Re: [Full-disclosure] pause for reflection
Salut, Gadi Evron, On Sun, 5 Oct 2008 03:32:03 -0500 (CDT), Gadi Evron wrote: I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe. Poor Germans who are not allowed to have dual citizenship. ;-) Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33Güterstrasse 86 Fax:+41 61 383 14 674053 Basel Web:www.sygroup.ch [EMAIL PROTECTED] signature.asc Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
The us government can't ever get their act together. It's just a waste of time On Mon, Oct 6, 2008 at 1:09 PM, Buhrmaster, Gary [EMAIL PROTECTED]wrote: Which is easier to shut down, an attack coming from a relatively small number of /16s that belong to the government, or one coming from the same number of source nodes scattered *all* over Comcast and Verizon and BT and a few other major providers? Hint 1: Consider the number of entry points into your network for the two cases, especially if you are heavily peered with one or more of the source ISPs. The Federal Government (through its Trusted Internet Connection initiative) is trying to limit the number of entry points into the US Government networks. (As I recall from 4000 interconnects to around 50, where both numbers have a high percentage of politics in the error bar.) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelersdigest.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1647-1] New php5 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1647-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst October 07, 2008 http://www.debian.org/security/faq - Package: php5 Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-3658 CVE-2008-3659 CVE-2008-3660 Debian Bug : 499987 499988 499989 Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3658 Buffer overflow in the imageloadfont function allows a denial of service or code execution through a crafted font file. CVE-2008-3659 Buffer overflow in the memnstr function allows a denial of service or code execution via a crafted delimiter parameter to the explode function. CVE-2008-3660 Denial of service is possible in the FastCGI module by a remote attacker by making a request with multiple dots before the extension. For the stable distribution (etch), these problems have been fixed in version 5.2.0-8+etch13. For the testing (lenny) and unstable distribution (sid), these problems have been fixed in version 5.2.6-4. We recommend that you upgrade your php5 package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz Size/MD5 checksum: 8583491 52d7e8b3d8d7573e75c97340f131f988 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch13.diff.gz Size/MD5 checksum: 121493 10f6d3ac9ecccb7373f40c0d99cdf43f http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch13.dsc Size/MD5 checksum: 1978 8ba966963b8c4b37ea56d0cef80e7039 Architecture independent packages: http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch13_all.deb Size/MD5 checksum: 312520 0073d8cd1e953316e18a1ebdf4131c13 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch13_all.deb Size/MD5 checksum: 1048 f2233a4fe8d7bf941738e152a9f59871 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_alpha.deb Size/MD5 checksum: 345128 360a909a1ed151fe93001b20370b6d14 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:17532 5c43d788e0b376b0b181712705cc1980 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:70890 e91ef57210ab7b565a759673a5ed168f http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:40284 f11151b96165ed8d0b4571fe3c25a828 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_alpha.deb Size/MD5 checksum: 4935658 3dfdde53682c0c171389703a97f16df1 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:13372 8b26e1d5862a981b2430aecbf72c492f http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:36644 dbefd7ed6397e05df2c23e47e392b2e8 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:11830 a2ed568bfeb2f15e2c8c50c81d877dc3 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:19588 074a2dce0c9f56e0edff3c67b4cebb08 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_alpha.deb Size/MD5 checksum:13462 2c1379aca13ce35e7a17bfda0c5d2392 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_alpha.deb Size/MD5 checksum: 220834 050fdd8f50774574a33a4ff6876c9eb8 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_alpha.deb Size/MD5 checksum: 5302 539d47ca751209e5d0e691b2dc99c7cb http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_alpha.deb Size/MD5 checksum: 9042 39ac2aa15828135c873e50b5793e5648 http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_alpha.deb
[Full-disclosure] Comments on: D-Day for RFID-based transit card systems
by Elinor Mills October 6, 2008 5:35 PM PDT Want to ride the subway for free without having to jump the turnstiles? Well, as of Monday, you'll be able to do that by making a fake transit card. http://news.cnet.com/8301-1009_3-10059605-83.html by n3td3v October 6, 2008 6:44 PM PDT Can Cnet News please do a Youtube video showing one of their journalists getting a free ride, to prove it works? by elinormills October 6, 2008 7:41 PM PDT Great idea! We'll try to do that. Elinor http://news.cnet.com/8601-1009_3-10059605.html?communityId=2114targetCommunityId=2114blogId=83tag=mncol;tback#5014907 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
On Tue, Oct 7, 2008 at 1:21 PM, Anders Klixbull [EMAIL PROTECTED] wrote: You're obviously retarded Seconded. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of imipak Sent: 7. oktober 2008 10:46 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] pause for reflection Keep your talentless tripe to yourself I liked it. Some of the metaphysical imagery was particularly effective... =i -- make way for history flickering like a long-lost memory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
On Tue, 7 Oct 2008, Tonnerre Lombard wrote: Salut, Gadi Evron, On Sun, 5 Oct 2008 03:32:03 -0500 (CDT), Gadi Evron wrote: I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe. Poor Germans who are not allowed to have dual citizenship. ;-) :) Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33 G?terstrasse 86 Fax:+41 61 383 14 67 4053 Basel Web:www.sygroup.ch[EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
You're obviously retarded -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of imipak Sent: 7. oktober 2008 10:46 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] pause for reflection Keep your talentless tripe to yourself I liked it. Some of the metaphysical imagery was particularly effective... =i -- make way for history flickering like a long-lost memory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Nameless but interesting podcast
Hi fellows! Found an interesting podcast, which is quite new: %% Adam Shostack, a well-respected voice on privacy and security issues, joins Dennis Fisher in this episode of the Nameless Security Podcast to discuss the data breach epidemic, the untimely demise of Zero Knowledge Systems and his new book, “The New School of Information Security.” %% http://securitywireweekly.blogs.techtarget.com/2008/10/03/adam-shostack-on-privacy-data-breaches-and-“the-new-school-of-information-security”/ Found this accidently ;) Have fun, wishi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Comments on: D-Day for RFID-based transit card systems
On Tue, 07 Oct 2008 14:00:01 BST, n3td3v said: Can Cnet News please do a Youtube video showing one of their journalists getting a free ride, to prove it works? You aren't seriously suggesting that CNet actually create video evidence of one of their employees breaking the law, are you? pgp6hHVuCQKwb.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Report: PC Tools Spyware Doctor v6.0 flaw
Report: PC Tools Spyware Doctor v6.0 flaw Set 7, 2008 -- Affected Vendors: PC Tools -- Affected Products: Spyware Doctor v6.0 -- Download at: http://www.pctools.com/mirror/sdasetup.exe http://rapidshare.com/files/151742881/bd.rar.html http://rapidshare.com/files/151742881/bd.rar.html?killcode=192850860729954980 Password: forspywaredoctortest -- Vulnerability Details: A flaw exists in PC Tools Spyware Doctor while deleting a particular Backdoor. The mechanism used to clean an infected machine will crash the machine. (Blue Screen of Death might appear) -- Step by Step 1) Instaled Windows XP. 2) Created the trojan (with ejection in IE) with the client. 3) Executed the trojan. 6) Instaled PC Tools Firewall Plus 4.0 and made a reboot. 4) Instaled Spyware Doctor 6.0 5) Run the Smart Update and downloaded 26 signature database files (35MB) 6) Spyware Doctor automaticaly runs a scan and finds Backdoor.Beastdoor. 8) Tried to remove the backdoor. The system crashed and made a reboot. 9) Tried to remove the backdoor several times and the result was the same, a system crash. 10) Entered in safe boot, made a scan and i was able to delete it. -- Dificulty Level: High, it only happen as far as i know we one Backdoor. -- Disclosure Timeline: 2008-07-29 - Published 2008-09-07 - Disclosed -- About: Fabio Pinheiro at http://dicas3000.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
Keep your talentless tripe to yourself -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: 6. oktober 2008 23:58 To: rholgstad Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] pause for reflection On Mon, 6 Oct 2008, rholgstad wrote: you are more delusional than n3td3v and Dan combined Dear anonymous flamer, While looking back now that a few days have passed and feeling that I should puke at all this ars poetica of mine, the feeling as well as thought behind the words, are still genuine, and I am happy I wrote them. Thank you for your time, Gadi. Gadi Evron wrote: I started answering an email an hour ago, and it was important enough to spend time on. It also ended up being too long, so I dumped it in a blog post if you prfer reading in a web browser. http://gadievron.blogspot.com/2008/10/time-for-self-reflection.html Time for self reflection In case you don't read any of what I have to say below, read this: I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe. Atrivo (also known as Intercage), is a network known to host criminal activity for many years, is no more. Not being sarcastic for once, this is time for some self reflection. I wish I was one of those who sleep soundly tonight. Being clear in my conviction that Atrivo should be out of business, and being positive my decision to help that happen was sound--While I would do it again, I am sad. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
Keep your talentless tripe to yourself I liked it. Some of the metaphysical imagery was particularly effective... =i -- make way for history flickering like a long-lost memory ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Comments on: D-Day for RFID-based transit card systems
On Tue, Oct 7, 2008 at 3:40 PM, [EMAIL PROTECTED] wrote: On Tue, 07 Oct 2008 14:00:01 BST, n3td3v said: Can Cnet News please do a Youtube video showing one of their journalists getting a free ride, to prove it works? You aren't seriously suggesting that CNet actually create video evidence of one of their employees breaking the law, are you? If shes the media it would be a controlled experiment for the sake of the CNet News readers, no law would be broken, because she would get permission first from the subway operator. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [OPENX-SA-2008-002] OpenX 2.4.9 and 2.6.2 fix SQL injection vulnerability
OpenX security advisoryOPENX-SA-2008-002 Advisory ID: OPENX-SA-2008-002 Date: 2008-Oct-06 Security risk: Moderately critical Applications affetced: OpenX Versions affected: = 2.4.8, = 2.6.1 Versions not affected: = 2.4.9, = 2.6.2 Vulnerability: Blind SQL injection in ac.php Description --- A blind SQL injection vulnerability has recently been found by d00m3r4ng. The vulnerability affects the OpenX delivery engine, which does not require any kind of authentication. Input passed to the bannerid parameter in www/delivery/ac.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Solution - Upgrade to OpenX 2.4.9 or 2.6.2 References -- - http://www.milw0rm.com/exploits/6655 - http://secunia.com/advisories/32114/ Timeline 2008-Oct-02: the vulnerability was posted to the aforementioned security related website 2008-Oct-03: an OpenX user reported the link to our forums 2008-Oct-03: a quick patch for 2.6.x was released to mitigate the impact of exploits using the disclosed information 2008-Oct-04: a quick patch for 2.4.x was released to mitigate the impact of exploits using the disclosed information 2008-Oct-06: OpenX 2.6.2 was released 2008-Oct-07: OpenX 2.4.9 was released Contact informations The security contact for OpenX can be reached at: security AT openx DOT org -- Matteo Beccati OpenX - http://www.openx.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Comments on: D-Day for RFID-based transit card systems
That must go great. I wonder what they will do and how screwed they feel after they bought a system that sucks On Tue, Oct 7, 2008 at 9:03 AM, n3td3v [EMAIL PROTECTED] wrote: On Tue, Oct 7, 2008 at 3:40 PM, [EMAIL PROTECTED] wrote: On Tue, 07 Oct 2008 14:00:01 BST, n3td3v said: Can Cnet News please do a Youtube video showing one of their journalists getting a free ride, to prove it works? You aren't seriously suggesting that CNet actually create video evidence of one of their employees breaking the law, are you? If shes the media it would be a controlled experiment for the sake of the CNet News readers, no law would be broken, because she would get permission first from the subway operator. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] What Lexical Analysis Became in The Web-Slave New World
What Lexical Analysis Became in The Web-Slave New World The point here is XSS, but rather than talking about the Internet weaknesses it exposes, this text goes against the poor algorithms being used to detect and/or avoid it. Hazardous XSS. Hazardous low-quality-XSS-filtering. These are critical times for Internet users, undoubtedly. We face negligence‑oriented services at each new click. It's a contradiction seeing so many efforts (RFCs) being made and concomitantly, the only user-friendly (oh yeah, that expression) place offered by the industry to regular end users, remaining the same application layer, the top of the iceberg. But regular end users don't know that. Paraphrasing Josh Homme, they just go with the flow, victimized by a doctrine that makes them believe those practices and technologies are the only ones available, this way forming the new industry‑led slave mass. And it becomes a severer issue by the moment one realizes this commercially called Web 2.0 and its risks disclose, more than vulnerabilities, web apps programming laziness, also known as XP or Agile methodology. Hail, Kent Beck! One way or another, a jungle presents itself to users, into the highest layer and preoccupations rise faster as indolent techniques are applied to XSS‑filtering. So, let's discuss it. You know Google? Well, check this out, there's this Google corporation stating that their BETA releases represent a new web-based BETA concept. As if their web apps weren't client-server software. Two of their free BETA services, Google Calendar and Orkut, are going to be discussed here along with an eager-to-follow-bad-examples Brazilian company, Locaweb, and its paid web-based e-mail service, Locamail. The worst case to be analyzed implies using the combination without quotation marks, to delimit some information. The referred services' handling for those characters can cause users' data to be lost. Readers will be able to test it, easily, at least on Google's services. In opposition to the once vulnerable Google Documents, which was used to accept html tags, Google Calendar, Orkut and Locamail simply discard anything which might resemble a tag. Their input analysis is like: Oh, did you see that less-than character and that other greater-than, ten lines below? Trim'em. Oh, wait! I just had a better idea. Delete them and all the content they enclose as well. I'm one helluva genius! What is worst? A cross-site scripting attack or an Extreme Programming team deploying such simple anti‑XSS mechanisms? Why spending time writing cautious lexical analysis algorithms? Why struggle seeking and/or trying to forecast specific hazardous strings? Is it laziness? Perhaps Google doesn't have processing grid guts for such: http://blog.managednetworks.co.uk/it-support/googles-20-petabytes/ Not yet. At least for Google, it seems like some sort of indolence-guided programming technique, indeed. Specifically on Google Calendar, now. It has two basic views. A broad view of one's schedule and an event‑specific view. The latter is where one goes for inputting, say, a meeting's prior points to be discussed. Let's start with its lighter problems. Incoherent functions/methods. When one's in there, scheduling something means creating an Event. By the time one creates an Event, he's given the option to name that Event, like a reminder which will appear in the broader view. If that event's name finishes with a semicolon, this character's simply trimmed. Hey! That's bad for a start, isn't that? The incoherency comes with the algorithm which edits an already created Event. PoC-1: creating an Event and editing the What field When creating an Event, if one writes something to the What: field and finishes his writing with a semicolon, this last character will disappear by the time the Create Event button is activated. Example: know your enemy; becomes know your enemy then, the event is already created, the semicolon is lost and if one corrects (edits) it, adding the disappeared semicolon again in the What field, and saves it: know your enemy; there you go, incoherent XP; this time the semicolon remains intact. Well, let's go for it. The worst case. PoC-2: less-than and greater-than delimiting information Though, let's continue playing in this very same situation. Suppose one encloses his Event's name between less‑than and greater‑than characters: know your enemy; This time, clicking the Save button is going to send them all to hell. All is lost. In the event-specific view, there's this Description field for one to put associated details. It's really nice to emphasize Google Calendar's behavior when a user saves that sort of content in the specific view. By the time he clicks the Save button, the web app automatically switches for the broad view, stating that the user's stuff was saved: Your event was updated. Everything looks pretty fine. Bad Google! That is so nasty because as matter of fact, sometimes stuff gets lost
Re: [Full-disclosure] pause for reflection
On Mon, Oct 6, 2008 at 7:37 PM, rholgstad [EMAIL PROTECTED] wrote: you are more delusional than n3td3v and Dan combined I've found something to stop me and gadi sending shit emails to F-D... http://gmailblog.blogspot.com/2008/10/new-in-labs-stop-sending-mail-you-later.html?foo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0)
On Mon, 6 Oct 2008, [EMAIL PROTECTED] wrote: Hint 2: If botnets in home computers were so easy to shut down, why are there so many miscreants still using them for nefarious purposes? Easy. For the same reason that the NSA used to have (circa 1985) big, 3-ring binders full of 0-days for VMS, PR1MOS, AOS, NOS/BE, VM/CMS and System III: The NSA and CIA and GCHQ (a.k.a. ECHELON) use them to get in to places they wouldn't ordinarily get, or for other purposes, like that bank robber used Craigslist to recruit involuntary henchmen. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
On Monday 06 October 2008 23:21:22 Anders Klixbull wrote: You're obviously retarded Hey everybody! A proper use of you're! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of imipak Sent: 7. oktober 2008 10:46 To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] pause for reflection Keep your talentless tripe to yourself I liked it. Some of the metaphysical imagery was particularly effective... -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0)
What? I think I missed something here. On Tue, Oct 7, 2008 at 1:53 PM, Bruce Ediger [EMAIL PROTECTED] wrote: On Mon, 6 Oct 2008, [EMAIL PROTECTED] wrote: Hint 2: If botnets in home computers were so easy to shut down, why are there so many miscreants still using them for nefarious purposes? Easy. For the same reason that the NSA used to have (circa 1985) big, 3-ring binders full of 0-days for VMS, PR1MOS, AOS, NOS/BE, VM/CMS and System III: The NSA and CIA and GCHQ (a.k.a. ECHELON) use them to get in to places they wouldn't ordinarily get, or for other purposes, like that bank robber used Craigslist to recruit involuntary henchmen. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ GLSA 200810-01 ] WordNet: Execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WordNet: Execution of arbitrary code Date: October 07, 2008 Bugs: #211491 ID: 200810-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Background == WordNet is a large lexical database of English. Affected packages = --- Package/ Vulnerable /Unaffected --- 1 app-dicts/wordnet 3.0-r2 = 3.0-r2 Description === Jukka Ruohonen initially reported a boundary error within the searchwn() function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: * Jukka Ruohonen and Rob Holland (oCERT) reported multiple boundary errors within the searchwn() function in src/wn.c, the wngrep() function in lib/search.c, the morphstr() and morphword() functions in lib/morph.c, and the getindex() in lib/search.c, which lead to stack-based buffer overflows. * Rob Holland (oCERT) reported two boundary errors within the do_init() function in lib/morph.c, which lead to stack-based buffer overflows via specially crafted WNSEARCHDIR or WNHOME environment variables. * Rob Holland (oCERT) reported multiple boundary errors in the bin_search() and bin_search_key() functions in binsrch.c, which lead to stack-based buffer overflows via specially crafted data files. * Rob Holland (oCERT) reported a boundary error within the parse_index() function in lib/search.c, which leads to a heap-based buffer overflow via specially crafted data files. Impact == * In case the application is accessible e.g. via a web server, a remote attacker could pass overly long strings as arguments to the wm binary, possibly leading to the execution of arbitrary code. * A local attacker could exploit the second vulnerability via specially crafted WNSEARCHDIR or WNHOME environment variables, possibly leading to the execution of arbitrary code with escalated privileges. * A local attacker could exploit the third and fourth vulnerability by making the application use specially crafted data files, possibly leading to the execution of arbitrary code. Workaround == There is no known workaround at this time. Resolution == All WordNet users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =app-dicts/wordnet-3.0-r2 References == [ 1 ] CVE-2008-2149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2149 [ 2 ] CVE-2008-3908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3908 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200810-01.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous
On Wed, Oct 1, 2008 at 4:59 PM, Trevow Andrews [EMAIL PROTECTED] wrote: I'm sorry, I just saw his talk at NS2008 on Embedded Device Security and it is wholely outdated. I can't believe people listen to this man talk. He's been going on this embedded device security thing for years now and it's all years old. His book on hacking WRT54G, which was at SANS, had nothing about the new OpenWRT Kamikaze release, but was instead about the old White Russian release. Way to stay with the times buddy. Me and a few students noticed many of the tutorials were directly copied from tutorials on the internet. This speaks really bad for Sans. I'm here because my employer in the financial industry sent me, and it's been nothing but shit. I tried listening to the PaulDotCom podcast and it's riddled with inaccuracies and passive agressive fights bewteen Larry and Paul over which name is on the show title. Pauldotcom... have an ego much Paul? I wouldn't hire Paul Asadoorian or Pauldotcom Enterprises to pen test an Apple 2, he wouldn't be able to because there are no Core Security wizards to test against an Apple 2. His technical ability is that of a freshman at a technical college. He repeatedly makes mistakes and clearly doesn't know much about advanced security techniques outside of mass GUI pen testing suites. I think even having a podcast knocks anyone down a few points, but having a podcast and failing at the subject matter is just gross negligence. No real research has even come out of Paul and Larry, no real anything has ever come out of Paul and Larry except for advertisments and bumps. Larry Pesce is obviously the brains behind Pauldotcom. He is the only person who has actually made original things and done original research. Larry if you read this, go off on your own, Paul is dragging you down. I hope Sans reconsiders Paul's talks in the future, they are overly boring and out of date. The last pauldotcom podcast I listen to was this was one, http://pauldotcom.com/2008/06/pauldotcom-security-weekly-epi-152.html perhaps the most retarded podcast i've ever heard. I'm not going to listen to pauldotcom anymore, and i've already stopped reading the SANS internet storm center diary, and their podcast. I don't want to read/listen to anything by people who threaten people with violence on mailing lists or on irc channels. They just lost my respect and probably a lot of other peoples. You're not alone in what you say, I was on the mailing list talking about them long before you were. They are scaring away the people they should be attracting, YOUNG people, the next generation. In short, Joel Esler and PaulDotCom are arseholes and between them they are ruining what SANS used to be, respected. They should get rid of Joel Esler and PaulDotCom and the other arseholes, that would make a start to SANS getting credibilty back and maybe a little respect. All the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0)
On Tue, 7 Oct 2008, Miller Grey wrote: What? I think I missed something here. On Tue, Oct 7, 2008 at 1:53 PM, Bruce Ediger [EMAIL PROTECTED] wrote: On Mon, 6 Oct 2008, [EMAIL PROTECTED] wrote: Hint 2: If botnets in home computers were so easy to shut down, why are there so many miscreants still using them for nefarious purposes? I'll try again, more verbosely. Let's suppose that botnets are indeed very easy to shut down. That was Mr Kletnieks' premise. Yet we have a reality where many, huge botnets exist and get used for nefarious purposes by RBN, the Rock Phish Gang, etc etc. That was Mr Kletnieks' conclusion. Why hasn't some country's law enforcement or military shut down all these botnets? If it's easy enough, why hasn't some semi-rogue MAE engineer done it? Why hasn't Symantec done it, or Gadi Evron? Because the military/law enforcement/intelligence agencies don't want them shut down. Those same military/law enforcement/intelligence agencies use them for their own purposes, alongside RBN and Rock Phish and the CyberMungiki and the 419ers from Lagos. It's a lot like having the CIA getting the DEA to turn a blind eye to cocaine smuggling into the USA in the early 80s. Or the USA and the USSR allowing miliray attaches' into diplomatic staffs in each others country. Of course, I jest. Botnets are insanely hard, nearly impossible to shut down. And the NSA and FSB don't use them for their own inscrutable purposes. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Paul Asadoorian of PaulDotCom Enterprises / Podcast is ridiculous
On Tue, Oct 7, 2008 at 10:02 PM, mark seiden [EMAIL PROTECTED] wrote: On Oct 7, 2008, at 11:48 AM, n3td3v wrote: I don't want to read/listen to anything by people who threaten people with violence on mailing lists or on irc channels. if only you stopped talking to them also on mailing lists that would be a major contribution to world peace. mark, bring me the name of the person who threatened me, i know you have contacts in the intelligence community who have access to that information. all the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] n3td3v group members important notice
Those of you who are members of the n3td3v group take heed of this notice: -- You cannot view the group's content or participate in the group because you are not currently a member. Anyone can join. Description: a discussion group for security researchers and ethical hackers. You must be signed in and a member of this group to view its content. -- Because of this notice, you may experience your RSS / Atom feed no longer updates, unless you are authenticated with Google. The reason for this step to reclose the group is because of the following: n3td3v has reason to believe there is a new enemy forming, a threat has been made against n3td3v and there is a new enemy. A security conference has been held according to the threat where n3td3v was discussed. n3td3v has taken this intelligence very seriously, and is coordinating efforts to find out who made the threat towards n3td3v. In order to get a bigger picture of those reading the n3td3v group, the Google group has been shuttered for non-subscribed members. This allows me to gather a better intelligence picture and numbers of folks interested in n3td3v. They and you may use a random email address to gain access to the group, although it doesn't matter to n3td3v if you use a random email user, as information can still be gathered. I'm sorry to those reading the archive on the web and those who were reading the group via RSS / Atom news readers, but in light of recent events, n3td3v is in lockdown and will not be reopening to non-registered users for the foreseeable future until I'm sure the threat has passed by. Thank you for reading this message, good day. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v group members important notice
On Tue, Oct 7, 2008 at 8:24 PM, n3td3v [EMAIL PROTECTED] wrote: I'm sorry to those reading the archive on the web and those who were reading the group via RSS / Atom news readers, but in light of recent events, n3td3v is in lockdown and will not be reopening to non-registered users for the foreseeable future until I'm sure the threat has passed by. Target the lead vessel, Mr. Worf ... full spread ... FIRE! ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] pause for reflection
n3td3v wrote: I've found something to stop me and gadi sending shit emails to F-D... http://gmailblog.blogspot.com/2008/10/new-in-labs-stop-sending-mail-you-later.html?foo So, for the greater good you've enabled it 24x7, yes? Now all we have to do is get Google to make the list of problems about 97 long when Goggles runs under your account... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
