Re: [Full-disclosure] Creating a rogue CA certificate

2008-12-31 Thread fd throwaway 
> -Original Message-

> From: full-disclosure-boun...@lists.grok.org.uk

> [*mailto:full-disclosure-boun...@lists.grok.org.uk*]
On Behalf

> Of j...@slave-tothe-box.net

> Sent: Tuesday, December 30, 2008 3:17 PM

> To: full-disclosure@lists.grok.org.uk

> Subject: Re: [Full-disclosure] Creating a rogue CA certificate

>

> > -BEGIN PGP SIGNED MESSAGE-

> > Hash: SHA1

> >

> > SSL/PKI is only as strong as the weakest CA...

> >

> > For those of you who haven't been following this, here you go:

> >

> > *http://www.win.tue.nl/hashclash/rogue-ca/*

> > *http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt*

> >

> > Enjoy and Happy New Years!

> >

> > elazar

> > -BEGIN PGP SIGNATURE-

> > Charset: UTF8

> > Version: Hush 3.0

> > Note: This signature can be verified at

> > *https://www.hushtools.com/verify* 

> >

> > wpwEAQECAAYFAklaVFQACgkQi04xwClgpZh4TQP+ODe2/jTHhOrLbKtoSJhZInX+lJXt

> > LMkU/xlYK1Au/f1E5KhXt43uMWYSeC/M0njQRPLyrDfihFlLsmAxGK/97kRQfxEttbcN

> > R0q1BL+WmbiGNglujzSWHqMSkn20r12itVfGP77nEbGYbjidV1BXxFNR2QQwLHZhGLWe

> > gVO/5Zg=

> > =+Pm+

> > -END PGP SIGNATURE-

> >

> > --

> > Click for free info on getting an MBA, $200K/ year potential.

> >

> >

> *http://tagline.hushmail.com/fc/PnY6qxsZwUN6299xt0fJO8HvJUKovV4hcZ7MH3I*

> > 6KbhlC0IDsYiG8/

> >

> > ___

> > Full-Disclosure - We believe in it.

> > Charter: 
> > *http://lists.grok.org.uk/full-disclosure-charter.html*

> > Hosted and sponsored by Secunia - *http://secunia.com/*

> >

> >

>

> >From Microsoft:

> *http://www.microsoft.com/technet/security/advisory/961509.mspx*

>

> "Microsoft is not aware of specific attacks against MD5, so

> previously issued certificates that were signed using MD5 are

> not affected and do not need to be revoked. This issue only

> affects certificates being signed using MD5 after the

> publication of the attack method."

>

> I take it the above is incorrect?

>

> James

>

> ___

> Full-Disclosure - We believe in it.

> Charter: 
> *http://lists.grok.org.uk/full-disclosure-charter.html*

> Hosted and sponsored by Secunia - *http://secunia.com/*
>


No it is correct because the attack creates a new CA from the compromised
cert which is then used to sign certs, it doesn't involve copying the
signatures of certs that already have been signed by legit CAs with the
exception of the one that is used to create the rogue CA
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Penetration testing will be dead by 2009 - Mr. Chess

2008-12-31 Thread James Matthews 
I wish! Fortify software has been tested against many open source projects
and reported a bunch of false positives. Yes i know they are working to
improve the software However i still hold that fuzzing will show you
some issues that this software cannot.

James

On Tue, Dec 30, 2008 at 8:16 PM, Simon Smith  wrote:

>
>
> http://snosoft.blogspot.com/2008/12/brian-chess-cto-of-fortify-software.html
>
>
>Simon Smith
>si...@snosoft.com
> --
>
>Subscribe to our blog
> http://snosoft.blogspot.com
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/

http://www.jewelerslounge.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Creating a rogue CA certificate

2008-12-31 Thread Valdis . Kletnieks 
On Wed, 31 Dec 2008 12:57:52 EST, Elazar Broad said:

> That's true, keeping up with security is not cheap nor easy.

Meanwhile, doing nothing is *always* cheap and easy, especially when it's
very unlikely that *you* will end up paying the price...

> Tradeoff's are tradeoff's, the question is, when it comes down to
> the $$$, is more cost effective to be proactive vs reactive in this
> case. Time will tell...

The important point here is that the cost of the vulnerability is what
economists call an externality - the CA who issued the cert that got
abused isn't the one who ends up with the headache.  If Certs-R-Us gives
BadGuy Inc a jiggered cert, and BadGuy Inc uses that to make a fake
Widgets-Today.com site and Joe Sixpack gets suckered, then Joe Sixpack
has a problem, Widgest-Today may have a problem - and neither victim is
very likely to blame Certs-R-Us - after all, Widgets-Today got *their*
cert from somebody else.  Certs-R-Us doesn't have a problem unless they
end up on CNN - otherwise *their* potential customers won't know there's
an issue.

On the other hand, if Microsoft and Mozilla issue updates that make their
browsers reject out-of-hand any cert with an MD5, *that* will make Certs-R-Us
sit up and pay attention *immediately*, because "I bought a cert from you
and the frikking thing doesn't work" *does* impact their bottom line.

I predict that if Microsoft and Mozilla do this, there will be a lot of
ambulance-chasing, as opportunists spider the web looking for OpenSSL
connections that present a cert with MD5, and spam the site with "We have
sooper-cheap non-MD5 certs!" ads...


pgp2kgiWbQQMp.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Creating a rogue CA certificate

2008-12-31 Thread Elazar Broad 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


is more cost effective


should have been is *it

On Wed, 31 Dec 2008 12:57:52 -0500 Elazar Broad
 wrote:
>That's true, keeping up with security is not cheap nor easy.
>Tradeoff's are tradeoff's, the question is, when it comes down to
>the $$$, is more cost effective to be proactive vs reactive in
>this
>case. Time will tell...
>
>On Tue, 30 Dec 2008 16:42:47 -0500 valdis.kletni...@vt.edu wrote:
>>On Tue, 30 Dec 2008 16:13:07 EST, Elazar Broad said:
>>> And they should have listened then, it was only a matter of
>time
>>> before someone fleshed out a practical attack, and that time is
>>> now. Then again, I am sure there some ATM's out there still
>>using
>>> DES. How many time's do we need to prove Moore's law...
>>
>>Playing devil's advocate for a moment...
>>
>>And perhaps they *were* listening, but realized that security is
>>about
>>tradeoffs, and they balanced the cost of doing the upgrade back
>>then
>>against the chances that a team as technically and budget-wise
>>prepared
>>as this one, *and with nefarious intent*, would do something
>>significantly
>>drastic enough to dent their revenue stream.
>>
>>Read section 5.2 of the hashclash/rogue-ca paper.  The victim CA
>>is churning
>>out an average of 1,000 certs in 3 days, let's say at $12 per.
>>That's some
>>$600K per year for just the weekends, not counting the Mon-Thurs
>>span which
>>is probably even higher (and why they targeted a weekend).  So
>$2M
>>per year
>>or more.
>>
>>Who wants to place a bet that said CA will be selling *the same
>>number*
>>of certs every week, meaning they had *no* economic loss due to
>>this hack,
>>because their customers won't actually *see* the news article and
>>give them
>>a bad feeling about their CA?  And with no actual loss, why spend
>>the money
>>to implement the change?
>>
>>Hint: It *isn't* just a matter of changing one line in a script
>to
>>say
>>'sha1' instead of 'md5' - you *also* need to go back and look at
>>all the
>>certs you've issued already and figure out if they've been
>>tweaked...
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAklbtS0ACgkQi04xwClgpZjT2QP/bIcnzHFZ35GMhXf1W+nptPJWHQ3W
zGejCeCWAKMGpPSy/aPP3AkMDgxxJNBduPyelS35gfYvu0oiBSbThQ0fOYMHUngJhuex
sydNqPhxYhKTfMEcOQLLU1x51Qr73wHyLHIlOcQh6fd0ZceTmOdd3ml9qp59Sq1JXTxr
Qo8J9Hg=
=Xxk2
-END PGP SIGNATURE-

--
Lower rates for Veterans. Click for VA loan information.
 
http://tagline.hushmail.com/fc/PnY6qxtVmScGZLWiBqwqAGkauzQUd9lMK0RPfsKCNYRb5o8OmdO9i/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Creating a rogue CA certificate

2008-12-31 Thread Elazar Broad 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

That's true, keeping up with security is not cheap nor easy.
Tradeoff's are tradeoff's, the question is, when it comes down to
the $$$, is more cost effective to be proactive vs reactive in this
case. Time will tell...

On Tue, 30 Dec 2008 16:42:47 -0500 valdis.kletni...@vt.edu wrote:
>On Tue, 30 Dec 2008 16:13:07 EST, Elazar Broad said:
>> And they should have listened then, it was only a matter of time
>> before someone fleshed out a practical attack, and that time is
>> now. Then again, I am sure there some ATM's out there still
>using
>> DES. How many time's do we need to prove Moore's law...
>
>Playing devil's advocate for a moment...
>
>And perhaps they *were* listening, but realized that security is
>about
>tradeoffs, and they balanced the cost of doing the upgrade back
>then
>against the chances that a team as technically and budget-wise
>prepared
>as this one, *and with nefarious intent*, would do something
>significantly
>drastic enough to dent their revenue stream.
>
>Read section 5.2 of the hashclash/rogue-ca paper.  The victim CA
>is churning
>out an average of 1,000 certs in 3 days, let's say at $12 per.
>That's some
>$600K per year for just the weekends, not counting the Mon-Thurs
>span which
>is probably even higher (and why they targeted a weekend).  So $2M
>per year
>or more.
>
>Who wants to place a bet that said CA will be selling *the same
>number*
>of certs every week, meaning they had *no* economic loss due to
>this hack,
>because their customers won't actually *see* the news article and
>give them
>a bad feeling about their CA?  And with no actual loss, why spend
>the money
>to implement the change?
>
>Hint: It *isn't* just a matter of changing one line in a script to
>say
>'sha1' instead of 'md5' - you *also* need to go back and look at
>all the
>certs you've issued already and figure out if they've been
>tweaked...
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQECAAYFAklbsqAACgkQi04xwClgpZh3FQQAgHyAry+xv7AOcUWHLNrGsUqmT9XP
BWa4ahzXUE9JTe8FT37fvNhv5ZwouHVYVZPZViwXcu0Kv2SHUSlfp5XGzObx6nDoO6X6
ObF8iBEPORsEkc9kzZDyOylswHRQrNI6c21t9GsntW0Nr8258ttY4xbhKmF0a+TkOWhX
/KBLZ4s=
=dMtL
-END PGP SIGNATURE-

--
Go to massage therapy school and make up to $150/hour, click now!
 
http://tagline.hushmail.com/fc/PnY6qxsbdbDEzAmhq24lIfo9SlWI9FpadA4MjMGNNyIfje7zdJ85y/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] CFP uCon Security Conference 2009 - Recife, Brazil

2008-12-31 Thread Wendel Guglielmetti Henrique 
Hi!

Very good conference, one of the bests in Brazil!

Do not hesitate in going.

Best regards.

On Wed, Dec 31, 2008 at 12:21 AM, uCon Security Conference
 wrote:
>CALL FOR PARTICIPATION uCon 2009, 2nd edition
>   Recife, Pernambuco, Brazil
>
>
> [ - Introduction - ]
>
>   uCon will be a totally informal and non-profit conference taking
> place in Recife, Brazil, in 28th of February 2009 -- three days after
> the best street carnival ever (also known as the rehearsal of the end of
> the world).
> The conference aims to bring together academics, hackers and information
> security enthusiasts to share cutting-edge ideas and thoughts about
> their latest developments and techniques in the field. Attendees will
> have the opportunity to network with like-minded people during social
> events, such as lunch break and aftercon party and during the capture
> the flag competition.
>
>
> [ - The venue - ]
>
>   The conference will be held at Jardins Bar e Restaurante, one of the
> city's most famous clubs. Its infrastructure includes a very comfortable
> ballroom with capacity for up to 500 people.
>
>
> [ - Who? - ]
>
>   The usual gang of cretins, the usual suspects.
>
>
> [ - Topics - ]
>
>   uCon committee gives preference to lectures with practical
> demonstration. The conference staff will try to provide every equipment
> needed for the presentation in the case the author cannot provide them.
>
> The following suggested topics include, but are not limited to:
>
> - General system exploitation techniques, vuln-dev and shellcoding
> - Web application hacking
> - Phone phreaking
> - Fuzzing and application security test
> - Hardware hacking, embedded systems and other electronic devices
> - Mobile devices exploitation, Symbian, P2K and bluetooth technologies
> - Analysis of virus, worms and all sorts of malware
> - Reverse engineering
> - Rootkits
> - Security in Wi-Fi and VoIP environments
> - Information about smartcard and RFID security and similars
> - Technical approach to alternative operating systems
> - Denial of service attacks and/or countermeasures
> - Techniques for development of secure software and systems
> - Security in SCADA and "obscure" environments
> - Cryptography
> - Information about satellites, GPS and stuff alike
> - Lockpicking, trashing and urban exploration
> - Internet, privacy and Big Brother
> - Information warfare and industrial espionage
>
>
> [ - Costs - ]
>
>   uCon staff tried to keep an affordable price for attendees and the
> early bird entry price is R$ 60. Registration on-site will cost R$ 80.
> Lunch, free pass to the aftercon party in Jardins club and access to
> the workshops are included within the ticket price.
>
>
> [ - Deadlines and submissions - ]
>
>   Deadline for proposal submission: 25th of January 2009
>   Deadline for acceptation: 5th of February 2009
>
> Send your proposal to c...@ucon-conference.org and make sure to provide
> along with your submission the following details:
>
> - Speaker name or handle
> - A short biography of the presenter
> - A brief description about your talk
> - Estimated time-length of presentation
> - Whether you need visa to enter Brazil or not
> - Any technical requirements for your lecture
>
> Unlike the past edition, when speakers could choose how many minutes of
> presentation time they needed, this time we will have pre-determined
> time slots of 45 minutes and a block of 5 minutes lightning talks where
> you can just step up the mic and say whatever you want to say.
>
> Preferrable file format for papers and slides are PDF. If you feel old
> school enough you can submit them in TXT as well.
>
> Speakers are asked to, but not obligated, hand in slides used in their
> lectures.
>
> The lectures will be given in English or Portuguese.
>
> NOTE: Bear in mind if your presentation involves advertisement of
> products, services or any kind of sales pitches, please do not submit.
>
>
> [ - Information for speakers - ]
>
>  Speakers' privileges are:
>
> - Free pass to the conference
> - 15 minutes of fame and glory (just to prove Andy Warhol was right)
> - Heavy amounts of alcohol, including caipirinha and assorted booze
> - Tour to Porto de Galinhas and other paradise beaches in south shore of
> Pernambuco
> - All the parties money can buy
> - We will try our best to cover travelling costs up to USD 750
>
>
> [ - Other information - ]
>
>   For further information please check out our web site
> http://www.ucon-conference.org it will be updated with everything
> regarding the conference.
>
> To speak at uCon 2009, send your proposal to c...@ucon-conference.org
>
> --
> Orgazining committee, uCon Security Conference
> http://www.ucon-conference.org
>



-- 

Wendel Guglielmetti Henrique
http://ws.hackaholic.org/ - Personal HomePage

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by S

Re: [Full-disclosure] Creating a rogue CA certificate

2008-12-31 Thread Ureleet 
ROFL. wow.  with a single statement u proved how woefully unaware u r
of security.

point proved.

On Tue, Dec 30, 2008 at 5:42 PM, n3td3v  wrote:
> On Tue, Dec 30, 2008 at 10:29 PM,   wrote:
>> On Tue, 30 Dec 2008 20:10:16 GMT, n3td3v said:
>>> Aiding script kids to get credit card numbers out of folks e-commerce
>>> purchases.
>>
>> Dear Idiot:
>>
>> This is hardly an attack that the average script kiddie can pull off.
>>
>
> Until HD Moore releases an attack module for it.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Valdis bad side, needs coffee!

2008-12-31 Thread Ureleet 
hes probably getting as frustrated with mr netdev as the rest of us.
i feel his pain.

On Wed, Dec 31, 2008 at 9:08 AM, RandallM  wrote:
>
>
> On Wed, Dec 31, 2008 at 6:00 AM, 
> wrote:
>>
>> --
>>
>> Message: 1
>> Date: Tue, 30 Dec 2008 17:25:36 -0500
>> From: valdis.kletni...@vt.edu
>> Subject: Re: [Full-disclosure] o lookie, n3td3v is lying elsewhere now
>
>
>>
>> [snip]
>>
>> Dear Idiot:
>>
>>
>> --
>>
>> Message: 2
>> Date: Tue, 30 Dec 2008 17:29:06 -0500
>> From: valdis.kletni...@vt.edu
>> Subject: Re: [Full-disclosure] Creating a rogue CA certificate
>
>
>   [snip]
>>
>>
>> Dear Idiot:
>>
>
> Valdis...Get some coffee! :)
>
> --
> been great, thanks
> Big R
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: im so done.

2008-12-31 Thread Ureleet 
i said id come back if u came back, fuck.  learn 2 read email you cockmunch.

On Tue, Dec 30, 2008 at 5:29 PM, n3td3v  wrote:
> -- Forwarded message --
> From: Ureleet 
> Date: Fri, Nov 28, 2008 at 2:20 AM
> Subject: [Full-disclosure] im so done.
> To: Full Disclosure 
>
>
> im leaving 4 absolutely no other reason than i am tired of replying.
> thats it.  dont read anything into it, its not a vast conspiracy from
> mi5 2 shut me up.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full-Disclosure Valdis bad side, needs coffee!

2008-12-31 Thread RandallM 
On Wed, Dec 31, 2008 at 6:00 AM,
wrote:

>
> --
>
> Message: 1
> Date: Tue, 30 Dec 2008 17:25:36 -0500
> From: valdis.kletni...@vt.edu
> Subject: Re: [Full-disclosure] o lookie, n3td3v is lying elsewhere now



>
> [snip]


> Dear Idiot:
>
>
> --
>
> Message: 2
> Date: Tue, 30 Dec 2008 17:29:06 -0500
> From: valdis.kletni...@vt.edu
> Subject: Re: [Full-disclosure] Creating a rogue CA certificate


  [snip]

>
>
> Dear Idiot:
>
>
Valdis...Get some coffee! :)

-- 
been great, thanks
Big R
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Merry Christmas

2008-12-31 Thread Tomas L. Byrnes 
Lest anyone think my last post was serious: That's the "Politically Correct" bs 
we'd have to do if we all listened to the whiners.

So, to all friends, whitehats, LEOs, Soldiers, Sailors, Marines and Airmen who 
stand on walls visible and invisible and protect those who are blissfully 
unaware of what it takes to keep their daily lives free from coercion: Merry 
Solstice, Hannukah, Christmas, Kwanzaa, Festivus or whateveritistoyou.

To all men and women of good character and good will, may peace and joy be with 
you, and may 2009 (or 5770) be better than 2008 (or 5769).

To the financial engineers, cybercriminals, script kiddies, scumbags, 
terrorists, thugs, and all others who want to live off others and force them to 
their will: run, hide, or change; otherwise you face certain peril, and in many 
cases death: We will never rest.

Happy New Year to all!

Full Disclosure: You can take the man out of the Army, but you can never take 
the Army out of the man. HOOOAAAH!
 

>-Original Message-
>From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-
>boun...@lists.grok.org.uk] On Behalf Of Steve Clement
>Sent: Monday, December 29, 2008 5:18 AM
>To: Rafal Los
>Cc: full-disclosure@lists.grok.org.uk; roryfly...@googlemail.com
>Subject: Re: [Full-disclosure] Merry Christmas
>
>Wow... with all these sense-less talks about this matter I nearly forgot
>what list I was on.
>
>Just one thing: Respect the others, if you don't believe in Christmas,
>delete the post and open the one you believe in.
>
>I don't understand how pretty intelligent people can be so intollerant,
>live and let live.
>
>cheers from CCC, Berlin
>
>Steve
>
>- Original Message -
>From: "Rafal Los" 
>To: nytrok...@gmail.com, jdem...@crucialsecurity.com
>Cc: full-disclosure@lists.grok.org.uk, roryfly...@googlemail.com
>Sent: Monday, 29 December, 2008 09:26:47 GMT +01:00 Amsterdam / Berlin /
>Bern / Rome / Stockholm / Vienna
>Subject: Re: [Full-disclosure] Merry Christmas
>
>
>Wow... with all this Merry Christmas stuff... I have to ask where the
>political correctness has gone? What about those who don't believe in
>the meaning of Christmas, and Christ being born? What about all those
>"atheists" who refuse to acknowledge? Anyway... thank you for saying
>"fuck politically correct" and wishing people Merry Christmas... Happy
>New year to you!
>
>Rafal (Ralph) M. Los
>IT Security - Response | Mitigation | Strategy
>E-mail : ra...@ishackingyou.com
>Direct : +1 (404) 606-6056
>- gPGP : 0xFFC63B33
>- Blog : http://preachsecurity.blogspot.com
>- Web : http://www.ishackingyou.com
>- LinkedIn :http://www.linkedin.com/in/rmlos
>
>
>
>
>
>Date: Mon, 29 Dec 2008 02:46:24 +0200
>From: nytrok...@gmail.com
>To: jdem...@crucialsecurity.com
>CC: full-disclosure@lists.grok.org.uk; roryfly...@googlemail.com
>Subject: Re: [Full-disclosure] Merry Christmas
>
>
>Merry Christmas and happy new year
>
>
>On Sun, Dec 28, 2008 at 11:52 PM, Jared DeMott <
>jdem...@crucialsecurity.com > wrote:
>
>
>
>
>
>KammyDoe wrote:
>> Merry Christmas, FD!
>> It's been a fun year; here's to '09!
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>And may God bless you! :)
>
>
>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>--
>http://www.astorandblack.com/
>
>
>Send e-mail anywhere. No map, no compass. Get your HotmailĀ® account now.
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Merry Christmas

2008-12-31 Thread Tomas L. Byrnes 
Please accept with no obligation, implied or implicit, my best wishes for an 
environmentally conscious, socially responsible, low-stress, non-addictive, 
gender-neutral celebration of the winter solstice holiday, practiced within the 
most enjoyable traditions of the religious persuasion of your choice, or 
secular practices of your choice, with respect for the religious/secular 
persuasion and/or traditions of others, or their choice not to practice 
religious or secular traditions at all. I also wish you a fiscally successful, 
personally fulfilling and medically uncomplicated recognition of the onset of 
the generally accepted calendar year 2006, but not without due respect for the 
calendars of choice of other cultures whose contributions to society have 
helped make America great. Not to imply that America is necessarily greater 
than any other country nor the only America in the Western Hemisphere. And 
without regard to the race, creed, color, age, physical ability, religious 
faith or sexual preference of the wishee. By accepting these greetings you are 
accepting these terms. This greeting is subject to clarification or withdrawal. 
It is freely transferable with no alteration to the original greeting. It 
implies no promise by the wisher to actually implement any of the wishes for 
herself or himself or others, and is void where prohibited by law and is 
revocable at the sole discretion of the wisher.


>-Original Message-
>From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-
>boun...@lists.grok.org.uk] On Behalf Of Steve Clement
>Sent: Monday, December 29, 2008 5:18 AM
>To: Rafal Los
>Cc: full-disclosure@lists.grok.org.uk; roryfly...@googlemail.com
>Subject: Re: [Full-disclosure] Merry Christmas
>
>Wow... with all these sense-less talks about this matter I nearly forgot
>what list I was on.
>
>Just one thing: Respect the others, if you don't believe in Christmas,
>delete the post and open the one you believe in.
>
>I don't understand how pretty intelligent people can be so intollerant,
>live and let live.
>
>cheers from CCC, Berlin
>
>Steve
>
>- Original Message -
>From: "Rafal Los" 
>To: nytrok...@gmail.com, jdem...@crucialsecurity.com
>Cc: full-disclosure@lists.grok.org.uk, roryfly...@googlemail.com
>Sent: Monday, 29 December, 2008 09:26:47 GMT +01:00 Amsterdam / Berlin /
>Bern / Rome / Stockholm / Vienna
>Subject: Re: [Full-disclosure] Merry Christmas
>
>
>Wow... with all this Merry Christmas stuff... I have to ask where the
>political correctness has gone? What about those who don't believe in
>the meaning of Christmas, and Christ being born? What about all those
>"atheists" who refuse to acknowledge? Anyway... thank you for saying
>"fuck politically correct" and wishing people Merry Christmas... Happy
>New year to you!
>
>Rafal (Ralph) M. Los
>IT Security - Response | Mitigation | Strategy
>E-mail : ra...@ishackingyou.com
>Direct : +1 (404) 606-6056
>- gPGP : 0xFFC63B33
>- Blog : http://preachsecurity.blogspot.com
>- Web : http://www.ishackingyou.com
>- LinkedIn :http://www.linkedin.com/in/rmlos
>
>
>
>
>
>Date: Mon, 29 Dec 2008 02:46:24 +0200
>From: nytrok...@gmail.com
>To: jdem...@crucialsecurity.com
>CC: full-disclosure@lists.grok.org.uk; roryfly...@googlemail.com
>Subject: Re: [Full-disclosure] Merry Christmas
>
>
>Merry Christmas and happy new year
>
>
>On Sun, Dec 28, 2008 at 11:52 PM, Jared DeMott <
>jdem...@crucialsecurity.com > wrote:
>
>
>
>
>
>KammyDoe wrote:
>> Merry Christmas, FD!
>> It's been a fun year; here's to '09!
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>And may God bless you! :)
>
>
>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>--
>http://www.astorandblack.com/
>
>
>Send e-mail anywhere. No map, no compass. Get your HotmailĀ® account now.
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/