[Full-disclosure] [PLSA 2008-64] Dovecot: Multiple Vulnerabilities

2008-11-06 Thread Pınar Yanardağ 
Pardus Linux Security Advisory 2008-64[EMAIL PROTECTED]

  Date: 2008-11-07
  Severity: 2
  Type: Remote


Summary
===

The invalid message address parsing bug is pretty  important  since  it 
allows a remote user to  send  broken  mail  headers  and  prevent  the 
recipient from accessing the mailbox afterwards,  because  the  process 
will always just crash trying to parse the header. 


Description
===

This is assuming that the IMAP client uses FETCH ENVELOPE command,  not 
all do. 


Affected packages:

  Pardus 2008:
dovecot, all before 1.1.6-18-3


Resolution
==

There are update(s) for dovecot. You can update them via Package Manager
or with a single command from console: 

pisi up dovecot

References
==

  * http://bugs.pardus.org.tr/show_bug.cgi?id=8572



-- 
Pardus Security Team
http://security.pardus.org.tr


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [PLSA 2008-66] Blender: Arbitrary Code Execution

2008-11-06 Thread Pınar Yanardağ 

Pardus Linux Security Advisory 2008-66[EMAIL PROTECTED]

  Date: 2008-11-07
  Severity: 2
  Type: Local


Summary
===

Untrusted search path vulnerability in BPY_interface  in  Blender  2.46 
allows local users to execute arbitrary code via a Trojan horse  Python 
file in the current working directory, related to an erroneous  setting 
of sys.path by the PySys_SetArgv function. 


Description
===

This  vulnerability provides  administrator  access,  Allows  complete  
confidentiality,   integrity, and   availability   violation;   Allows  
unauthorized disclosure of information; Allows disruption of service. 


Affected packages:

  Pardus 2008:
blender, all before 2.47-14-3


Resolution
==

There are update(s) for blender. You can update them via Package Manager
or with a single command from console: 

pisi up blender

References
==

  * http://bugs.pardus.org.tr/show_bug.cgi?id=8579
  * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
  * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4863



-- 
Pardus Security Team
http://security.pardus.org.tr


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] PLSA 2008-63] imlib2: Multiple Vulnerabilities

2008-11-06 Thread Pınar Yanardağ 

Pardus Linux Security Advisory 2008-63[EMAIL PROTECTED]

  Date: 2008-11-07
  Severity: 3
  Type: Remote


Summary
===

Some vulnerabilities with unknown impact have been reported in imlib2. 


Description
===

The vulnerabilities are caused due to unspecified  errors.  No  further 
information is currently available. 



Affected packages:

  Pardus 2008:
imlib2, all before 1.4.2-10-3


Resolution
==

There are update(s) for imlib2. You can update them via Package Manager 
or with a single command from console: 

pisi up imlib2

References
==

  * http://bugs.pardus.org.tr/show_bug.cgi?id=8570
  * http://sourceforge.net/project/showfiles.php?group_id=2
  * http://secunia.com/advisories/32354/



-- 
Pardus Security Team
http://security.pardus.org.tr


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [PLSA 2008-67] libcdaudio: Buffer Overflow

2008-11-06 Thread Pınar Yanardağ 

Pardus Linux Security Advisory 2008-67[EMAIL PROTECTED]

  Date: 2008-11-07
  Severity: 2
  Type: Remote


Summary
===

A remotely exploitable heap-based buffer overflow detected in libcaudio. 


Description
===

Please update your system. 


Affected packages:

  Pardus 2008:
libcdaudio, all before 0.99.12-2-2


Resolution
==

There are update(s) for libcdaudio. You can  update  them  via  Package 
Manager or with a single command from console: 

pisi up libcdaudio

References
==

  * http://bugs.pardus.org.tr/show_bug.cgi?id=8587
  * http://www.openwall.com/lists/oss-security/2008/11/05/1



-- 
Pardus Security Team
http://security.pardus.org.tr


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Col 
2008/11/6 n3td3v <[EMAIL PROTECTED]>:

> i'm not sure this is a good idea as it gives a heads up to hackers.
> you may think its not long but its actually 5 days for a hacker to
> figure out potentially a vulnerability in said area. maybe we should
> have a discussion about the pros and cons of these microsoft heads up
> and what the reality of it is for the bad guys to be able to pin point
> and start exploiting a flaw in said area in a 5 day time frame. yours
> n3td3v.

I don't think any hacker is going to bother spending 5 days looking
for a needle in a haystack when he can reverse engineer specific files
once the patch is released. I know very little of looking for pointers
in DLLs but from what I've seen it looks like a bit of a nightmare.
The best way is to "diff" two files - the un-patched and the patched
then you see where the changes are.

Of course if you had thought about it or done *any* research before
you posted you would already have made that point.

I am not a white/grey/black/pink hat I'm just an NT Admin type person
who monitors this list for Full Disclosure of bugs in software.
Instead I have trawl through your incessant ramblings on most days.
Yes I have filters set up in Gmail of course, but I still have to deal
with the replies, which before you go on about it are justifiably
offensive because you've polluted this list for years with your crap -
most have had enough of it.

Now please go and get a job in something completely different so you
can sleep through the night like the rest of us.

Regards,

Colin.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Elazar Broad 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

What scene...

On Thu, 06 Nov 2008 20:06:47 -0500 n3td3v <[EMAIL PROTECTED]>
wrote:
>i've been monitoring the scene since 1999 so what do you mean no
>experience? i make that about 10 years experience if my math is
>correct.
>
>On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]>
>wrote:
>> Do you even understand why people dont like you? It is because
>you have all
>> these crackpot ideas but no experience to back it up. All your
>ideas only
>> make sense from a theoretical standpoint, but in practicality
>most will
>> fail.
>>
>> On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]>
>wrote:
>>>
>>> blackhats like you will always hate on me, so i just ignore the
>>> negative responses i get.
>>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkkT4VIACgkQi04xwClgpZjqkQP/TCHzaFO3ngEhyXoJPlowTfzidJzg
KyzTUAiLg4AKvqxXg+TSHiIkSDQWqCmzDr0qQ5OqywMgXmbWFNZzAdZuQtf5kW4KDBLx
eclRU3VoqfSCcEMb6puLNQdnHudcVxxZk1dQQdBLlfddHRuX6sGllNkVVvtiaYPnK1U1
QxmDKXU=
=bW8c
-END PGP SIGNATURE-

--
Click here to find old friends, lovers or family.
http://tagline.hushmail.com/fc/Ioyw6h4fH5T0ZWneBo4QKHZMbrYp7sz9W8sLWHvULRkY7oBbDmctTq/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread vulcanius 
Probably because there's noone on his mailing list despite his claim of 5000
subscribers. Seriously n3td3v, I'd love to hear you answer as to why you
continue to troll the FD list with blatant nonsense while you have this
amazing list of 5000 some odd subscribers who all want to hear what you have
to say.

On Thu, Nov 6, 2008 at 7:40 PM, Anders B Jansson <[EMAIL PROTECTED]> wrote:

> n3td3v wrote:
> > blackhats like you will always hate on me, so i just ignore the
> > negative responses i get.
>
> Whitehats hate you equally because you just create spam and don't post
> anything of actual value.
>
> You have your mailing list.
> Why can't you just stay there until you have anything of value to disclose?
> --
> // hdw
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
haha, you agree with n3td3v on something! you're making a start at
least young padawan. keep up the good work.

On Fri, Nov 7, 2008 at 5:09 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> I could care less about metasploit, all it does is help the kiddies.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Biz Marqee 
Nobody on the list wants YOU so I don't see how you can justify what people
want to see as your argument for not retaliating.

Ill fuck you 'til you love me, faggot.


On Fri, Nov 7, 2008 at 4:31 PM, n3td3v <[EMAIL PROTECTED]> wrote:

> why should i respond to your off-topic personal jabs? all it would do
> is start a flame war and im not into that. im performing self control
> and restraint by not responding to your personal jabs, nobody on the
> list wants a flame war based on personal jabs, so im not going to feed
> it. im reading everything you say, im not ignoring it. if you choose
> to be against me and not with me is your choice that you make, there
> is nothing else for me to add on the topic.
>
> On Fri, Nov 7, 2008 at 5:09 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> >
> > I could care less about metasploit, all it does is help the kiddies.. but
> > that doesnt mean it should be illegal. Software is knowledge and
> knowledge
> > should be free, but that is not the issue here. The issue is that you are
> a
> > bullshitting drug abuser who's child like demeanor wont allow him to even
> > acknowledge bad things written about him. You are performing the internet
> > equivalent of sticking your fingers in your ears and yelling "nana i cant
> > hear you" in an attempt to make the situation go away.
> >
> > So you unknowledgable, untalented, unemployed junkie.. do you have
> anything
> > relevant to what I asked to contribute or are you going to just ignore it
> > like the pussy that you are?
> >
> > Also, dont try and portray yourself like a free thinking martyr... your
> > opinions are just rehashed idea sparked off cnet news comments and
> various
> > other sources of "security information". Anyone who knows even the
> slightest
> > thing about information security knows you and your idealist views are a
> > joke.
> >
> >
> > On Fri, Nov 7, 2008 at 3:46 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> >>
> >> you seem like an hd moore/metasploit fan boy pissed off that i don't
> >> respect him or like his metasploit software. n3td3v doesn't respect
> >> people like the sheep do, i think for myself, have opinions about
> >> other white hats that may not be in support of them. get used to it
> >> bozo.
> >>
> >> On Fri, Nov 7, 2008 at 4:34 AM, Biz Marqee <[EMAIL PROTECTED]>
> wrote:
> >> > Acting like the child that he is, n3td3v continues to ignore questions
> >> > posed
> >> > to him. How can he be such an avid debater over the legality of things
> >> > like
> >> > metasploit, 0day auctions and similarly themed bullshit threads when
> he
> >> > completely disregards drug laws? How do you intend to lobby people to
> >> > listen
> >> > to you when you are not a law abiding citizen yourself? You have no
> >> > credibility in the eyes of the law, so don't psuedo threaten people
> >> > trying
> >> > to appear like you have some government backing. You have proven
> beyond
> >> > doubt that you dont, because the government doesnt listen to drug
> taking
> >> > internet heroes, such as yourself.
> >> >
> >> > So enough with the bullshit.. FUCK OFF AND DIE.
> >> >
> >> >
> >> > On Fri, Nov 7, 2008 at 1:02 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> >> >>
> >> >> i'm sorry that you don't agree with my heads up theory, i stand by
> >> >> what i said however. i'm sure microsoft don't read full-disclosure
> >> >> anyway, so you're right i'm not going to change anything. by the way,
> >> >> i've noticed you haven't stopped stalking me yet, im a bit concerned
> >> >> about your health. cheers.
> >> >>
> >> >> On Fri, Nov 7, 2008 at 1:44 AM, Ureleet <[EMAIL PROTECTED]> wrote:
> >> >> > first off, u arent going to get any1 2 change anything. so, lets
> get
> >> >> > that out of the way right there.
> >> >> >
> >> >> > second of all, in order for u 2 prove ur point, id like 4 u to go
> to
> >> >> > some research of how many exploits have come out during the 5 day
> >> >> > period between vague-ass disclosure and patch publish.  then
> compare
> >> >> > and contrast that against how many exploits have come out in the 24
> >> >> > hours following the patch publish after people have had a chance to
> >> >> > do
> >> >> > bindiffs (u know what that means right white-hat?) against the
> >> >> > patches.  then, take all that data, draw some charts and graphs,
> >> >> > write
> >> >> > a whitepaper, and present it somewhere.
> >> >> >
> >> >> > u know what thats called?  research.  real ppl do it.
> >> >> >
> >> >> > u dont.  and that is why, u suck.  ta ta.
> >> >> >
> >> >> > On Thu, Nov 6, 2008 at 8:34 PM, n3td3v <[EMAIL PROTECTED]>
> wrote:
> >> >> >> so you don't think its logical that these 5 day heads up could be
> >> >> >> helping the bad guys out? right. i think the world's biggest
> hackers
> >> >> >> could do a lot of research in 5 days. but then again n3td3v isn't
> >> >> >> logical so i must be wrong. damn those drugs eh? i just asked what
> >> >> >> the
> >> >> >> realistic possibility was for a 5 day turn around from the d

[Full-disclosure] VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues

2008-11-06 Thread VMware Security Team 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
   VMware Security Advisory

Advisory ID:   VMSA-2008-0018
Synopsis:  VMware Hosted products and patches for ESX and ESXi
   resolve two security issues
Issue date:2008-11-06
Updated on:2008-11-06 (initial release of advisory)
CVE numbers:   CVE-2008-4915 CVE-2008-4281
- 

1. Summary

   VMware Hosted products and patches for ESX and ESXi resolve multiple
   security issues. A flaw in the CPU hardware emulation may allow for a
   privilege escalation on virtual machine guest operating systems. In
   addition a directory traversal issue is resolved.

2. Relevant releases

   VMware Workstation 6.0.5 and earlier,
   VMware Workstation 5.5.8 and earlier,
   VMware Player 2.0.5 and earlier,
   VMware Player 1.0.8 and earlier,
   VMware ACE 2.0.5 and earlier,
   VMware ACE 1.0.7 and earlier,
   VMware Server 1.0.7 and earlier.

   VMware ESXi 3.5 without patch ESXe350-200810401-O-UG

   VMware ESX 3.5 without patch ESX350-200810201-UG

   VMware ESX 3.0.3 without patch ESX303-200810501-BG
   VMware ESX 3.0.2 without patch ESX-1006680
   VMware ESX 2.5.5 without upgrade patch 10 or later
   VMware ESX 2.5.4 without upgrade patch 21

   NOTE: Hosted products VMware Workstation 5.x, VMware Player 1.x,
 and VMware ACE 1.x will reach end of general support
 2008-11-09. Customers should plan to upgrade to the latest
 version of their respective products.

 Extended support (Security and Bug fixes) for ESX 3.0.2 ended
 on 2008-10-29 and Extended support for ESX 3.0.2 Update 1
 ends on 2009-08-08.  Users should plan to upgrade to ESX 3.0.3
 and preferably to the newest release available.

3. Problem Description

 a. A privilege escalation on 32-bit and 64-bit guest operating systems

VMware products emulate hardware functions and create the
possibility to run guest operating systems.

A flaw in the CPU hardware emulation might allow the virtual CPU to
incorrectly handle the Trap flag. Exploitation of this flaw might
lead to a privilege escalation on guest operating systems.  An
attacker needs a user account on the guest operating system and
have the ability to run applications.

VMware would like to thank Derek Soeder for discovering
this issue and working with us on its remediation.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4915 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product   Running  Replace with/
ProductVersion   on   Apply Patch
=    ===  =
VirtualCenter  any   Windows  not affected

Workstation6.5.x any  not affected
Workstation6.0.x any  6.5.0 build 118166 or later
Workstation5.x   any  5.5.9 build 126128 or later

Player 2.5.x any  not affected
Player 2.0.x any  2.5.0 build 118166 or later
Player 1.x   any  1.0.9 build 126128 or later

ACE2.5.x Windows  not affected
ACE2.0.x Windows  2.5.0 build 118166 or later
ACE1.x   Windows  1.0.8 build 125922 or later

Server 2.x   any  not affected
Server 1.x   any  1.0.8 build 126538 or later

Fusion 2.x   Mac OS/X not affected
Fusion 1.x   Mac OS/X not affected

ESXi   3.5   ESXi ESXe350-200810401-O-UG

ESX3.5   ESX  ESX350-200810201-UG
ESX3.0.3 ESX  ESX303-200810501-BG
ESX3.0.2 ESX  ESX-1006680
ESX2.5.5 ESX  ESX 2.5.5 upgrade patch 10 or later
ESX2.5.4 ESX  ESX 2.5.4 upgrade patch 21

 b.  Directory traversal vulnerability
 
VirtualCenter allows administrators to have fine-grained privileges.
A directory traversal vulnerability might allow administrators to
increase these privileges. In order to leverage this flaw, the
administrator would need to have the Datastore.FileManagement
privilege.

VMware would like to thank Michel Toussaint for reporting this issue
to us.
 
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4281 to this issue.

The following table lists what action remediates the vulnerability
(column 4) if a solution is available.

VMware Product   Running  Replace with/
ProductVersion   on   Apply Patch
=    ===  =
VirtualCenter  any   W

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
why should i respond to your off-topic personal jabs? all it would do
is start a flame war and im not into that. im performing self control
and restraint by not responding to your personal jabs, nobody on the
list wants a flame war based on personal jabs, so im not going to feed
it. im reading everything you say, im not ignoring it. if you choose
to be against me and not with me is your choice that you make, there
is nothing else for me to add on the topic.

On Fri, Nov 7, 2008 at 5:09 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
>
> I could care less about metasploit, all it does is help the kiddies.. but
> that doesnt mean it should be illegal. Software is knowledge and knowledge
> should be free, but that is not the issue here. The issue is that you are a
> bullshitting drug abuser who's child like demeanor wont allow him to even
> acknowledge bad things written about him. You are performing the internet
> equivalent of sticking your fingers in your ears and yelling "nana i cant
> hear you" in an attempt to make the situation go away.
>
> So you unknowledgable, untalented, unemployed junkie.. do you have anything
> relevant to what I asked to contribute or are you going to just ignore it
> like the pussy that you are?
>
> Also, dont try and portray yourself like a free thinking martyr... your
> opinions are just rehashed idea sparked off cnet news comments and various
> other sources of "security information". Anyone who knows even the slightest
> thing about information security knows you and your idealist views are a
> joke.
>
>
> On Fri, Nov 7, 2008 at 3:46 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>>
>> you seem like an hd moore/metasploit fan boy pissed off that i don't
>> respect him or like his metasploit software. n3td3v doesn't respect
>> people like the sheep do, i think for myself, have opinions about
>> other white hats that may not be in support of them. get used to it
>> bozo.
>>
>> On Fri, Nov 7, 2008 at 4:34 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
>> > Acting like the child that he is, n3td3v continues to ignore questions
>> > posed
>> > to him. How can he be such an avid debater over the legality of things
>> > like
>> > metasploit, 0day auctions and similarly themed bullshit threads when he
>> > completely disregards drug laws? How do you intend to lobby people to
>> > listen
>> > to you when you are not a law abiding citizen yourself? You have no
>> > credibility in the eyes of the law, so don't psuedo threaten people
>> > trying
>> > to appear like you have some government backing. You have proven beyond
>> > doubt that you dont, because the government doesnt listen to drug taking
>> > internet heroes, such as yourself.
>> >
>> > So enough with the bullshit.. FUCK OFF AND DIE.
>> >
>> >
>> > On Fri, Nov 7, 2008 at 1:02 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>> >>
>> >> i'm sorry that you don't agree with my heads up theory, i stand by
>> >> what i said however. i'm sure microsoft don't read full-disclosure
>> >> anyway, so you're right i'm not going to change anything. by the way,
>> >> i've noticed you haven't stopped stalking me yet, im a bit concerned
>> >> about your health. cheers.
>> >>
>> >> On Fri, Nov 7, 2008 at 1:44 AM, Ureleet <[EMAIL PROTECTED]> wrote:
>> >> > first off, u arent going to get any1 2 change anything. so, lets get
>> >> > that out of the way right there.
>> >> >
>> >> > second of all, in order for u 2 prove ur point, id like 4 u to go to
>> >> > some research of how many exploits have come out during the 5 day
>> >> > period between vague-ass disclosure and patch publish.  then compare
>> >> > and contrast that against how many exploits have come out in the 24
>> >> > hours following the patch publish after people have had a chance to
>> >> > do
>> >> > bindiffs (u know what that means right white-hat?) against the
>> >> > patches.  then, take all that data, draw some charts and graphs,
>> >> > write
>> >> > a whitepaper, and present it somewhere.
>> >> >
>> >> > u know what thats called?  research.  real ppl do it.
>> >> >
>> >> > u dont.  and that is why, u suck.  ta ta.
>> >> >
>> >> > On Thu, Nov 6, 2008 at 8:34 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>> >> >> so you don't think its logical that these 5 day heads up could be
>> >> >> helping the bad guys out? right. i think the world's biggest hackers
>> >> >> could do a lot of research in 5 days. but then again n3td3v isn't
>> >> >> logical so i must be wrong. damn those drugs eh? i just asked what
>> >> >> the
>> >> >> realistic possibility was for a 5 day turn around from the day of
>> >> >> the
>> >> >> heads up until a patch is released. i just thought it was bad that
>> >> >> we
>> >> >> were giving the bad guys a 5 day head start, but never mind n3td3v
>> >> >> isn't logical so i must be wrong. scraping the 5 day head start
>> >> >> isn't
>> >> >> a good idea because n3td3v isn't logical? right, i threw away 10
>> >> >> years
>> >> >> of my life to not be logical...
>> >> >>
>> >> >> On Fri, Nov 7, 2008 a

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Biz Marqee 
I could care less about metasploit, all it does is help the kiddies.. but
that doesnt mean it should be illegal. Software is knowledge and knowledge
should be free, but that is not the issue here. The issue is that you are a
bullshitting drug abuser who's child like demeanor wont allow him to even
acknowledge bad things written about him. You are performing the internet
equivalent of sticking your fingers in your ears and yelling "nana i cant
hear you" in an attempt to make the situation go away.

So you unknowledgable, untalented, unemployed junkie.. do you have anything
relevant to what I asked to contribute or are you going to just ignore it
like the pussy that you are?

Also, dont try and portray yourself like a free thinking martyr... your
opinions are just rehashed idea sparked off cnet news comments and various
other sources of "security information". Anyone who knows even the slightest
thing about information security knows you and your idealist views are a
joke.


On Fri, Nov 7, 2008 at 3:46 PM, n3td3v <[EMAIL PROTECTED]> wrote:

> you seem like an hd moore/metasploit fan boy pissed off that i don't
> respect him or like his metasploit software. n3td3v doesn't respect
> people like the sheep do, i think for myself, have opinions about
> other white hats that may not be in support of them. get used to it
> bozo.
>
> On Fri, Nov 7, 2008 at 4:34 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> > Acting like the child that he is, n3td3v continues to ignore questions
> posed
> > to him. How can he be such an avid debater over the legality of things
> like
> > metasploit, 0day auctions and similarly themed bullshit threads when he
> > completely disregards drug laws? How do you intend to lobby people to
> listen
> > to you when you are not a law abiding citizen yourself? You have no
> > credibility in the eyes of the law, so don't psuedo threaten people
> trying
> > to appear like you have some government backing. You have proven beyond
> > doubt that you dont, because the government doesnt listen to drug taking
> > internet heroes, such as yourself.
> >
> > So enough with the bullshit.. FUCK OFF AND DIE.
> >
> >
> > On Fri, Nov 7, 2008 at 1:02 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> >>
> >> i'm sorry that you don't agree with my heads up theory, i stand by
> >> what i said however. i'm sure microsoft don't read full-disclosure
> >> anyway, so you're right i'm not going to change anything. by the way,
> >> i've noticed you haven't stopped stalking me yet, im a bit concerned
> >> about your health. cheers.
> >>
> >> On Fri, Nov 7, 2008 at 1:44 AM, Ureleet <[EMAIL PROTECTED]> wrote:
> >> > first off, u arent going to get any1 2 change anything. so, lets get
> >> > that out of the way right there.
> >> >
> >> > second of all, in order for u 2 prove ur point, id like 4 u to go to
> >> > some research of how many exploits have come out during the 5 day
> >> > period between vague-ass disclosure and patch publish.  then compare
> >> > and contrast that against how many exploits have come out in the 24
> >> > hours following the patch publish after people have had a chance to do
> >> > bindiffs (u know what that means right white-hat?) against the
> >> > patches.  then, take all that data, draw some charts and graphs, write
> >> > a whitepaper, and present it somewhere.
> >> >
> >> > u know what thats called?  research.  real ppl do it.
> >> >
> >> > u dont.  and that is why, u suck.  ta ta.
> >> >
> >> > On Thu, Nov 6, 2008 at 8:34 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> >> >> so you don't think its logical that these 5 day heads up could be
> >> >> helping the bad guys out? right. i think the world's biggest hackers
> >> >> could do a lot of research in 5 days. but then again n3td3v isn't
> >> >> logical so i must be wrong. damn those drugs eh? i just asked what
> the
> >> >> realistic possibility was for a 5 day turn around from the day of the
> >> >> heads up until a patch is released. i just thought it was bad that we
> >> >> were giving the bad guys a 5 day head start, but never mind n3td3v
> >> >> isn't logical so i must be wrong. scraping the 5 day head start isn't
> >> >> a good idea because n3td3v isn't logical? right, i threw away 10
> years
> >> >> of my life to not be logical...
> >> >>
> >> >> On Fri, Nov 7, 2008 at 1:20 AM, waveroad waveroad <
> [EMAIL PROTECTED]>
> >> >> wrote:
> >> >>>
> >> >>> You can be ""monitoring"" the scene since 20 years if you want to,
> >> >>> it's not
> >> >>> for that your point will be valuable.
> >> >>> And actually it is not, also this is about logic.
> >> >>>
> >> >>> See you're wrong again.
> >> >>>
> >> >>> Get the fuck out of here.
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> 2008/11/6, n3td3v <[EMAIL PROTECTED]>:
> >> 
> >>  i've been monitoring the scene since 1999 so what do you mean no
> >>  experience? i make that about 10 years experience if my math is
> >>  correct.
> >> 
> >> 
> >>  On Fri, No

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
you seem like an hd moore/metasploit fan boy pissed off that i don't
respect him or like his metasploit software. n3td3v doesn't respect
people like the sheep do, i think for myself, have opinions about
other white hats that may not be in support of them. get used to it
bozo.

On Fri, Nov 7, 2008 at 4:34 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> Acting like the child that he is, n3td3v continues to ignore questions posed
> to him. How can he be such an avid debater over the legality of things like
> metasploit, 0day auctions and similarly themed bullshit threads when he
> completely disregards drug laws? How do you intend to lobby people to listen
> to you when you are not a law abiding citizen yourself? You have no
> credibility in the eyes of the law, so don't psuedo threaten people trying
> to appear like you have some government backing. You have proven beyond
> doubt that you dont, because the government doesnt listen to drug taking
> internet heroes, such as yourself.
>
> So enough with the bullshit.. FUCK OFF AND DIE.
>
>
> On Fri, Nov 7, 2008 at 1:02 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>>
>> i'm sorry that you don't agree with my heads up theory, i stand by
>> what i said however. i'm sure microsoft don't read full-disclosure
>> anyway, so you're right i'm not going to change anything. by the way,
>> i've noticed you haven't stopped stalking me yet, im a bit concerned
>> about your health. cheers.
>>
>> On Fri, Nov 7, 2008 at 1:44 AM, Ureleet <[EMAIL PROTECTED]> wrote:
>> > first off, u arent going to get any1 2 change anything. so, lets get
>> > that out of the way right there.
>> >
>> > second of all, in order for u 2 prove ur point, id like 4 u to go to
>> > some research of how many exploits have come out during the 5 day
>> > period between vague-ass disclosure and patch publish.  then compare
>> > and contrast that against how many exploits have come out in the 24
>> > hours following the patch publish after people have had a chance to do
>> > bindiffs (u know what that means right white-hat?) against the
>> > patches.  then, take all that data, draw some charts and graphs, write
>> > a whitepaper, and present it somewhere.
>> >
>> > u know what thats called?  research.  real ppl do it.
>> >
>> > u dont.  and that is why, u suck.  ta ta.
>> >
>> > On Thu, Nov 6, 2008 at 8:34 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>> >> so you don't think its logical that these 5 day heads up could be
>> >> helping the bad guys out? right. i think the world's biggest hackers
>> >> could do a lot of research in 5 days. but then again n3td3v isn't
>> >> logical so i must be wrong. damn those drugs eh? i just asked what the
>> >> realistic possibility was for a 5 day turn around from the day of the
>> >> heads up until a patch is released. i just thought it was bad that we
>> >> were giving the bad guys a 5 day head start, but never mind n3td3v
>> >> isn't logical so i must be wrong. scraping the 5 day head start isn't
>> >> a good idea because n3td3v isn't logical? right, i threw away 10 years
>> >> of my life to not be logical...
>> >>
>> >> On Fri, Nov 7, 2008 at 1:20 AM, waveroad waveroad <[EMAIL PROTECTED]>
>> >> wrote:
>> >>>
>> >>> You can be ""monitoring"" the scene since 20 years if you want to,
>> >>> it's not
>> >>> for that your point will be valuable.
>> >>> And actually it is not, also this is about logic.
>> >>>
>> >>> See you're wrong again.
>> >>>
>> >>> Get the fuck out of here.
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> 2008/11/6, n3td3v <[EMAIL PROTECTED]>:
>> 
>>  i've been monitoring the scene since 1999 so what do you mean no
>>  experience? i make that about 10 years experience if my math is
>>  correct.
>> 
>> 
>>  On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]>
>>  wrote:
>>  > Do you even understand why people dont like you? It is because you
>>  > have
>>  > all
>>  > these crackpot ideas but no experience to back it up. All your
>>  > ideas
>>  > only
>>  > make sense from a theoretical standpoint, but in practicality most
>>  > will
>>  > fail.
>>  >
>> 
>>  > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]>
>>  > wrote:
>>  >>
>>  >> blackhats like you will always hate on me, so i just ignore the
>>  >> negative responses i get.
>>  >
>> 
>> 
>>  ___
>>  Full-Disclosure - We believe in it.
>>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>  Hosted and sponsored by Secunia - http://secunia.com/
>> >>>
>> >>>
>> >>> ___
>> >>> Full-Disclosure - We believe in it.
>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >>> Hosted and sponsored by Secunia - http://secunia.com/
>> >>>
>> >>
>> >> ___
>> >> Full-Disclosure - We believe in it.
>> >> Chart

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Biz Marqee 
Acting like the child that he is, n3td3v continues to ignore questions posed
to him. How can he be such an avid debater over the legality of things like
metasploit, 0day auctions and similarly themed bullshit threads when he
completely disregards drug laws? How do you intend to lobby people to listen
to you when you are not a law abiding citizen yourself? You have no
credibility in the eyes of the law, so don't psuedo threaten people trying
to appear like you have some government backing. You have proven beyond
doubt that you dont, because the government doesnt listen to drug taking
internet heroes, such as yourself.

So enough with the bullshit.. FUCK OFF AND DIE.


On Fri, Nov 7, 2008 at 1:02 PM, n3td3v <[EMAIL PROTECTED]> wrote:

> i'm sorry that you don't agree with my heads up theory, i stand by
> what i said however. i'm sure microsoft don't read full-disclosure
> anyway, so you're right i'm not going to change anything. by the way,
> i've noticed you haven't stopped stalking me yet, im a bit concerned
> about your health. cheers.
>
> On Fri, Nov 7, 2008 at 1:44 AM, Ureleet <[EMAIL PROTECTED]> wrote:
> > first off, u arent going to get any1 2 change anything. so, lets get
> > that out of the way right there.
> >
> > second of all, in order for u 2 prove ur point, id like 4 u to go to
> > some research of how many exploits have come out during the 5 day
> > period between vague-ass disclosure and patch publish.  then compare
> > and contrast that against how many exploits have come out in the 24
> > hours following the patch publish after people have had a chance to do
> > bindiffs (u know what that means right white-hat?) against the
> > patches.  then, take all that data, draw some charts and graphs, write
> > a whitepaper, and present it somewhere.
> >
> > u know what thats called?  research.  real ppl do it.
> >
> > u dont.  and that is why, u suck.  ta ta.
> >
> > On Thu, Nov 6, 2008 at 8:34 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> >> so you don't think its logical that these 5 day heads up could be
> >> helping the bad guys out? right. i think the world's biggest hackers
> >> could do a lot of research in 5 days. but then again n3td3v isn't
> >> logical so i must be wrong. damn those drugs eh? i just asked what the
> >> realistic possibility was for a 5 day turn around from the day of the
> >> heads up until a patch is released. i just thought it was bad that we
> >> were giving the bad guys a 5 day head start, but never mind n3td3v
> >> isn't logical so i must be wrong. scraping the 5 day head start isn't
> >> a good idea because n3td3v isn't logical? right, i threw away 10 years
> >> of my life to not be logical...
> >>
> >> On Fri, Nov 7, 2008 at 1:20 AM, waveroad waveroad <[EMAIL PROTECTED]>
> wrote:
> >>>
> >>> You can be ""monitoring"" the scene since 20 years if you want to, it's
> not
> >>> for that your point will be valuable.
> >>> And actually it is not, also this is about logic.
> >>>
> >>> See you're wrong again.
> >>>
> >>> Get the fuck out of here.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> 2008/11/6, n3td3v <[EMAIL PROTECTED]>:
> 
>  i've been monitoring the scene since 1999 so what do you mean no
>  experience? i make that about 10 years experience if my math is
>  correct.
> 
> 
>  On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]>
> wrote:
>  > Do you even understand why people dont like you? It is because you
> have
>  > all
>  > these crackpot ideas but no experience to back it up. All your ideas
>  > only
>  > make sense from a theoretical standpoint, but in practicality most
> will
>  > fail.
>  >
> 
>  > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]>
> wrote:
>  >>
>  >> blackhats like you will always hate on me, so i just ignore the
>  >> negative responses i get.
>  >
> 
> 
>  ___
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
> >>>
> >>>
> >>> ___
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secu

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
i'm sorry that you don't agree with my heads up theory, i stand by
what i said however. i'm sure microsoft don't read full-disclosure
anyway, so you're right i'm not going to change anything. by the way,
i've noticed you haven't stopped stalking me yet, im a bit concerned
about your health. cheers.

On Fri, Nov 7, 2008 at 1:44 AM, Ureleet <[EMAIL PROTECTED]> wrote:
> first off, u arent going to get any1 2 change anything. so, lets get
> that out of the way right there.
>
> second of all, in order for u 2 prove ur point, id like 4 u to go to
> some research of how many exploits have come out during the 5 day
> period between vague-ass disclosure and patch publish.  then compare
> and contrast that against how many exploits have come out in the 24
> hours following the patch publish after people have had a chance to do
> bindiffs (u know what that means right white-hat?) against the
> patches.  then, take all that data, draw some charts and graphs, write
> a whitepaper, and present it somewhere.
>
> u know what thats called?  research.  real ppl do it.
>
> u dont.  and that is why, u suck.  ta ta.
>
> On Thu, Nov 6, 2008 at 8:34 PM, n3td3v <[EMAIL PROTECTED]> wrote:
>> so you don't think its logical that these 5 day heads up could be
>> helping the bad guys out? right. i think the world's biggest hackers
>> could do a lot of research in 5 days. but then again n3td3v isn't
>> logical so i must be wrong. damn those drugs eh? i just asked what the
>> realistic possibility was for a 5 day turn around from the day of the
>> heads up until a patch is released. i just thought it was bad that we
>> were giving the bad guys a 5 day head start, but never mind n3td3v
>> isn't logical so i must be wrong. scraping the 5 day head start isn't
>> a good idea because n3td3v isn't logical? right, i threw away 10 years
>> of my life to not be logical...
>>
>> On Fri, Nov 7, 2008 at 1:20 AM, waveroad waveroad <[EMAIL PROTECTED]> wrote:
>>>
>>> You can be ""monitoring"" the scene since 20 years if you want to, it's not
>>> for that your point will be valuable.
>>> And actually it is not, also this is about logic.
>>>
>>> See you're wrong again.
>>>
>>> Get the fuck out of here.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 2008/11/6, n3td3v <[EMAIL PROTECTED]>:

 i've been monitoring the scene since 1999 so what do you mean no
 experience? i make that about 10 years experience if my math is
 correct.


 On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
 > Do you even understand why people dont like you? It is because you have
 > all
 > these crackpot ideas but no experience to back it up. All your ideas
 > only
 > make sense from a theoretical standpoint, but in practicality most will
 > fail.
 >

 > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
 >>
 >> blackhats like you will always hate on me, so i just ignore the
 >> negative responses i get.
 >


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Ureleet 
first off, u arent going to get any1 2 change anything. so, lets get
that out of the way right there.

second of all, in order for u 2 prove ur point, id like 4 u to go to
some research of how many exploits have come out during the 5 day
period between vague-ass disclosure and patch publish.  then compare
and contrast that against how many exploits have come out in the 24
hours following the patch publish after people have had a chance to do
bindiffs (u know what that means right white-hat?) against the
patches.  then, take all that data, draw some charts and graphs, write
a whitepaper, and present it somewhere.

u know what thats called?  research.  real ppl do it.

u dont.  and that is why, u suck.  ta ta.

On Thu, Nov 6, 2008 at 8:34 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> so you don't think its logical that these 5 day heads up could be
> helping the bad guys out? right. i think the world's biggest hackers
> could do a lot of research in 5 days. but then again n3td3v isn't
> logical so i must be wrong. damn those drugs eh? i just asked what the
> realistic possibility was for a 5 day turn around from the day of the
> heads up until a patch is released. i just thought it was bad that we
> were giving the bad guys a 5 day head start, but never mind n3td3v
> isn't logical so i must be wrong. scraping the 5 day head start isn't
> a good idea because n3td3v isn't logical? right, i threw away 10 years
> of my life to not be logical...
>
> On Fri, Nov 7, 2008 at 1:20 AM, waveroad waveroad <[EMAIL PROTECTED]> wrote:
>>
>> You can be ""monitoring"" the scene since 20 years if you want to, it's not
>> for that your point will be valuable.
>> And actually it is not, also this is about logic.
>>
>> See you're wrong again.
>>
>> Get the fuck out of here.
>>
>>
>>
>>
>>
>>
>>
>>
>> 2008/11/6, n3td3v <[EMAIL PROTECTED]>:
>>>
>>> i've been monitoring the scene since 1999 so what do you mean no
>>> experience? i make that about 10 years experience if my math is
>>> correct.
>>>
>>>
>>> On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
>>> > Do you even understand why people dont like you? It is because you have
>>> > all
>>> > these crackpot ideas but no experience to back it up. All your ideas
>>> > only
>>> > make sense from a theoretical standpoint, but in practicality most will
>>> > fail.
>>> >
>>>
>>> > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
>>> >>
>>> >> blackhats like you will always hate on me, so i just ignore the
>>> >> negative responses i get.
>>> >
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Biz Marqee 
I have watched movies for 10 years, does this make me an experienced
director? No, because watching isn't doing and as such it is not experience.

Now please address the issue of your illegal drug use, which demonstrates
complete disregard for your governments laws.


On Fri, Nov 7, 2008 at 12:06 PM, n3td3v <[EMAIL PROTECTED]> wrote:

> i've been monitoring the scene since 1999 so what do you mean no
> experience? i make that about 10 years experience if my math is
> correct.
>
> On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> > Do you even understand why people dont like you? It is because you have
> all
> > these crackpot ideas but no experience to back it up. All your ideas only
> > make sense from a theoretical standpoint, but in practicality most will
> > fail.
> >
> > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
> >>
> >> blackhats like you will always hate on me, so i just ignore the
> >> negative responses i get.
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: 0day auctions, should they be outlawed?

2008-11-06 Thread Ureleet 
no.  _u_ are angry.  no 1 else.  no 1 else gives a shit.

On Mon, Nov 3, 2008 at 2:24 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> who cares what it means, people are angry, there better be a
> government task / strike force being setup for when these offers come
> infront of everyone. we can't be complacent about the dangers of these
> exploits getting bought by the bad guys. moreover, they shouldn't be
> allowed to hold people to ransom when security is at stake. ultimately
> they need to be outlawed, and if they can't be, then second best is a
> 24 hour on stand by task /strike force.
>
> On Mon, Nov 3, 2008 at 6:54 PM, Sandy Vagina <[EMAIL PROTECTED]> wrote:
>> And by "lobbying", you mean continuing to whine on the full-disclosure list?
>>
>> Sandy
>>
>> On 11/3/08, n3td3v <[EMAIL PROTECTED]> wrote:
>>> i'll be lobbying soon to outlaw 0day auctions, this means the banning
>>> of 0day sales on the internet. i've noticed an increased level in 0day
>>> sales lately on mailing lists, and web sites... i think this should be
>>> against the law. let me know what your opinions are on this, so i can
>>> form what im going to say when i lobby people about it. cheers.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Ureleet 
thats 9 years u fucking moron.  that could NOT have been funnier.
most of us on this list have been WORKING in this industry for longer
than that.  u just sit and rant.  take everyones advice, including
mine.

fucking leave.  we dont care about u.  microsoft is smarter than u, we
are all smarter than u.  microsoft does it for a reason, and u
obviously dont understand what that reason is.

On Thu, Nov 6, 2008 at 8:06 PM, n3td3v <[EMAIL PROTECTED]> wrote:
> i've been monitoring the scene since 1999 so what do you mean no
> experience? i make that about 10 years experience if my math is
> correct.
>
> On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
>> Do you even understand why people dont like you? It is because you have all
>> these crackpot ideas but no experience to back it up. All your ideas only
>> make sense from a theoretical standpoint, but in practicality most will
>> fail.
>>
>> On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
>>>
>>> blackhats like you will always hate on me, so i just ignore the
>>> negative responses i get.
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
so you don't think its logical that these 5 day heads up could be
helping the bad guys out? right. i think the world's biggest hackers
could do a lot of research in 5 days. but then again n3td3v isn't
logical so i must be wrong. damn those drugs eh? i just asked what the
realistic possibility was for a 5 day turn around from the day of the
heads up until a patch is released. i just thought it was bad that we
were giving the bad guys a 5 day head start, but never mind n3td3v
isn't logical so i must be wrong. scraping the 5 day head start isn't
a good idea because n3td3v isn't logical? right, i threw away 10 years
of my life to not be logical...

On Fri, Nov 7, 2008 at 1:20 AM, waveroad waveroad <[EMAIL PROTECTED]> wrote:
>
> You can be ""monitoring"" the scene since 20 years if you want to, it's not
> for that your point will be valuable.
> And actually it is not, also this is about logic.
>
> See you're wrong again.
>
> Get the fuck out of here.
>
>
>
>
>
>
>
>
> 2008/11/6, n3td3v <[EMAIL PROTECTED]>:
>>
>> i've been monitoring the scene since 1999 so what do you mean no
>> experience? i make that about 10 years experience if my math is
>> correct.
>>
>>
>> On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
>> > Do you even understand why people dont like you? It is because you have
>> > all
>> > these crackpot ideas but no experience to back it up. All your ideas
>> > only
>> > make sense from a theoretical standpoint, but in practicality most will
>> > fail.
>> >
>>
>> > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
>> >>
>> >> blackhats like you will always hate on me, so i just ignore the
>> >> negative responses i get.
>> >
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread offbitz 
Dear n3td3v,

I sincerely regret to inform you that if all you have done for the past 10
years is "monitor the scene" (i.e. trolling/spamming mailing lists and
chatrooms with elementary ramblings) then you have no leg to stand on when
somebody questions your experience.  In fact, it is quite pitiful.  Get a
job or something.

Sincerely,
offbitz
On Thu, Nov 6, 2008 at 7:06 PM, n3td3v <[EMAIL PROTECTED]> wrote:

> i've been monitoring the scene since 1999 so what do you mean no
> experience? i make that about 10 years experience if my math is
> correct.
>
> On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> > Do you even understand why people dont like you? It is because you have
> all
> > these crackpot ideas but no experience to back it up. All your ideas only
> > make sense from a theoretical standpoint, but in practicality most will
> > fail.
> >
> > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
> >>
> >> blackhats like you will always hate on me, so i just ignore the
> >> negative responses i get.
> >
>
>  ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread waveroad waveroad 
You can be ""monitoring"" the scene since 20 years if you want to, it's not
for that your point will be valuable.
And actually it is not, also this is about logic.

See you're wrong again.

Get the fuck out of here.








2008/11/6, n3td3v <[EMAIL PROTECTED]>:
>
> i've been monitoring the scene since 1999 so what do you mean no
> experience? i make that about 10 years experience if my math is
> correct.
>
>
> On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> > Do you even understand why people dont like you? It is because you have
> all
> > these crackpot ideas but no experience to back it up. All your ideas only
> > make sense from a theoretical standpoint, but in practicality most will
> > fail.
> >
>
> > On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
> >>
> >> blackhats like you will always hate on me, so i just ignore the
> >> negative responses i get.
> >
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
i've been monitoring the scene since 1999 so what do you mean no
experience? i make that about 10 years experience if my math is
correct.

On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee <[EMAIL PROTECTED]> wrote:
> Do you even understand why people dont like you? It is because you have all
> these crackpot ideas but no experience to back it up. All your ideas only
> make sense from a theoretical standpoint, but in practicality most will
> fail.
>
> On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:
>>
>> blackhats like you will always hate on me, so i just ignore the
>> negative responses i get.
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [USN-662-2] Ubuntu kernel modules vulnerability

2008-11-06 Thread Kees Cook 
===
Ubuntu Security Notice USN-662-2  November 06, 2008
linux-ubuntu-modules-2.6.22/24 vulnerability
CVE-2008-4395
===

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  linux-ubuntu-modules-2.6.22-15-386  2.6.22-15.40
  linux-ubuntu-modules-2.6.22-15-generic  2.6.22-15.40
  linux-ubuntu-modules-2.6.22-15-rt  2.6.22-15.40
  linux-ubuntu-modules-2.6.22-15-server  2.6.22-15.40

Ubuntu 8.04 LTS:
  linux-ubuntu-modules-2.6.24-21-386  2.6.24-21.33
  linux-ubuntu-modules-2.6.24-21-generic  2.6.24-21.33
  linux-ubuntu-modules-2.6.24-21-rt  2.6.24-21.33
  linux-ubuntu-modules-2.6.24-21-server  2.6.24-21.33

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

USN-662-1 fixed vulnerabilities in ndiswrapper in Ubuntu 8.10.
This update provides the corresponding updates for Ubuntu 8.04 and 7.10.

Original advisory details:

 Anders Kaseorg discovered that ndiswrapper did not correctly handle long
 ESSIDs.  For a system using ndiswrapper, a physically near-by attacker
 could generate specially crafted wireless network traffic and execute
 arbitrary code with root privileges. (CVE-2008-4395)


Updated packages for Ubuntu 7.10:

  Source archives:


http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22_2.6.22-15.40.dsc
  Size/MD5: 2270 ca989ecc485630b0a895915fe537be88

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22_2.6.22-15.40.tar.gz
  Size/MD5:  6969594 5a4b04bf2a8a43600440ed4dbb82b07e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-generic_2.6.22-15.40_amd64.deb
  Size/MD5:  3014174 126dec5097ec2f638c08f4ba00d6c5af

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-server_2.6.22-15.40_amd64.deb
  Size/MD5:  3013396 9f938ce9ebcad01a3d985515512f1b0c

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-generic-di_2.6.22-15.40_amd64.udeb
  Size/MD5:  1048442 5e2a729f7be9dd5a34890e920094d278

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-generic-di_2.6.22-15.40_amd64.udeb
  Size/MD5:   322528 7a2a11b1d6ddcb43a901230004a1ce4e

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/ubuntu-modules-2.6.22-15-generic-di_2.6.22-15.40_amd64.udeb
  Size/MD5:   477900 b84c2081e9a61c22661cc5cbe794ad94

http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-rt_2.6.22-15.40_amd64.deb
  Size/MD5:  3021984 8b6a693cdeeea509dfff3475fdf20d0a

http://security.ubuntu.com/ubuntu/pool/universe/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-xen_2.6.22-15.40_amd64.deb
  Size/MD5:  3016172 1ef53683c2d11b791c459b0650a18738

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-386_2.6.22-15.40_i386.deb
  Size/MD5:  3050174 2136265513fa9af422a122cdbe350620

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-generic_2.6.22-15.40_i386.deb
  Size/MD5:  3059806 8bf405523841a1da181c7d1c8c58d1b0

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-server_2.6.22-15.40_i386.deb
  Size/MD5:  3061220 32d626aa8b3743e4bce4523e02f04110

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/linux-ubuntu-modules-2.6.22-15-virtual_2.6.22-15.40_i386.deb
  Size/MD5:  1551884 aa5f2e7305eeea56c70bde33c9364d87

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-386-di_2.6.22-15.40_i386.udeb
  Size/MD5:  1048322 e5662e79cf6e2592ed201662b3791d1f

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/nic-firmware-2.6.22-15-generic-di_2.6.22-15.40_i386.udeb
  Size/MD5:  1048446 a464b4ab787a533a221da2a665953017

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-386-di_2.6.22-15.40_i386.udeb
  Size/MD5:   322508 06f86fb69be20781c52bc86569148280

http://security.ubuntu.com/ubuntu/pool/main/l/linux-ubuntu-modules-2.6.22/scsi-firmware-2.6.22-15-generic-di_2.6.22-15.40_i386.udeb
  Size/MD5:   322530 4c7da751eeb3b4b7a3ab497c63a22cd1

http://secur

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Anders B Jansson 
n3td3v wrote:
> blackhats like you will always hate on me, so i just ignore the
> negative responses i get.

Whitehats hate you equally because you just create spam and don't post anything 
of actual value.

You have your mailing list.
Why can't you just stay there until you have anything of value to disclose?
-- 
// hdw

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Biz Marqee 
Do you even understand why people dont like you? It is because you have all
these crackpot ideas but no experience to back it up. All your ideas only
make sense from a theoretical standpoint, but in practicality most will
fail.

Do you understand that or are you much of an ignorant person to even realise
that you are a joke to us. I will say that again just incase you missed it
YOU ARE A JOKE.

And people dont think I just make up that hes a drugfuck, he even admitted
his use of illegal substances way back in 2005. So, Mr n3td3v, my question
to you is how can you be in such support of the governments security posture
on one hand, but ignore their views on drugs on the other? Do you think you
are above the governments laws and as such only need to follow what you
dictate to be applicable to you?

On Fri, Nov 7, 2008 at 11:31 AM, n3td3v <[EMAIL PROTECTED]> wrote:

> blackhats like you will always hate on me, so i just ignore the
> negative responses i get.
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread waveroad waveroad 
That's a good try, you play the oppressed card, Calimero sayed it: life is
so injust.
To bad that's not the real reason.
You're polluating this mailing list since a couple of years, there's even a
profiling Pdf dedicated to you (amnesic reminder:
www.hackerfactor.com/papers/who_is_n3td3v.pdf)

now it's enough, it's not a question about white/grey/blue/black hat, it's
about a fucking morron named n3td3v.

So please consider my past advice :
Get The Fuck Out Of Here ,you have no friends here.







2008/11/6, n3td3v <[EMAIL PROTECTED]>:
>
> blackhats like you will always hate on me, so i just ignore the
> negative responses i get.
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
blackhats like you will always hate on me, so i just ignore the
negative responses i get.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread waveroad waveroad 
Shut the fuck up
We're tired to hear your shit dude.
Why don't you just keep on squatting your fucking mailing list with your
friends ?

You have no friends here, and you're not welcome, get the fuck out of here.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread Biz Marqee 
maybe we should have a discussion on what a drug addled cock lover you are?

On Fri, Nov 7, 2008 at 10:48 AM, n3td3v <[EMAIL PROTECTED]> wrote:

> On Thursday, Microsoft announced two security bulletins for Tuesday.
> The advance notice is intended as a heads up for IT departments before
> Patch Tuesday, the company's monthly patch day. One bulletin is
> considered critical, the most serious ranking offered by the software
> giant, while the other is ranked important, the next most serious.
>
> The critical patch will affect XML Core Services in Windows and
> Microsoft Office. The important bulletin will affect only Windows. If
> exploited, Microsoft says the specific vulnerabilities addressed in
> these bulletins could cause remote code execution.
>
> http://news.cnet.com/8301-1009_3-10084063-83.html
>
> i'm not sure this is a good idea as it gives a heads up to hackers.
> you may think its not long but its actually 5 days for a hacker to
> figure out potentially a vulnerability in said area. maybe we should
> have a discussion about the pros and cons of these microsoft heads up
> and what the reality of it is for the bad guys to be able to pin point
> and start exploiting a flaw in said area in a 5 day time frame. yours
> n3td3v.
>
> ---
>
> Helping keep you safe online -
>
> Here you can join me to information share about what the real hackers
> and bad hackers are upto.
>
> http://groups.google.com/group/n3td3v
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Two bulletins from Microsoft on Patch Tuesday

2008-11-06 Thread n3td3v 
On Thursday, Microsoft announced two security bulletins for Tuesday.
The advance notice is intended as a heads up for IT departments before
Patch Tuesday, the company's monthly patch day. One bulletin is
considered critical, the most serious ranking offered by the software
giant, while the other is ranked important, the next most serious.

The critical patch will affect XML Core Services in Windows and
Microsoft Office. The important bulletin will affect only Windows. If
exploited, Microsoft says the specific vulnerabilities addressed in
these bulletins could cause remote code execution.

http://news.cnet.com/8301-1009_3-10084063-83.html

i'm not sure this is a good idea as it gives a heads up to hackers.
you may think its not long but its actually 5 days for a hacker to
figure out potentially a vulnerability in said area. maybe we should
have a discussion about the pros and cons of these microsoft heads up
and what the reality of it is for the bad guys to be able to pin point
and start exploiting a flaw in said area in a 5 day time frame. yours
n3td3v.

---

Helping keep you safe online -

Here you can join me to information share about what the real hackers
and bad hackers are upto.

http://groups.google.com/group/n3td3v

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Once thought safe, WPA Wi-Fi encryption is cracked

2008-11-06 Thread Ivan . 
To do this, Tews and his co-researcher Martin
Beckfound
a way to break the Temporal Key Integrity Protocol (TKIP) key, used by
WPA, in a relatively short amount of time: 12 to 15 minutes, according
to Dragos
Ruiu,
the PacSec conference's organizer.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9119258
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2008:226 ] ruby

2008-11-06 Thread security 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2008:226
 http://www.mandriva.com/security/
 ___

 Package : ruby
 Date: November 6, 2008
 Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 ___

 Problem Description:

 A denial of service condition was found in Ruby's regular expression
 engine.  If a Ruby script tried to process a large amount of data
 via a regular expression, it could cause Ruby to enter an infinite
 loop and crash (CVE-2008-3443).
 
 A number of flaws were found in Ruby that could allow an attacker to
 create a carefully crafted script that could allow for the bypass of
 certain safe-level restrictions (CVE-2008-3655).
 
 A denial of service vulnerability was found in Ruby's HTTP server
 toolkit, WEBrick.  A remote attacker could send a specially-crafted
 HTTP request to a WEBrick server that would cause it to use an
 excessive amount of CPU time (CVE-2008-3656).
 
 An insufficient taintness check issue was found in Ruby's DL module,
 a module that provides direct access to the C language functions.
 This flaw could be used by an attacker to bypass intended safe-level
 restrictions by calling external C functions with the arguments from
 an untrusted tainted input (CVE-2008-3657).
 
 A denial of service condition in Ruby's XML document parsing module
 (REXML) could cause a Ruby application using the REXML module to use
 an excessive amount of CPU and memory via XML documents with large
 XML entitity definitions recursion (CVE-2008-3790).
 
 The Ruby DNS resolver library used predictable transaction IDs and
 a fixed source port when sending DNS requests.  This could be used
 by a remote attacker to spoof a malicious reply to a DNS query
 (CVE-2008-3905).
 
 The updated packages have been patched to correct these issues.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905
 ___

 Updated Packages:

 Mandriva Linux 2008.0:
 b0f0593d07a6631aaa701924c6beacff  2008.0/i586/ruby-1.8.6-5.3mdv2008.0.i586.rpm
 7d914e909536c61b2ce0ad112229054c  
2008.0/i586/ruby-devel-1.8.6-5.3mdv2008.0.i586.rpm
 35ab076f8519d913074acb3f8add7365  
2008.0/i586/ruby-doc-1.8.6-5.3mdv2008.0.i586.rpm
 0e2b9e08dd9180b17391f0dc1d88bc64  
2008.0/i586/ruby-tk-1.8.6-5.3mdv2008.0.i586.rpm 
 df8cd74ee6670f3f016c5e1b7912ba2a  2008.0/SRPMS/ruby-1.8.6-5.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 198e6e4c2ae919c066d900e1d44a8ea6  
2008.0/x86_64/ruby-1.8.6-5.3mdv2008.0.x86_64.rpm
 fc7e8c154348d0921f0d2002f3ee0fa9  
2008.0/x86_64/ruby-devel-1.8.6-5.3mdv2008.0.x86_64.rpm
 62027ed3409c5f56d7a07128246bdd7e  
2008.0/x86_64/ruby-doc-1.8.6-5.3mdv2008.0.x86_64.rpm
 e624bee3bc855bbd2068b3c850601926  
2008.0/x86_64/ruby-tk-1.8.6-5.3mdv2008.0.x86_64.rpm 
 df8cd74ee6670f3f016c5e1b7912ba2a  2008.0/SRPMS/ruby-1.8.6-5.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 f88546be7edc6f3801915cedd95fb1e0  
2008.1/i586/ruby-1.8.6-9p114.2mdv2008.1.i586.rpm
 000b10c2fbb34006a7222b1af111a42a  
2008.1/i586/ruby-devel-1.8.6-9p114.2mdv2008.1.i586.rpm
 3f84b7b9a3b7d293ae52464336bf7dc5  
2008.1/i586/ruby-doc-1.8.6-9p114.2mdv2008.1.i586.rpm
 88d2ae0a40e5614cde80ba249ff6fef9  
2008.1/i586/ruby-tk-1.8.6-9p114.2mdv2008.1.i586.rpm 
 eb601f21a3a04aaccd8fdd98f31c553e  
2008.1/SRPMS/ruby-1.8.6-9p114.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 a372532439a737e65f2685855d3c9109  
2008.1/x86_64/ruby-1.8.6-9p114.2mdv2008.1.x86_64.rpm
 7eaa8e8b04ad12d690f8e56fb90ada6f  
2008.1/x86_64/ruby-devel-1.8.6-9p114.2mdv2008.1.x86_64.rpm
 2d81cd9c9f1998c0cc18a188740b022d  
2008.1/x86_64/ruby-doc-1.8.6-9p114.2mdv2008.1.x86_64.rpm
 37bb46235a75babe11c37caa3e80169e  
2008.1/x86_64/ruby-tk-1.8.6-9p114.2mdv2008.1.x86_64.rpm 
 eb601f21a3a04aaccd8fdd98f31c553e  
2008.1/SRPMS/ruby-1.8.6-9p114.2mdv2008.1.src.rpm

 Corporate 3.0:
 e218f9c5549d5524a70fdc648be21766  
corporate/3.0/i586/ruby-1.8.1-1.11.C30mdk.i586.rpm
 c414540664946e719205cc8ca4263564  
corporate/3.0/i586/ruby-devel-1.8.1-1.11.C30mdk.i586.rpm
 34885696510659a992227caaffc7dbe2  
corporate/3.0/i586/ruby-doc-1.8.1-1.11.C30mdk.i586.rpm
 f226fe7a6ed268c96cc7ebba82552288  
corporate/3.0/i586/ruby-tk-1.8.1-1.11.C30mdk.i586.rpm 
 1dfa0afea4caf035cd5ada43178c2ca6  
corporate/3.0/SRPMS/ruby-1.8.1-1.11.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c64d31b7335cd132cc55b5cc0e83b29e  
corporate/3.0/

Re: [Full-disclosure] Bluetooth keyloggers?

2008-11-06 Thread Thierry Zoller 

Hi,
SM> * Remote discovery of these devices (active and passive) via
SM> bluetooth, localhost device discovery, any other means, etc.
Passive detection is always possible
Active (as in scan(query) detection depends on keylogger setup - I would guess 
no

SM> * Countermeasures, any and all, including isolated "jamming" and, if
SM> feasible, control of data flow or "injection" of false data
Jamming is always possible, injection depends on protocol usage



-- 
http://secdev.zoller.lu
Thierry Zoller

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Bluetooth keyloggers?

2008-11-06 Thread Michael Holstein 

> Just wondering if anyone has technical feedback/musings on the
> emerging bluetooth keyloggers available, such as the following
> products:
>   

Yeah .. use a USB keyboard ;)

> * Remote discovery of these devices (active and passive) via
> bluetooth, localhost device discovery, any other means, etc.
>   

Bluesniff can discover devices (including non-discoverable ones, if 
they're active) .. much like you can find wifi devices even if the SSID 
is hidden. Even though BT is encrypted, you can still see the frames at L2.

They can also be found the same way one find hidden 2.4ghz cameras .. 
using spectrum analyzers (I have an icom handheld that does this 
marginally well if you're close enough).

> * Countermeasures, any and all, including isolated "jamming" and, if
> feasible, control of data flow or "injection" of false data
>   

Well, if you're willing to throw the "Part B" rules out the window .. 
any broadband noise generator tuned to the appropriate frequency will 
work. Most of the cheap-o Chinese jammers for Cellphone/GPS are just a 
simple VCO and amplifier .. easy to tune into the appropriate band.

As for injection .. with the bluejacking tools you can force a 
re-pairing, and then bruteforce. Since the devices you link to are 
designed to be passive, I'd imagine they'd automatically re-pair (versus 
a phone, which would prompt the user to do something).

> * Real-world performance in light of interference (signal and obstacles)
>   

bluetooth dongle to my Samsung cellphone works ~20' in a typical office. 
Their statement about a "football field" is only true if you were 
actually in an open field.

> * Any other "stuff" -- honeypots, long-distance snarfage, creative
> applications, automation, etc. ;-)
>
>   

.. a 24db parabolic plus a bluetooth dongle modded for an external 
antenna can give you several hundred feet, easily.


Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Bluetooth keyloggers?

2008-11-06 Thread Shawn Merdinger 
Hi List,

Just wondering if anyone has technical feedback/musings on the
emerging bluetooth keyloggers available, such as the following
products:

1.  http://www.wirelesskeylogger.com/index.php
2.  http://www.keyear.com/articles_pages/BTKeyEar2.html
4.  Other commercially offered products?
3.  Any custom kit/gear folks have cooked up, and are willing to talk
about, brining to a conference, etc.?

Specifically I'm looking to find out more concerning these attributes:

* Remote discovery of these devices (active and passive) via
bluetooth, localhost device discovery, any other means, etc.
* Countermeasures, any and all, including isolated "jamming" and, if
feasible, control of data flow or "injection" of false data
* Fingerprinting (a la "Blueprinting" -
http://trifinite.org/trifinite_stuff_blueprinting.html)
* Real-world performance in light of interference (signal and obstacles)
* Any other "stuff" -- honeypots, long-distance snarfage, creative
applications, automation, etc. ;-)

Off list comments are fine too.

Cheers,
--scm

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] AVG 8.0.173 flaw

2008-11-06 Thread alessandro telami 

My point is/was that with that kind of privileges on the machine there is no 
point in killing the AV processes, when you
could just format the hard drive or do whatever you like on the machine.
> Date: Thu, 6 Nov 2008 13:05:46 +> From: [EMAIL PROTECTED]> To: 
> full-disclosure@lists.grok.org.uk> Subject: [Full-disclosure] AVG 8.0.173 
> flaw> > @ alessandro telami> Most antivirus , nowadays locks there 
> processesAVG 8.0.173 and older> doesn't. At the time, i'm writing this lines 
> there are public> computers in my local area that can be used to infect.> > 
> Note: This is usefull for hack tools execution or pay-per-install schemes.> > 
> Note 2: An automatic POC with source is already made.> > 
> ___> Full-Disclosure - We believe 
> in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> 
> Hosted and sponsored by Secunia - http://secunia.com/
_
BigSnapSearch.com - 24 prizes a day, every day - Search Now!
http://clk.atdmt.com/UKM/go/117442309/direct/01/___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Death of a Gay h4x0r!

2008-11-06 Thread rholgstad 
you are showing your age... might be time for an internet exits

[EMAIL PROTECTED] wrote:
> On Thu, 06 Nov 2008 10:54:36 +0100, Knud Erik Højgaard said:
>
>   
>> And now he accidentally the entire fleshlight!
>> 
>
> This sentence no verb.
>   
> 
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Death of a Gay h4x0r!

2008-11-06 Thread James Matthews 
He isn't so bad have some mercy ;)

On 11/6/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Thu, 06 Nov 2008 10:54:36 +0100, Knud Erik Højgaard said:
>
>> And now he accidentally the entire fleshlight!
>
> This sentence no verb.
>


-- 
http://www.goldwatches.com/

http://www.jewelerslounge.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Death of a Gay h4x0r!

2008-11-06 Thread Valdis . Kletnieks 
On Thu, 06 Nov 2008 10:54:36 +0100, Knud Erik Højgaard said:

> And now he accidentally the entire fleshlight!

This sentence no verb.


pgpcmP8AxgroA.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] AVG 8.0.173 flaw

2008-11-06 Thread Tribal MP 
@ alessandro telami
Most antivirus , nowadays locks there processesAVG 8.0.173 and older
doesn't. At the time, i'm writing this lines there are public
computers in my local area that can be used to infect.

Note: This is usefull for hack tools execution or pay-per-install schemes.

Note 2: An automatic POC with source is already made.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass

2008-11-06 Thread Devin Carraway 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1662-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Devin Carraway
November 06, 2008 http://www.debian.org/security/faq
- 

Package: mysql-dfsg-5.0
Vulnerability  : authorization bypass
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-4098
Debian Bug : 480292

A symlink traversal vulnerability was discovered in MySQL, a
relational database server.  The weakness could permit an attacker
having both CREATE TABLE access to a database and the ability to
execute shell commands on the database server to bypass MySQL access
controls, enabling them to write to tables in databases to which they
would not ordinarily have access.

The Common Vulnerabilities and Exposures project identifies this
vulnerability as CVE-2008-4098.  Note that a closely aligned issue,
identified as CVE-2008-4097, was prevented by the update announced in
DSA-1608-1.  This new update supercedes that fix and mitigates both
potential attack vectors.

For the stable distribution (etch), this problem has been fixed in
version 5.0.32-7etch8.

We recommend that you upgrade your mysql packages.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
Size/MD5 checksum: 16439441 f99df050b0b847adf7702b44e79ac877
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.dsc
Size/MD5 checksum: 1117 6456a5396b56431a31e2121805ef3208
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.diff.gz
Size/MD5 checksum:   269277 bc749451446872ac8c8567ed60b0eea6

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch8_all.deb
Size/MD5 checksum:48142 761dce88bf46026622550e503800d4c3
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch8_all.deb
Size/MD5 checksum:54452 64140dddeb7bd50098ddc6222b4d2939
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch8_all.deb
Size/MD5 checksum:46068 0a67c6a61d08bf716c0af68da1585563

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_alpha.deb
Size/MD5 checksum:  8405572 ceda4648a1bbc48f087f8763350c04e7
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_alpha.deb
Size/MD5 checksum: 27385278 b5435c8d77f64e1855300e1988570333
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_alpha.deb
Size/MD5 checksum:  8909972 e76dc32887c4baf25721eff971aa9d60
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_alpha.deb
Size/MD5 checksum:48170 c6eb1472bb6cf4fad708c23dd9a78cf8
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_alpha.deb
Size/MD5 checksum:  1947544 73d751f95dc5604d159df910a3157f45

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_amd64.deb
Size/MD5 checksum:  1831314 6ed359b8f2fb92c5c9846a3743e4b0f8
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_amd64.deb
Size/MD5 checksum:  7549266 ca948f5c66f2172927acd9e5cbf7c9ae
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_amd64.deb
Size/MD5 checksum:  7371842 7ff54b963be65b5e7d18425cd313bbcb
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_amd64.deb
Size/MD5 checksum:48178 127af2553cc1fd9e89f1f69a2eb44709
  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_amd64.deb
Size/MD5 checksum: 25813464 06dc8568f055c04dc4ddfd19de79a704

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/m

Re: [Full-disclosure] Death of a Gay h4x0r!

2008-11-06 Thread Knud Erik Højgaard 
On Thu, Nov 6, 2008 at 6:30 AM, Anders B Jansson <[EMAIL PROTECTED]> wrote:

> Obviously he wanted to played the game, and now he'll the second round of the 
> game.

And now he accidentally the entire fleshlight!

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [0day] Simple Machines Forum * <= 1.1.6 Code Execution

2008-11-06 Thread BlackHawk 
> # @descp: In loving memory of the rare bone marrow disease that
> killed rgod.
> # We can't thank you enough for killing a bug killer.

no comment.. :|

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/