f32 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_amd64.deb Size/MD5 checksum: 105098 176e4394cb71c2dde0f7a7f67b9d5698 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_arm.deb Size/MD5 checksum: 100134 4dabf40eafe6254f8f9d16ae7ab4bcdc http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_arm.deb Size/MD5 checksum:61152 23f695939c47966390fccc29d8666d94 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_hppa.deb Size/MD5 checksum:69956 e32d6a37145ed84c9af98af9215a001e http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_hppa.deb Size/MD5 checksum: 108402 2b7b1db48cde550ef290ea68518e7dd8 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_i386.deb Size/MD5 checksum:63156 de49f05b5e9a08a2c4cd4cc9ec1f7f64 http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_i386.deb Size/MD5 checksum: 101844 cb8c045b1f98f009fe976fa46e3b88e8 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_ia64.deb Size/MD5 checksum: 119820 8ab8da0fa9022893263f77ef5b9f4dae http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_ia64.deb Size/MD5 checksum:83122 b728bb71e4557f34a8a57c06d4e7d075 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch2_mips.deb Size/MD5 checksum: 105560 12a113044b150102f1f2503a2e03c082 http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch2_mips.deb Size/MD5 checksum:73206
[Full-disclosure] Fwd: Full Disclosure - non technical elite
'cyber politica' would need to be setup by John Cartwright, or it wouldn't become an official internet security mailing list on such matters. It would just become funsec or something else thats lame, thats not what im shooting for here. There needs to be an official cyber security mailing list for cyber politics thats unmoderated and unbiased, and you don't get kicked off it for any reason. Funsec is largely about gadi and his agenda, and security professionals from anti-virus companies and other places, its lame to put it bluntly. I post there and because I criticized gadi and paul ferguson I got kicked off. even marcus sachs hangs out on funsec, so being able to criticize the people that deserve to be is an impossibilty. there needs to be a neutral, central, unmoderated, unbiased mailing list for non-technical stuff that anybody, script kids, hackers, professionals, whoever can post whatever about anyone or anything. You can't do that on funsec, gadi is too trigger happy and protective. We need an industry recognized mailing list that is the known place to go and post about particular stuff, and not be banned from or have subscribers calling you names and making up fake aliases like 'ureleet' to give you a hard time for being on the list. We need an industry recognized central hub known about, agreed on place for cyber politics. Like i've said already im sick of being written about in the media and on blogs for being on full-disclosure, so I reckon a non-technical version of full-disclosure is the answer, run by the same guy John Cartwright, who is a decent bloke who I trust and respect. there are plenty of legitimate things to be discussed on cyber politica: - cyber security, in relation to marcus sachs and cronies, government stuff, gary mckinnon, cyber command etc. - isp community and their role with cyber security. - law enforcement and their role with cyber security. - public / private sector cooperation. - news article posts, blogs posts, Dancho Danchev, Nate McFeters, Juha-Matti Laurio, other news items. - speeches, texts, other stuff, post info about ppl you've managed to obtain etc. - you are an IT professional and you want to report about a service outage, maybe a security website or other service is down and you want to tell ppl. - debates about security features in products, non technical. - political cyber debate, who attacked georgia, analysis about it etc, was it a false flag etc. - general intelligence about companies, people, other stuff. - security conference spam, where they are being held etc. - proposals to the security community / industry, gadi cross posts about zero-day term being scraped, other buzzword stuff. - rants, raves, flames, joke, gossip rumours, speculation. - threats you know of, zero-day rumours, zero-day for sale. - paranoid stuff, things you think could happen but haven't, plots, dooms day scenarios. - your security forum, website, advertise it, got security course or other thing to promote. - self promotion, self glorification, grand claims. - anything else that seems to offend users of full-disclosure in its current format. - anything you wanted to post to full-disclosure but never did. - fuzzy porn? - big multi way discussions about stuff, you don't feel shy about talking about like you do on the original full-disclosure incase you got accused of feeding someone who other people don't agree with. people want to talk about stuff, but dont on the normal full-disclosure format because they get accused of creating 'noise'. - possibly world news as well. although this would endanger the list of becoming discussions about normal politics, which should be avoided at all costs, unless its somehow to do with electronics, telecoms, computer security, national infrastructure in relation to cyber / technology security, or wire tapping that affects hardware of products (products with possible backdoors in the circuitry by rogue regimes? china? other? the dangers of outsourcing military software to other countries? china? other?) or the internet and its users. cyber law, possibly TSA stuff, although im already bored with cyber security folks in america talking about airport security, its rather boring and repetitive, and off-topic. security theater is also a boring topic, that bruce schneier constantly mumbles about on his blog. cyber politica would allow any noise, mass debates, flames, anything... and no one would be accused of wrong doings like on the current full-disclosure format. The list of stuff above just give you an outline of stuff that could be post on it, but its really upto anyone what they post, they can post anything non-technical, and it doesn't need to be strictly about cyber politics. I'm asking John Cartwright to be responsible for the infrastructure and maintenance and that it keeps with the 'lists.grok.org.uk' domain. I hope it would be kept underground and be non-profit and never be sponsored by a company like secunia like the
Re: [Full-disclosure] The new 'cyber politica' mailing list thats planned for the non-technical elite
On Sun, Sep 21, 2008 at 7:20 PM, anonymous pimp [EMAIL PROTECTED] wrote: Don't you already have your own mailing list? Go there. It has to be a mailing list run by someone who is neutral to everything thats going on, you can't have an official central list for the internet for non-technical cyber politics be called 'n3td3v - google groups' because its biased towards one particular person etc. The same reason that Funsec doesn't work either, because its biased towards gadi, his agenda, friends, the professional scene etc. It would need to be a mailing list setup by John Cartwright who doesn't favour any particular person, a certain professional peer group or view, etc etc. Its got to be a non-technical cyber politics mailing list thats unmoderated, neutral, central, and unbiased in its management. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The new 'cyber politica' mailing list thats planned for the non-technical elite
n3td3v wrote: On Sun, Sep 21, 2008 at 7:20 PM, anonymous pimp [EMAIL PROTECTED] wrote: Don't you already have your own mailing list? Go there. Being bored I browsed my Junk folder before I trashed it and I found this gem of coherent thinking. It has to be a mailing list run by someone who is neutral to everything thats going on, you can't have an official central list for the internet for non-technical cyber politics be called 'n3td3v - google groups' because its biased towards one particular person etc. You could just set up a mailing list that didn't include your handle. It's not required that it do you know. Its got to be a non-technical cyber politics mailing list thats unmoderated, neutral, central, and unbiased in its management. Yes, so just set one up and stay away from moderating it. How hard can that be? Also while browsing my Junk before trashing I noticed your objection to being a troll. I have to admit that it is actually possible that you aren't. But the alternative is that you are a complete moron. -- // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
