Re: [Full-disclosure] The war in Palestine
On Mon, Jan 5, 2009 at 9:25 AM, - o z - o...@hotmail.com wrote: On Jan 4, 2009, at 10:31 PM, Avraham Schneider wrote: When there is no choice, there is no choice - Israel has to defend it's own civilian population as a first priority. Let me tell you a little of the latest events - 1) IDF calls a family in Gaza, to let them know they are about to bomb the house from the air - demanding that the family members leave immediately. (the IDF had inteligence that weapons were stored in that family's house) 2) Family members climb to the roof of the house as they know the IDF pilots would not want to harm civilians 3) The IDF pilot fires a rocket to the corner of the roof, making it clear that if they don't leave, they will die, 4) The family get the point and run away 5) House is fired at 6) Explosions ocur due to ammunition and rockets stored there. Correction #3: The MC actually dispatched MIGCAP to fire 20mm cannon, not 'rocket' -- at the next building over. The kill ratio from a rocket's shrapnel would have killed anyone on the roof, hence, 20mm fire to ward off the family and scare the dickens out of them so they would bail from the structure. http://haaretz.com/hasen/spages/1052034.html The IDF Spokesman said that Ghayan's house had served as a weapons silo and a war room for Hamas. Under the house, according to the IDF, was a tunnel which was meant to serve as an escape route in case of an Israeli attack. . . . The IDF has code named such operations roof knocking, in which the army informs the residents of s suspected building that they have 10 minutes to leave the premises. In some cases, residents of suspected houses have been able to prevent bombing by climbing up to the roof to show that they will not leave, prompting IDF commanders to call off the strike. In these cases, Channel 10 reported Thursday, the IAF sometimes launches a relatively harmless missile at the corner of the roof, avoiding casualties but successfully dispersing the crowd. . . . It appears that the roof knocking technique was used in the assassination, but Ghayan decided to stay indoors with his family, and the army opted to bomb the house anyway. A lecturer at Gaza's Islamic University, Ghayan, 49, had mentored suicide bombers and would sometimes go on patrol with Hamas fighters. He was known for his close ties to the group's military wing and was respected in Gaza for donning combat fatigues and personally participating in clashes against Israeli forces. He sent one of his sons on an October 2001 suicide mission that killed two Israeli settlers in Gaza. #4: Family found Jesus right away, no, Common Sense...and bailed from the roof. #5: Cool fireworks display courtesy of your local IDF #6: Kudos to family for making a media moment of defiance, but it was really time to leave before someone was killed. 2009/1/4 valdis.kletni...@vt.edu: You people can't even agree to stop a flame war. It's not a flame war - it's an off-topic propaganda started by a Muslim and defended by a Jew. Just add the subject to a filter rule in Outlook/gmail/whatever client you use, and forget about it. Defended by two Jews now, Mazel tov Thanks for the help. -- Condoleezza Rice is a very cruel, offended woman who lacks men's attention. She needs to be taken to a company of man-soldiers and it would be just fine. Releasing such stupid remarks gives her the feeling of being fulfilled. This is the only way for her to attract men's attention. Show me that Rice is a woman? The only thing she attracts is reindeer. The States needs to practice the old Soviet tradition when both single women and single men were not allowed to take responsible state positions... --Vladimir Zhirinovsky, Russian politician, rabid leader of the Liberal and Democratic Party of Russia (LDPR) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CVE-2008-2303 proof of concept and more
CVE-2008-2303 covers an integer overflow in the handling of indices in the arguments array in Apple Safari that affects iPhone, iPod and PC (Mac and Windows). It was fixed in Safari 3.2 for iPhone and iPod in July and for PC in November. More details here: http://support.apple.com/kb/HT3298 Simple repro: http:// goog_1231173753359skypher goog_1231173753359.com/ goog_1231173753359SkyLined goog_1231173753359/ goog_1231173753359Repro goog_1231173753359/Safari/arguments%5B0x8%5D/ goog_1231173753359repro goog_1231173753359.html goog_1231173753359 I have also created proof of concept code that shows potential exploitability and demonstrates how to use heap-spraying in Safari. AFAIK this is the first use of heap spraying in Safari, but I may be wrong. Heap spraying in Safari is not that different from other browsers, just backwards ;) http://skypher.com/SkyLined/Repro/Safari/arguments%5B0x8%5D/poc.html No, script-kiddies, it is not a working insert download and execute code here exploit - view source for the win!! I have created a list of software vulnerabilities, including previously unreleased material, on my website: http://skypher.com/wiki/index.php?title=List_of_software_vulnerabilities Cheers, SkyLined Berend-Jan Wever berendjanwe...@gmail.com http://skypher.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure Digest, Vol 47, Issue 9
killing any civilians? Put another way, if one side of a conflict intentionally surrounds it's weapons with civilians, should the other side just give up? -- chort -- Message: 3 Date: Sun, 4 Jan 2009 12:28:44 + From: Some Guy Posting To Full Disclosure fd.le...@googlemail.com Subject: Re: [Full-disclosure] CCIE makes u go nuts?? or is that only nutsget CCIE To: Joel Jose joeljose...@gmail.com Cc: full-disclosure full-disclosure@lists.grok.org.uk Message-ID: 197321660901040428i7d708f5dx37cec88d8bcd7...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 I don't get why this is news. Murder happens all the time. Has he even been found guilty yet? True it looks like it is, but just look at that news article! You can perve on some poor guys destruction because it makes great news. I remember this happened a few years back to someone else and the guy was found innocent, despite the way the news channels made it look. On 1/3/09, Joel Jose joeljose...@gmail.com wrote: http://www.networkworld.com/community/node/35713 It scares the hell out of me. when i read the topics...and try to learn i cant help my mind and heart doubting...when will my name come in a news like that.. maaa... 8 years in cisco... a voice architect. hm... i was wanting to become like that without the twists that is... ;(... its scary lemme see ur responses Joel. -- it's not the years in your life that count. It's the life in your years. Abraham Lincoln ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- I'm your best best friend. -- Message: 4 Date: Mon, 5 Jan 2009 00:27:35 -0500 From: j-f sentier j.sent...@gmail.com Subject: Re: [Full-disclosure] The war in Palestine To: full-disclosure@lists.grok.org.uk Message-ID: 6f80feaf0901042127p5ad20591ged48fa177d2a2...@mail.gmail.com Content-Type: text/plain; charset=iso-8859-1 Well Israel is a very young nation, in 61 years of existence, they have been in war with all of them neighborhood, Egypt, Syria, Liban,Jordan, Palestine. If someone can find an explication that makes sens, i'll take it. Also Mr pro-sionist (Avraham Schneider) i dont believe in god nowaday but i've readed the bible twice and the torah once, so i'm able to segfault your pro-sionist brain: At least 178 Jews and persons of half- or three-quarters-Jewish ancestry have been awarded the Nobel Prize,1 accounting for 23% of all individual recipients worldwide between 1901 and 2008, and constituting 37% of all US recipients2 during the same period. In the scientific research fields of Chemistry, Economics, Medicine, and Physics, the corresponding world and US percentages are 27% and 40%, respectively. (Jews currently make up approximately 0.25% of the world's population and 2% of the US population.) Considering Jews are testifying to the existence of G-d - I would say it is hard to make your claim under these results... Speaking of which god and religion: jewish says: God have elected,chosen the jewish people (it's written in the Torah.) Dont forget one thing, the jewish people were also banned and condemned by this very same god to have pain and no home for 2000 years. Because of what ? same thing here, you want always more than we give you. And even if some son of god would come on this earth one day, you (sionnist guys) wont be able to reconnize him or you would kill him again, because you always thought you we're more intelligent than anyone around (which is a fundamental mistake). Also once you're not happy on something you play the card of the second world war deportation at any times, but hey, you're not the belly-button of the world, dont forget that Gipsys, black people, gay, arab, and everything that didn't have blond hair and blue eyes were also killed, this is real history no propaganda. All this sionist story is pathetic, they make more than one land hold-up in the front of the world and no one say nothing, because they're jew. Wassup if Iran (for example) was the investigator of this, and would have provided this very same excuse than tsahal did ? No of course the occident wouldn't have let this happen or not on this tonality. it's pretty funny to see in many places in U-K some huge flag : We support Israel. that remind me why they support so proudly israel : http://en.wikipedia.org/wiki/British_Mandate_of_Palestine Btw i'm not antisemite i like jews, i'm just anti-sionist :) Cheers -- next part -- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090105/d213 7757/attachment-0001.html -- Message: 5 Date: Sun, 04 Jan 2009 15:59:33 -0600 From: Paul Schmehl pschmehl_li...@tx.rr.com
Re: [Full-disclosure] The war in Palestine
Nobody force you to answer or even read this topic. You can still answer and read other topic. And what a liar you are.Yesterday a 20 year old boy got shoot dead by israel in Westbank in a demonstration. So dont speak like the soldiers are little angels. In fact Satan himself , take special course from sionist ppl. 2009/1/5 Yudi Rosen yr42.li...@gmail.com: It's interesting to note how the PA Palestinians in the West Bank are living peacefully - they're not launching attacks on Israeli citizens, and therefor aren't being attacked back by Israel. In fact, many of them have jobs within Israeli areas and receive benefits from the Israeli government (my source? I'm there right now, I've asked to both Jews and Arabs about this). Yet in Gaza, the ruling party (Hamas) has vowed not just to establish a Palestinian country, but also to destroy Israel and kill every last Jew. And they attempt to make good on their words by deliberately and specificly targeting civillians, even killing other Palestinians in the proccess. In order to defend it's own people (both Jews and Arabs), Israel launches this latest battle. THEN, (hoping to garner some sympathy for the Hamas cause, it seems?), several people start a flamefight on a IT-security mailing list. ...anyone see what doesn't make sense here? There are places to flame about this, FD doesn't seem like one of them. Please let's get back on topic? On Mon, Jan 5, 2009 at 10:17 AM, Avraham Schneider avri.schnei...@gmail.com wrote: On Mon, Jan 5, 2009 at 9:25 AM, - o z - o...@hotmail.com wrote: On Jan 4, 2009, at 10:31 PM, Avraham Schneider wrote: When there is no choice, there is no choice - Israel has to defend it's own civilian population as a first priority. Let me tell you a little of the latest events - 1) IDF calls a family in Gaza, to let them know they are about to bomb the house from the air - demanding that the family members leave immediately. (the IDF had inteligence that weapons were stored in that family's house) 2) Family members climb to the roof of the house as they know the IDF pilots would not want to harm civilians 3) The IDF pilot fires a rocket to the corner of the roof, making it clear that if they don't leave, they will die, 4) The family get the point and run away 5) House is fired at 6) Explosions ocur due to ammunition and rockets stored there. Correction #3: The MC actually dispatched MIGCAP to fire 20mm cannon, not 'rocket' -- at the next building over. The kill ratio from a rocket's shrapnel would have killed anyone on the roof, hence, 20mm fire to ward off the family and scare the dickens out of them so they would bail from the structure. http://haaretz.com/hasen/spages/1052034.html The IDF Spokesman said that Ghayan's house had served as a weapons silo and a war room for Hamas. Under the house, according to the IDF, was a tunnel which was meant to serve as an escape route in case of an Israeli attack. . . . The IDF has code named such operations roof knocking, in which the army informs the residents of s suspected building that they have 10 minutes to leave the premises. In some cases, residents of suspected houses have been able to prevent bombing by climbing up to the roof to show that they will not leave, prompting IDF commanders to call off the strike. In these cases, Channel 10 reported Thursday, the IAF sometimes launches a relatively harmless missile at the corner of the roof, avoiding casualties but successfully dispersing the crowd. . . . It appears that the roof knocking technique was used in the assassination, but Ghayan decided to stay indoors with his family, and the army opted to bomb the house anyway. A lecturer at Gaza's Islamic University, Ghayan, 49, had mentored suicide bombers and would sometimes go on patrol with Hamas fighters. He was known for his close ties to the group's military wing and was respected in Gaza for donning combat fatigues and personally participating in clashes against Israeli forces. He sent one of his sons on an October 2001 suicide mission that killed two Israeli settlers in Gaza. #4: Family found Jesus right away, no, Common Sense...and bailed from the roof. #5: Cool fireworks display courtesy of your local IDF #6: Kudos to family for making a media moment of defiance, but it was really time to leave before someone was killed. 2009/1/4 valdis.kletni...@vt.edu: You people can't even agree to stop a flame war. It's not a flame war - it's an off-topic propaganda started by a Muslim and defended by a Jew. Just add the subject to a filter rule in Outlook/gmail/whatever client you use, and forget about it. Defended by two Jews now, Mazel tov Thanks for the help. -- Condoleezza Rice is a very cruel, offended woman who lacks men's attention. She needs to be taken to a company of man-soldiers and it would be just fine. Releasing such stupid remarks gives her the feeling
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
just add an exception... On Mon, Jan 5, 2009 at 2:35 PM, Gary Wilson dra...@dragons.org.uk wrote: Having had enough of the non-topic junk this list has become recently, I went to unsub, but it seems the SSL cert is not valid/trusted. For the mods, I guess: Secure Connection Failed lists.grok.org.uk uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer) * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server. * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later. -- GW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FD / lists.grok.org - bad SSL cert
Having had enough of the non-topic junk this list has become recently, I went to unsub, but it seems the SSL cert is not valid/trusted. For the mods, I guess: Secure Connection Failed lists.grok.org.uk uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer) * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server. * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later. -- GW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
True, I could...yet this one is just a nonsensical flame-fight and really out of place. There's a difference between police shooting at demonstrations, and soldiers rolling in with tanks. Police shootings are not military operations, they happen just about everywhere on earth and are no indication of what's going on. On Mon, Jan 5, 2009 at 2:06 PM, Prototype This termin...@gmail.com wrote: Nobody force you to answer or even read this topic. You can still answer and read other topic. And what a liar you are.Yesterday a 20 year old boy got shoot dead by israel in Westbank in a demonstration. So dont speak like the soldiers are little angels. In fact Satan himself , take special course from sionist ppl. 2009/1/5 Yudi Rosen yr42.li...@gmail.com: It's interesting to note how the PA Palestinians in the West Bank are living peacefully - they're not launching attacks on Israeli citizens, and therefor aren't being attacked back by Israel. In fact, many of them have jobs within Israeli areas and receive benefits from the Israeli government (my source? I'm there right now, I've asked to both Jews and Arabs about this). Yet in Gaza, the ruling party (Hamas) has vowed not just to establish a Palestinian country, but also to destroy Israel and kill every last Jew. And they attempt to make good on their words by deliberately and specificly targeting civillians, even killing other Palestinians in the proccess. In order to defend it's own people (both Jews and Arabs), Israel launches this latest battle. THEN, (hoping to garner some sympathy for the Hamas cause, it seems?), several people start a flamefight on a IT-security mailing list. ...anyone see what doesn't make sense here? There are places to flame about this, FD doesn't seem like one of them. Please let's get back on topic? On Mon, Jan 5, 2009 at 10:17 AM, Avraham Schneider avri.schnei...@gmail.com wrote: On Mon, Jan 5, 2009 at 9:25 AM, - o z - o...@hotmail.com wrote: On Jan 4, 2009, at 10:31 PM, Avraham Schneider wrote: When there is no choice, there is no choice - Israel has to defend it's own civilian population as a first priority. Let me tell you a little of the latest events - 1) IDF calls a family in Gaza, to let them know they are about to bomb the house from the air - demanding that the family members leave immediately. (the IDF had inteligence that weapons were stored in that family's house) 2) Family members climb to the roof of the house as they know the IDF pilots would not want to harm civilians 3) The IDF pilot fires a rocket to the corner of the roof, making it clear that if they don't leave, they will die, 4) The family get the point and run away 5) House is fired at 6) Explosions ocur due to ammunition and rockets stored there. Correction #3: The MC actually dispatched MIGCAP to fire 20mm cannon, not 'rocket' -- at the next building over. The kill ratio from a rocket's shrapnel would have killed anyone on the roof, hence, 20mm fire to ward off the family and scare the dickens out of them so they would bail from the structure. http://haaretz.com/hasen/spages/1052034.html The IDF Spokesman said that Ghayan's house had served as a weapons silo and a war room for Hamas. Under the house, according to the IDF, was a tunnel which was meant to serve as an escape route in case of an Israeli attack. . . . The IDF has code named such operations roof knocking, in which the army informs the residents of s suspected building that they have 10 minutes to leave the premises. In some cases, residents of suspected houses have been able to prevent bombing by climbing up to the roof to show that they will not leave, prompting IDF commanders to call off the strike. In these cases, Channel 10 reported Thursday, the IAF sometimes launches a relatively harmless missile at the corner of the roof, avoiding casualties but successfully dispersing the crowd. . . . It appears that the roof knocking technique was used in the assassination, but Ghayan decided to stay indoors with his family, and the army opted to bomb the house anyway. A lecturer at Gaza's Islamic University, Ghayan, 49, had mentored suicide bombers and would sometimes go on patrol with Hamas fighters. He was known for his close ties to the group's military wing and was respected in Gaza for donning combat fatigues and personally participating in clashes against Israeli forces. He sent one of his sons on an October 2001 suicide mission that killed two Israeli settlers in Gaza. #4: Family found Jesus right away, no, Common Sense...and bailed from the roof. #5: Cool fireworks display courtesy of your local IDF #6: Kudos to family for making a media moment of defiance, but it was really time to leave before someone was killed. 2009/1/4 valdis.kletni...@vt.edu: You
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
Anders B Jansson wrote: And just what kind of crappy mail client do you have to can't filter messages on subject and/or sender? Why should we have to filter messages that are propaganda? This list is ridiculous, a flat out joke. Filters are for n3td3v and ureleet. Not this bullshit. That lame thread about palestine/Israel is just BS. Flat out. It has _NO_ place here! It's funny to me that the palestinians are getting what they asked for. Then someone comes HERE to ask for it to stop? It all kind of makes sense... Isn't the point of an un-moderated list that you'll have to moderate it yourself? -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
SSL certs cost money. This one works the same. etc.. On Mon, Jan 5, 2009 at 2:35 PM, Gary Wilson dra...@dragons.org.uk wrote: Having had enough of the non-topic junk this list has become recently, I went to unsub, but it seems the SSL cert is not valid/trusted. For the mods, I guess: Secure Connection Failed lists.grok.org.uk uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer) * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server. * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later. -- GW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
It's interesting to note how the PA Palestinians in the West Bank are living peacefully - they're not launching attacks on Israeli citizens, and therefor aren't being attacked back by Israel. In fact, many of them have jobs within Israeli areas and receive benefits from the Israeli government (my source? I'm there right now, I've asked to both Jews and Arabs about this). Yet in Gaza, the ruling party (Hamas) has vowed not just to establish a Palestinian country, but also to destroy Israel and kill every last Jew. And they attempt to make good on their words by deliberately and specificly targeting civillians, even killing other Palestinians in the proccess. In order to defend it's own people (both Jews and Arabs), Israel launches this latest battle. THEN, (hoping to garner some sympathy for the Hamas cause, it seems?), several people start a flamefight on a IT-security mailing list. ...anyone see what doesn't make sense here? There are places to flame about this, FD doesn't seem like one of them. Please let's get back on topic? On Mon, Jan 5, 2009 at 10:17 AM, Avraham Schneider avri.schnei...@gmail.com wrote: On Mon, Jan 5, 2009 at 9:25 AM, - o z - o...@hotmail.com wrote: On Jan 4, 2009, at 10:31 PM, Avraham Schneider wrote: When there is no choice, there is no choice - Israel has to defend it's own civilian population as a first priority. Let me tell you a little of the latest events - 1) IDF calls a family in Gaza, to let them know they are about to bomb the house from the air - demanding that the family members leave immediately. (the IDF had inteligence that weapons were stored in that family's house) 2) Family members climb to the roof of the house as they know the IDF pilots would not want to harm civilians 3) The IDF pilot fires a rocket to the corner of the roof, making it clear that if they don't leave, they will die, 4) The family get the point and run away 5) House is fired at 6) Explosions ocur due to ammunition and rockets stored there. Correction #3: The MC actually dispatched MIGCAP to fire 20mm cannon, not 'rocket' -- at the next building over. The kill ratio from a rocket's shrapnel would have killed anyone on the roof, hence, 20mm fire to ward off the family and scare the dickens out of them so they would bail from the structure. http://haaretz.com/hasen/spages/1052034.html The IDF Spokesman said that Ghayan's house had served as a weapons silo and a war room for Hamas. Under the house, according to the IDF, was a tunnel which was meant to serve as an escape route in case of an Israeli attack. . . . The IDF has code named such operations roof knocking, in which the army informs the residents of s suspected building that they have 10 minutes to leave the premises. In some cases, residents of suspected houses have been able to prevent bombing by climbing up to the roof to show that they will not leave, prompting IDF commanders to call off the strike. In these cases, Channel 10 reported Thursday, the IAF sometimes launches a relatively harmless missile at the corner of the roof, avoiding casualties but successfully dispersing the crowd. . . . It appears that the roof knocking technique was used in the assassination, but Ghayan decided to stay indoors with his family, and the army opted to bomb the house anyway. A lecturer at Gaza's Islamic University, Ghayan, 49, had mentored suicide bombers and would sometimes go on patrol with Hamas fighters. He was known for his close ties to the group's military wing and was respected in Gaza for donning combat fatigues and personally participating in clashes against Israeli forces. He sent one of his sons on an October 2001 suicide mission that killed two Israeli settlers in Gaza. #4: Family found Jesus right away, no, Common Sense...and bailed from the roof. #5: Cool fireworks display courtesy of your local IDF #6: Kudos to family for making a media moment of defiance, but it was really time to leave before someone was killed. 2009/1/4 valdis.kletni...@vt.edu: You people can't even agree to stop a flame war. It's not a flame war - it's an off-topic propaganda started by a Muslim and defended by a Jew. Just add the subject to a filter rule in Outlook/gmail/whatever client you use, and forget about it. Defended by two Jews now, Mazel tov Thanks for the help. -- Condoleezza Rice is a very cruel, offended woman who lacks men's attention. She needs to be taken to a company of man-soldiers and it would be just fine. Releasing such stupid remarks gives her the feeling of being fulfilled. This is the only way for her to attract men's attention. Show me that Rice is a woman? The only thing she attracts is reindeer. The States needs to practice the old Soviet tradition when both single women and single men were not allowed to take responsible state positions... --Vladimir Zhirinovsky, Russian politician, rabid leader of the
Re: [Full-disclosure] The war in Palestine
Me and others disproved every single one of the claims you and the other Muslim (assuming you are not the same) person posted here. The fact that nobody forced him to answer or even read the topic might be true but his frustration is understandable for this mailing list is aimed for IT-Security related discussions and you started a completely off-topic thread full of propaganda lies. It is therefore understandable why subscribers to this list who know the facts and know that you are spreading propaganda full of lies respond in order to clear their (and their country's, etc...) name - but it does not explain why you started this thread on an IT-Security mailing list. As for the 21 (not 20) year old 'boy' - 'demonstrating' Moral of the story- if you don't throw flaming tires at armed soldiers during a riot, you won't get shot. On Mon, Jan 5, 2009 at 2:06 PM, Prototype This termin...@gmail.com wrote: Nobody force you to answer or even read this topic. You can still answer and read other topic. And what a liar you are.Yesterday a 20 year old boy got shoot dead by israel in Westbank in a demonstration. So dont speak like the soldiers are little angels. In fact Satan himself , take special course from sionist ppl. 2009/1/5 Yudi Rosen yr42.li...@gmail.com: It's interesting to note how the PA Palestinians in the West Bank are living peacefully - they're not launching attacks on Israeli citizens, and therefor aren't being attacked back by Israel. In fact, many of them have jobs within Israeli areas and receive benefits from the Israeli government (my source? I'm there right now, I've asked to both Jews and Arabs about this). Yet in Gaza, the ruling party (Hamas) has vowed not just to establish a Palestinian country, but also to destroy Israel and kill every last Jew. And they attempt to make good on their words by deliberately and specificly targeting civillians, even killing other Palestinians in the proccess. In order to defend it's own people (both Jews and Arabs), Israel launches this latest battle. THEN, (hoping to garner some sympathy for the Hamas cause, it seems?), several people start a flamefight on a IT-security mailing list. ...anyone see what doesn't make sense here? There are places to flame about this, FD doesn't seem like one of them. Please let's get back on topic? On Mon, Jan 5, 2009 at 10:17 AM, Avraham Schneider avri.schnei...@gmail.com wrote: On Mon, Jan 5, 2009 at 9:25 AM, - o z - o...@hotmail.com wrote: On Jan 4, 2009, at 10:31 PM, Avraham Schneider wrote: When there is no choice, there is no choice - Israel has to defend it's own civilian population as a first priority. Let me tell you a little of the latest events - 1) IDF calls a family in Gaza, to let them know they are about to bomb the house from the air - demanding that the family members leave immediately. (the IDF had inteligence that weapons were stored in that family's house) 2) Family members climb to the roof of the house as they know the IDF pilots would not want to harm civilians 3) The IDF pilot fires a rocket to the corner of the roof, making it clear that if they don't leave, they will die, 4) The family get the point and run away 5) House is fired at 6) Explosions ocur due to ammunition and rockets stored there. Correction #3: The MC actually dispatched MIGCAP to fire 20mm cannon, not 'rocket' -- at the next building over. The kill ratio from a rocket's shrapnel would have killed anyone on the roof, hence, 20mm fire to ward off the family and scare the dickens out of them so they would bail from the structure. http://haaretz.com/hasen/spages/1052034.html The IDF Spokesman said that Ghayan's house had served as a weapons silo and a war room for Hamas. Under the house, according to the IDF, was a tunnel which was meant to serve as an escape route in case of an Israeli attack. . . . The IDF has code named such operations roof knocking, in which the army informs the residents of s suspected building that they have 10 minutes to leave the premises. In some cases, residents of suspected houses have been able to prevent bombing by climbing up to the roof to show that they will not leave, prompting IDF commanders to call off the strike. In these cases, Channel 10 reported Thursday, the IAF sometimes launches a relatively harmless missile at the corner of the roof, avoiding casualties but successfully dispersing the crowd. . . . It appears that the roof knocking technique was used in the assassination, but Ghayan decided to stay indoors with his family, and the army opted to bomb the house anyway. A lecturer at Gaza's Islamic University, Ghayan, 49, had mentored suicide bombers and would sometimes go on patrol with Hamas fighters. He was known for his close ties to the group's military wing and was respected in Gaza for
Re: [Full-disclosure] The war in Palestine
What does this have to do with computers/computer security? Nothing. Take your propoganda and go home! Handrix wrote: Hi all, The terrorist Israeli forces bombed Gaza city and destroyed many buildings and killed several hundred people. Israel likes to invoke as a justification for its attacks on its neighbors the war against Terror - the current slogan adopted by the United States. I hope that can help many people to understand why killing children, women, and all innocents person. Please STOP WAR IN PALASTINE -- Handrix Network Engineering/Security http://securynix.co.cc/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | |/ \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] to those who want moderation...
For those that want moderation on this mailing list, please let us all know how you would like to achieve said moderation on a mailing list populated by security-conscious persons who may also share a tendency to aschew rules and/or authority. Before vomiting out an answer, think a little bit more about it and continue down that road. Finally, when you come upon enlightenment, shut up and stop crying about moderation. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
SSL certs cost money. This one works the same. etc.. Uh, no, actually CAs provide some weak assurance that the certificate is the real one and associated with that server. A self-signed one provides none. If you can't, in some way, authenticate the certificate then SSL is not any better than sending data plain text. It's not that I approve of the current SSL PKI regime, but it's still better than none. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Allaa, Frankly I think that the entire thing is silly. We're human beings made up of the same flesh, blood and bone. We all come from the exact same source regardless of what name we give it. The same bullet that can kill me can kill you and the resulting family pains would also be similar. Its a war not worth fighting for either side, just be present and enjoy the life that you can have instead of making it miserable by focusing on the past which can not be changed and the future which will never exist. The future is just a projection from your imagination but the present is where you're living. If you're unhappy with where you are in the present then you haven't been living in the present properly. God I sound like a monk or something... On Jan 4, 2009, at 6:10 AM, Alaa Abdelwahab wrote: Dear All While I believe this is not the best place to discuss this subject, and it will be my first post ever, but you really gave me a very good reason to send this mail. I do recommend every one to read the history to know why rockets are lunched from Gaza toward the “Israeli” lands, and what the Israeli troops are really doing. You do not have time ? yes even sometime I don’t have enough time to read my own mails. I will try to help, have a look on this map image001.jpg Do you understand why the small green areas are attacking the white ones ?? If you don’t like to think about it and maybe we are all technical ppl who really only understand numbers? I will help as well In the last 8 years there were 5000 rockets (if we can really call it rockets) launched from the green areas killed “5” and wounded “15” and captured “1” ppl who lives in the white lands. So the ppl from the white areas answer by killing “5000” and wounded “15” and capture more than “2” ppl from the green areas (7% of these number are only in the last 7 days). Maybe I will try to help more after 10 years from now by sending another Map, and lets discuss then why the Palestinians didn’t resist to exist, if we will remember if there was a country called Palestine, which used to own the whole green and white lands only 70 years ago I hope that I didn’t take much time from you all. Brgds…Alaa ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Simon Smith si...@snosoft.com -- Subscribe to our blog http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Mon, 05 Jan 2009 11:25:58 PST, Tim said: Uh, no, actually CAs provide some weak assurance that the certificate is the real one and associated with that server. A self-signed one provides none. If you can't, in some way, authenticate the certificate then SSL is not any better than sending data plain text. It's *slightly* better, in that it guards against passive sniffing attacks on the data in transit. You're right that it doesn't guard against an active MITM attack. pgpZ1vn3vDmBx.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] to those who want moderation...
eschew moderation! just delete crap you don't want :) WMM On Mon, Jan 5, 2009 at 2:26 PM, Michael Krymson krym...@gmail.com wrote: For those that want moderation on this mailing list, please let us all know how you would like to achieve said moderation on a mailing list populated by security-conscious persons who may also share a tendency to aschew rules and/or authority. Before vomiting out an answer, think a little bit more about it and continue down that road. Finally, when you come upon enlightenment, shut up and stop crying about moderation. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Warren Myers http://warrenmyers.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
--On January 2, 2009 4:27:10 PM -0600 Handrix hand...@gmail.com wrote: Hi all, The terrorist Israeli forces bombed Gaza city and destroyed many buildings and killed several hundred people. Israel likes to invoke as a justification for its attacks on its neighbors the war against Terror - the current slogan adopted by the United States. I hope that can help many people to understand why killing children, women, and all innocents person. Please STOP WAR IN PALASTINE Hamas has sent over 6000 rockets into Israel over the past three years. In 2008 alone they launched 1,750 rockets and 1,528 mortar shells into Israeli territory. They're about as innocent as a thief caught with his hand in the cookie jar. Not only that but they deliberately place their rocket and mortar launchers in the middle of civilian targets in an effort to produce as many Palestinian casualties as possible purely for propaganda purposes. They alone are responsible for the deaths of innocent Palestinians. The Palestinians overwhelmingly voted Hamas into power and fully support their repeated murder of Israelis. They support the complete annihilation of Israel and all its people. What do you expect Israel to do? Negotiate with bloodthirsty murderers? Paul Schmehl (pa...@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ANNOUNCE: RFIDIOt ver 01.v released - Jan 2009
Happy New Year! Since I haven't done so *all year*, I thought it's about time I release something! :P Actually, for my sins, since my idiocy seems to have now encompassed JAVA, I wanted to get this out there... Most of the effort has been in figuring out how to get a build environment working without having to do a full eclipse and JCOP Tools install (the latter being very hard to come by these days), so if you're interested in JCOP JavaCard development, take a peek in the Makefile located in the 'java' subdirectory of this distro, which aims to make command line development easier... I hope it makes sense, but since I'm new to Java development, please feel free to point me in the right direction if I'm completely off base... From CHANGES: v0.v - January 2009 fix ATS position length in RFIDIOT.py add jcopsetatrhist.py - sets ATR History Bytes (ATS) on JCOP cards add jcop_set_atr_hist.cap - java applet for setting ATR/ATS add JAVA source for jcop_set_atr_hist.cap move iso_7816 routines into RFIDIOt (from mrpkey.py) fix exit status of all test programs and RFIDIOt (should be True on error) Full details and download here: http://rfidiot.org Enjoy, Adam -- Adam Laurie Tel: +44 (0) 20 7993 2690 Suite 117 Fax: +44 (0) 1308 867 949 61 Victoria Road Surbiton Surrey mailto:a...@algroup.co.uk KT6 4JX http://rfidiot.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-702-1] Samba vulnerability
=== Ubuntu Security Notice USN-702-1 January 05, 2009 samba vulnerability CVE-2009-0022 === A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: samba 2:3.2.3-1ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Gunter Höckel discovered that Samba with registry shares enabled did not properly validate share names. An authenticated user could gain access to the root filesystem by using an older version of smbclient and specifying an empty string as a share name. This is only an issue if registry shares are enabled on the server by setting registry shares = yes, include = registry, or config backend = registry, which is not the default. Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.diff.gz Size/MD5: 228722 0f792a410505a9918479562ef16ccef4 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4.dsc Size/MD5: 1902 0bda9c946d4f940383ca31bb7ad3e3e8 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3.orig.tar.gz Size/MD5: 23704996 c1630a57ac0ec24bc364c6d11c93ec35 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.2.3-1ubuntu3.4_all.deb Size/MD5: 6261402 cdfa982dd0b9c04511734aba9cb98f43 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.2.3-1ubuntu3.4_all.deb Size/MD5: 7954776 d12c0694fa65e5f7162d5322f6765822 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 638726 cc8150b5214fb77d9dfc019b2526cb7c http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 1968610 adbbd514e01210d81004f1b9e674701e http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 1370212 3192295c2170f5342235edcfd5a2044a http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_amd64.deb Size/MD5:89088 fd98b8c2d156a43597d81cb3c05ab3de http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 3815552 f36fd7dc29e504467a9e0c08f675dc48 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 1993446 547e40f9cbc9e94908b9c21b54cf7c1f http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 5802386 e3e7c712a2784007497213bb0cf2d3d1 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 4908532 9188ed5c2e93fcfcc93ffb57aa33a4eb http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 7173498 6098ce448371e6cb7ba8a7d1acc82f39 http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 1529412 99c94bc3bc8b4ca40b70844062cb0158 http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 1112728 6e7be6d81d4bb9645fe7049ad1098e24 http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.2.3-1ubuntu3.4_amd64.deb Size/MD5: 3349950 4865e691932849cb5d554b27dc8203c6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.2.3-1ubuntu3.4_i386.deb Size/MD5: 574078 2547fa4ec3a2704e7600cfc1682e2678 http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.2.3-1ubuntu3.4_i386.deb Size/MD5: 1844540 d766893ef3b88eefe3a5ff236d37a083 http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.2.3-1ubuntu3.4_i386.deb Size/MD5: 1217736 fb4a6dcac85271bb5abd3102e246e908 http://security.ubuntu.com/ubuntu/pool/main/s/samba/libwbclient0_3.2.3-1ubuntu3.4_i386.deb Size/MD5:87620 145a90245f66ae82c94611c9a5ef90c6 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.2.3-1ubuntu3.4_i386.deb Size/MD5: 3459480 f83b000101753604b107b969cbafaf38 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.2.3-1ubuntu3.4_i386.deb Size/MD5: 2077500 e4d3bba7c3992d54a002a3de960da088 http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-tools_3.2.3-1ubuntu3.4_i386.deb Size/MD5: 5161386 2f816bd0759b5395312b0260b2b1a830
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
It's *slightly* better, in that it guards against passive sniffing attacks on the data in transit. You're right that it doesn't guard against an active MITM attack. How is that better, really? Run tcpdump or ettercap... Either of the tools are off the shelf. It doesn't take a great deal of skill for either. Just because a piece of software is doing an extra step or three doesn't mean an attacker has to do significantly more work. O(1) + O(1) = O(1) What modern networks don't permit active modification of packets in realtime if you have the right access to the data? I can conceive of some hypothetical radio broadcast or other physical media which, if carefully designed, could make MitM attacks difficult by virtue of the media itself (along the lines of a poor man's quantum crypto line), but I don't know of any in use. Do enlighten me if you do. cheers, tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
Another thought... If the FD maintainers wanted to include the fingerprint of their self-signed cert or CA in the monthly list charter email, it might be archived in dozens of places around the internet and allow those who actually care about SSL security to validate the certificate without having to rely on the CA gods in the sky to do it for them. Still not perfect, but better than the current state of things. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Dont really know who's making propaganda around here ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Full-Disclosure wouldn't let me post this message
-- Forwarded message -- From: full-disclosure-boun...@lists.grok.org.uk Date: Sat, Jan 3, 2009 at 6:59 PM Subject: Your message to Full-Disclosure awaits moderator approval To: xploita...@gmail.com Your mail to 'Full-Disclosure' with the subject Israel-Gaza conflict: Cyber War or just Cyber Protest? Is being held until the list moderator can review it for approval. The reason it is being held: Message has a suspicious header -- Forwarded message -- From: n3td3v xploita...@gmail.com Date: Sat, Jan 3, 2009 at 6:59 PM Subject: Israel-Gaza conflict: Cyber War or just Cyber Protest? To: full-disclosure@lists.grok.org.uk If cyber war is just web site defacement then I don't think we ever need to take cyber war too seriously. It seems to me that cyber war just means protesters protesting and no actual cyber war is there, as a cyber war would mean two sides fighting, although two sides aren't fighting in cyber its all one-way script kid web defacement, not real war in any sense. Two sides fighting, a government and some other entity and the internet stuck in the middle, now that would mean cyber war, there has been no cyber war and is unlikely to be one. If people are marching in London today in the streets against the Israel-Gaza conflict is that called war? Of course not, so why are the media so quick to call protesting on-line, a war? [1] What it really is, is folks protesting... a cyber protest, not a war. Why are we using the wrong words to describe stuff? It's not even the media, it was Gary Warner on a web log. [2] [1] http://news.bbc.co.uk/1/hi/uk/7809656.stm [2] http://garwarner.blogspot.com/2008/12/muslim-hackers-declare-cyberwar-on.html We as a community should be cautious about using the wrong words to describe stuff, because the media take influence from us guys on mailing lists and blogs and at security conferences, so its important we use cyber protest when script kids deface some web sites. To put the right angle on this, it's unlikely to be new people doing the defacements, its likely to be script kids who were defacers anyway, and just change their political message to go with *whatever the current climate is*. Tomorrow the same folks will be defacing with a new message, they don't care *really* about the message, defacers will find any reason to deface. It's unlikely the Israel-Gaza conflict defacers were only sprung into action because of what is going on in the world, they would be defacing anyway and looking for any excuse to do so. Let's be careful from now on I don't like to see the wrong buzzwords used and i'm sure Gadi doesn't either. If Hamas cyber attacked Israel and Israel had a cyber response, then that would be cyber war. This is not cyber war folks, this is a cyber protest those kids are doing, they are unlikely to be connected with anything thats going on and were web defacers anyway with a different defacement message the day before. Please I hope we as security experts know the difference. I wrote this Email just incase because i'm sick of certain buzzwords like cyber war when there isn't a cyber war. When the day comes that a government and another entity is two-way cyber fighting and say for instance critical national infrastructure is affected then you can talk about cyber war, until then please describe web site defacers as cyber protest. A cyber war is two-way fighting, one-way fighting is not a war! And to clarify, a bunch of kids defacing a web site and you applying a patch afterwards is not classed as two-way fighting and cannot be considered cyber war either. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Mon, Jan 5, 2009 at 11:46 AM, valdis.kletni...@vt.edu wrote: On Mon, 05 Jan 2009 11:25:58 PST, Tim said: Uh, no, actually CAs provide some weak assurance that the certificate is the real one and associated with that server. A self-signed one provides none. If you can't, in some way, authenticate the certificate then SSL is not any better than sending data plain text. It's *slightly* better, in that it guards against passive sniffing attacks on the data in transit. You're right that it doesn't guard against an active MITM attack. The prevailing use of self-signed certs on the Internet basically destroys the usefulness of HTTPS, since it trains users to simply click add exception and ignore the scary warnings because then I get the lock icon, which means I'm safe! The browser security model should be changed to visually differentiate between encrypted and authenticated, but that would require massive re-engineering of browser software, and lengthy re-education of lusers. Given the option between no HTTPS and HTTPS via self-signed cert, you should choose the former if you're running a public website. If the connections really do need to be protected, stop being so effing stingy and cough up the $70 for a certificate signed by a CA that is in the default trusted bundle of major browsers. -- chort ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Mon, 05 Jan 2009 12:47:20 PST, Tim said: How is that better, really? Run tcpdump or ettercap... Either of the tools are off the shelf. And if the site is using a self-signed cert, how does a 3rd party tcpdump manage to get a *decrypted* datastream? Yes, you can still do traffic analysis on the X talked to Y with packet sizes A, B, and C level, but you can't look at the data. pgp94bmwzPbDE.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
They shouldn't let you post at all. 2009/1/5 n3td3v xploita...@gmail.com -- Forwarded message -- From: full-disclosure-boun...@lists.grok.org.uk Date: Sat, Jan 3, 2009 at 6:59 PM Subject: Your message to Full-Disclosure awaits moderator approval To: xploita...@gmail.com Your mail to 'Full-Disclosure' with the subject Israel-Gaza conflict: Cyber War or just Cyber Protest? Is being held until the list moderator can review it for approval. The reason it is being held: Message has a suspicious header -- Forwarded message -- From: n3td3v xploita...@gmail.com Date: Sat, Jan 3, 2009 at 6:59 PM Subject: Israel-Gaza conflict: Cyber War or just Cyber Protest? To: full-disclosure@lists.grok.org.uk If cyber war is just web site defacement then I don't think we ever need to take cyber war too seriously. It seems to me that cyber war just means protesters protesting and no actual cyber war is there, as a cyber war would mean two sides fighting, although two sides aren't fighting in cyber its all one-way script kid web defacement, not real war in any sense. Two sides fighting, a government and some other entity and the internet stuck in the middle, now that would mean cyber war, there has been no cyber war and is unlikely to be one. If people are marching in London today in the streets against the Israel-Gaza conflict is that called war? Of course not, so why are the media so quick to call protesting on-line, a war? [1] What it really is, is folks protesting... a cyber protest, not a war. Why are we using the wrong words to describe stuff? It's not even the media, it was Gary Warner on a web log. [2] [1] http://news.bbc.co.uk/1/hi/uk/7809656.stm [2] http://garwarner.blogspot.com/2008/12/muslim-hackers-declare-cyberwar-on.html We as a community should be cautious about using the wrong words to describe stuff, because the media take influence from us guys on mailing lists and blogs and at security conferences, so its important we use cyber protest when script kids deface some web sites. To put the right angle on this, it's unlikely to be new people doing the defacements, its likely to be script kids who were defacers anyway, and just change their political message to go with *whatever the current climate is*. Tomorrow the same folks will be defacing with a new message, they don't care *really* about the message, defacers will find any reason to deface. It's unlikely the Israel-Gaza conflict defacers were only sprung into action because of what is going on in the world, they would be defacing anyway and looking for any excuse to do so. Let's be careful from now on I don't like to see the wrong buzzwords used and i'm sure Gadi doesn't either. If Hamas cyber attacked Israel and Israel had a cyber response, then that would be cyber war. This is not cyber war folks, this is a cyber protest those kids are doing, they are unlikely to be connected with anything thats going on and were web defacers anyway with a different defacement message the day before. Please I hope we as security experts know the difference. I wrote this Email just incase because i'm sick of certain buzzwords like cyber war when there isn't a cyber war. When the day comes that a government and another entity is two-way cyber fighting and say for instance critical national infrastructure is affected then you can talk about cyber war, until then please describe web site defacers as cyber protest. A cyber war is two-way fighting, one-way fighting is not a war! And to clarify, a bunch of kids defacing a web site and you applying a patch afterwards is not classed as two-way fighting and cannot be considered cyber war either. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote: They shouldn't let you post at all. LOL! Thanks for the chuckle! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Mon, 05 Jan 2009 13:29:52 PST, Tim said: How is that better, really? Run tcpdump or ettercap... Either of the tools are off the shelf. And if the site is using a self-signed cert, how does a 3rd party tcpdump manage to get a *decrypted* datastream? Yes, you can still do traffic analysis on the X talked to Y with packet sizes A, B, and C level, but you can't look at the data. You're missing the point of my comment: Plaintext communication = use tcpdump Encrypted without a cert = use ettercap (or something similar) I believe I stated *up front* that it doesn't secure against an active MITM attack. Once ettercap presents a *different* certificate than the one you were expecting, the victim can at least potentially notice (the same way that OpenSSH complains if it discovers that a host key is different). There's also issues with getting things like ettercap working if you don't have access to the last-hop subnet (good luck sniffing all the traffic between two routers looking for one netflow ;) No, I don't claim that Joe Sixpack will notice if they're ettercap'ed. However, fine distinctions like the difference between just throw ettercap at it and this protects against passive sniffing but not active MITM are often important in this business. pgpmw0ayFicbO.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote: On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote: They shouldn't let you post at all. LOL! Thanks for the chuckle! Can we have conversation about my opinion on using 'cyber protest' instead of 'cyber war'? I think the community has been getting confused on such matters. Regards, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said: Can we have conversation about my opinion on using 'cyber protest' instead of 'cyber war'? No. I think the community has been getting confused on such matters. The community isn't confused. Only the posers who are pretending to be part of the community are confused. pgp4FCF2GIID0.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Congratulation's handrix, and few other people here. for proving you amazing history and middle east knowledge. few facts (I'm from Israel, and also in the idf, for everyone who want few more reasons to hate me): In the beginning of the 20th century there were almost no Arabs in the land of Israel. However, the Jews, in spite of two thousand years of persecution, have been the majority of the population there during most of the history. In Jerusalem- they have always been the majority. When general Alenby , the commander of the British army, conquered Israel in 1917-1918, he found only a few thousands Arabs. Other Muslims in the region came from Turkey, or were the descendants of Jews and Christians who were forced to change their religion by the Muslims conquerers- but none of them was originally Arab. That about the so called Palestine country and all of that crap. (btw, if you care about it you may want to search for Philip Hitti AN ARAB PHD for middle east history who said: it is well known that there is no such thing as Palestine in the history there are few other arabs how said pretty much the same... just search it.) for the hamas part, please search for the Fatah, after that, you might ask so why did the Gaza strip people voted for hamas in democratically election? simple, hamas give them food, money and other things if they join them in the fight against israel, hamas control the fuel, hospital and most of the guns in the Gaza strip, they threat people and made them vote hamas, i won't go on with that line, so handrix and few other people here won't say I'm telling lies. from the year 2000 hamas is firing rockets (grad, improved grad qaasam and other rockets) the numbers that people wrote here are not even close to the real numbers. so what would you do? if your country was bombed each day, day after day even when you are not doing anything (and for a long time the idf didn't do anything in gaza) during the cease fire hamas still fire rockets to israeli civilian and military targets! so don't say its israeli propaganda or lies, hamas is a terrorist organization and nothing else matter, we gave them option to stop this stupid fight, they didn't took it. (for example, on the other of israel judea and samaria, israel is letting all the arab enter israel and work, not shooting down anybody and they are not under any israeli control, read about the fatah if you care about what is going on with the israeli arabs. Israel is doing everything it can in order to hurt only hamas people and is doing everything in our power not to hit civilians no one, including the UN,USA or anyone else has the civilians hit rate that the IDF is achieving in the small, crowded Gaza strip (usa bombed weddings and pure civilians targets in Afghanistan, UN is not enforcing there own rules about fire arms in Lebanon, Iraq war do i really need to say anything else?) so please think again before you spread your ignorance to the world. Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. beside that, I'm sorry for for the English mistakes i probably have, as you can understand, i speak Hebrew as prime language, not English Hopefully that i managed to show you the bigger picture (more then a half a million Israelis that are suffering daily from hamas rockets for something that only the hamas can be blamed on) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, Jan 5, 2009 at 10:03 PM, valdis.kletni...@vt.edu wrote: On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said: Can we have conversation about my opinion on using 'cyber protest' instead of 'cyber war'? No. I think the community has been getting confused on such matters. The community isn't confused. Only the posers who are pretending to be part of the community are confused. The media? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, Jan 5, 2009 at 10:03 PM, n3td3v xploita...@gmail.com wrote: On Mon, Jan 5, 2009 at 10:03 PM, valdis.kletni...@vt.edu wrote: On Mon, 05 Jan 2009 21:57:33 GMT, n3td3v said: Can we have conversation about my opinion on using 'cyber protest' instead of 'cyber war'? No. I think the community has been getting confused on such matters. The community isn't confused. Only the posers who are pretending to be part of the community are confused. The media? I think SANS is confused too; Published: 2009-01-03, Last Updated: 2009-01-04 00:08:06 UTC by Rick Wanner (Version: 1) Emails have been trickling into the ISC with information about the ongoing Cyberwar accompanying the Israel and Gaza conflict. http://isc.sans.org/diary.html?storyid=5620 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, 05 Jan 2009 22:08:10 GMT, you said: I think SANS is confused too; But you've complained in the past that SANS is a bunch of posers, thus proving my point. ;) pgpAHe6OvUSph.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, 5 Jan 2009, n3td3v wrote: On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote: On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote: They shouldn't let you post at all. LOL! Thanks for the chuckle! Can we have conversation about my opinion on using 'cyber protest' instead of 'cyber war'? Well, we could, but I'm not sure what it has to do with the charter of this list. Besides, I get the idea from reading this list that people have more fun bashing you than they do talking about subjects this list was created to address. I get the idea that the list has no COPPA filtering (no one 13 or younger allowed), nor does it have any sort of maturity level filtering. Unfortunately. -- Ed Carp, N7EKG - e...@pobox.com - ** PGP or GPG encrypted email preferred ** (303) 731-5625 -or- (850) 291-1563 (cell) A government big enough to give you everything you want is big enough to take everything you have. -- Barry Goldwater ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
Hi! The prevailing use of self-signed certs on the Internet basically destroys the usefulness of HTTPS, since it trains users to simply click add exception and ignore the scary warnings because then I get the lock icon, which means I'm safe! [...] stop being so effing stingy and cough up the $70 for a certificate signed by a CA that is in the default trusted bundle of major browsers. Well, last month we saw reports that one of those trusted CAs (one of those preinstalled-in-all-browsers one) signed certificates without *any* check. The example chosen was MOZILLA.ORG (.com? not sure). Few years ago there was the case of microsoft.com cert being signed to a non-MS person. So training the users lock = safe or even green lock = safe is as misleading as using self-signed certs. And as browsers usually do not check CRLs, there is no way preventing the use of wrongfully signed certificates short of distributing a software update (as was with the MS case). If browsers had a cert cache and checked it similar to SSH, MitM-attacks would be much harder. Bye Volker -- Volker Tangerhttp://www.wyae.de/volker.tanger/ -- vtli...@wyae.dePGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Tue, 2009-01-06 at 00:25, Rob Thompson wrote: That lame thread about palestine/Israel is just BS. Flat out. It has _NO_ place here! spamassassin's great - header FD_BS Subject =~ /The war/i describe FD_BS BS scoreFD_BS 100.0 we delete at score 7 :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
It was Mozilla.com: http://www.sslshopper.com/article-ssl-certificate-for-mozilla.com-issued-without-validation.html Juha-Matti Volker Tanger [vtli...@wyae.de] wrote: Hi! The prevailing use of self-signed certs on the Internet basically destroys the usefulness of HTTPS, since it trains users to simply click add exception and ignore the scary warnings because then I get the lock icon, which means I'm safe! [...] stop being so effing stingy and cough up the $70 for a certificate signed by a CA that is in the default trusted bundle of major browsers. Well, last month we saw reports that one of those trusted CAs (one of those preinstalled-in-all-browsers one) signed certificates without *any* check. The example chosen was MOZILLA.ORG (.com? not sure). Few years ago there was the case of microsoft.com cert being signed to a non-MS person. So training the users lock = safe or even green lock = safe is as misleading as using self-signed certs. And as browsers usually do not check CRLs, there is no way preventing the use of wrongfully signed certificates short of distributing a software update (as was with the MS case). If browsers had a cert cache and checked it similar to SSH, MitM-attacks would be much harder. Bye Volker -- Volker Tangerhttp://www.wyae.de/volker.tanger/ -- vtli...@wyae.dePGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
No, I don't claim that Joe Sixpack will notice if they're ettercap'ed. However, fine distinctions like the difference between just throw ettercap at it and this protects against passive sniffing but not active MITM are often important in this business. That's the thing. I don't think that distinction is relevant in modern networks. Maybe ettercap isn't the optimal tool, but you *should not differentiate between MitM and passive sniffing attacks* if there is no authentication being performed. Unless someone provides me with a counter example, I'm saying that those with access to sniff a network have the access to perform MitM attacks. That's all that's applicable, because the only thing making MitM harder is the right piece of software. I think our DRM friends in the content industry have come to realize that this does not make things harder. All it takes is one guy to write and release it. By implying to non-security types that there is some kind of tangible difference in the security between plain text and non-authenticated SSL is a great disservice. Yeah, to the layman it sounds like there ought to be a difference, but there isn't. tim EOL ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
And as browsers usually do not check CRLs, there is no way preventing the use of wrongfully signed certificates short of distributing a software update (as was with the MS case). If browsers had a cert cache and checked it similar to SSH, MitM-attacks would be much harder. Well, now you're just pushing the problem off on users. How many of them would check the certificate the first time? Does it matter to an end-user if their credit card info is stolen *only the first time* and not after that? Certainly SSL's PKI has major problems. Many of these problems can be remedied through simple client software changes. Why is every CA treated the same? Why don't we start assigning levels of trust to different CAs? A web-of-trust would be a great way to go, so long as there's a way to hide it from end users. Who would be allowed to participate in the web of trust? Tough questions. As a basic first step, perhaps what browsers need to start doing is to take all of those CAs out of the default install and replace it with just one. Their own. Sign all current CAs as sub-CAs. Turn on CRL checks by default to their servers and start tracking all revocations in one place. Then, when a CA starts misbehaving, deal with it through the central CRL or through a trust rating system which is separate from the standard certificate formats. Yeah, sure, it centralizes things in a bad way, but centralized CRLs are still better than none. Once the system is solidified, standardize and redistribute. Some crazy ideas, I know. Feel free to shred them. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Mon, Jan 5, 2009 at 3:35 PM, Gary Wilson dra...@dragons.org.uk wrote: Having had enough of the non-topic junk this list has become recently, I went to unsub, but it seems the SSL cert is not valid/trusted. For the mods, I guess: Secure Connection Failed lists.grok.org.uk uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer) * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server. * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later. -- GW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Alright, enough of the off-topic crap. Back to the topic, being that lists.grok.co.uk should get a non-self-signed cert. The cancer infesting fd and the merits of CAs are irrelevant to the thread. kthnxbai ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
Alright, enough of the off-topic crap. Back to the topic, being that lists.grok.co.uk should get a non-self-signed cert. The cancer infesting fd and the merits of CAs are irrelevant to the thread. Oh, ok, so maybe you'd prefer we talk about Palestine, moderation, or netdev's latest drivel? I think it's on topic for the list. I'll change the subject next time I post on the matter if it makes you feel better (or even if it doesn't). tim tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
On Mon, Jan 5, 2009 at 10:07 PM, Ed Carp e...@pobox.com wrote: On Mon, 5 Jan 2009, n3td3v wrote: On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote: On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote: They shouldn't let you post at all. LOL! Thanks for the chuckle! Can we have conversation about my opinion on using 'cyber protest' instead of 'cyber war'? Well, we could, but I'm not sure what it has to do with the charter of this list. Besides, I get the idea from reading this list that people have more fun bashing you than they do talking about subjects this list was created to address. I get the idea that the list has no COPPA filtering (no one 13 or younger allowed), nor does it have any sort of maturity level filtering. Unfortunately. -- Ed Carp, N7EKG - e...@pobox.com - ** PGP or GPG encrypted email preferred ** (303) 731-5625 -or- (850) 291-1563 (cell) A government big enough to give you everything you want is big enough to take everything you have. -- Barry Goldwater The profit making sector of the security community are determined to use 'cyber war', and i'm determined to downplay it as a 'cyber protest' since I have no profiteering motivation. Although using 'cyber war' could actually cause damage and confusion to society if not used correctly. And when the real cyber war comes, what are they gonna call cyber war? Because society will already have been normalized into thinking its something non-important that isn't going to impact the public-at-large. Why do you think news outlet's like BBC News aren't quick to use the 'cyber war' label when its just a bunch of kids doing a 'cyber protest'? It's because the BBC is one of the most respected public news services in the world and they don't want to mislead and cause panic, in the same way they don't want to mislead the population into think 'cyber war' is just something that happens, and not something they should ever be alarmed about. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The merits and uses of CAs
I believe I stated *up front* that it doesn't secure against an active MITM attack. Once ettercap presents a *different* certificate than the one you were expecting, the victim can at least potentially notice (the same way that OpenSSH complains if it discovers that a host key is different). I think that using a self signed certificate should be OK and not throw up any warnings, however it should not change the colour of the address bar (as using valid certificates does in many modern browsers). I also feel that if the certificate changes (a la SSH), it should throw up a warning, unless the previous certificate became invalid (for example due to a date issue). It should also be possible to have semi-centralised CRLs that browsers would check for occasions when the server admin wants to change certificates, they could post the old one up on the list and the browser wouldn't warn when a new certificate is presented. HTTPS is more secure than HTTP in all instances, we should not discourage the use of self signed certificates, however we also should not portray them as more secure than they actually are (which is protection against PASSIVE snooping), and things that require proper security should use either properly signed (by a CA) certs or EV ones. Chris ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
Good. I think almost everyone would agree that YOU need to be moderated. Stop being a cry baby and go choke yourself to death on your fathers cock you drug fucked faggot. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Tue, Jan 6, 2009 at 2:45 AM, Tim tim-secur...@sentinelchicken.org wrote: Alright, enough of the off-topic crap. Back to the topic, being that lists.grok.co.uk should get a non-self-signed cert. The cancer infesting fd and the merits of CAs are irrelevant to the thread. Oh, ok, so maybe you'd prefer we talk about Palestine, moderation, or netdev's latest drivel? I think it's on topic for the list. I'll change the subject next time I post on the matter if it makes you feel better (or even if it doesn't). tim tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ It's off topic for this thread. FD, by it's very nature, is designed for in-depth discussion of things that are not usually disclosed. Moderation, is, of course, relevant. Palestine is also somewhat relevant, in that there is a large amount of misinformation and lack of disclosure involved; disclosing information leads to discussion. Yes, it has little place here, but it's presence is somewhat understandable. Netdev should be banned. However, this thread is discussing none of those, and as such those topics do not belong here. Also, don't just change ths subject, please. Make a new thread. Simply changing the topic does not make it a new thread, many mail clients show it as part of the same thread. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Coolz, I think you misunderstood everything: First : you are from Israel, so probably you read only Israeli newspapers. In modern world we see news from reliable (independent) sources. That makes your story not very believable. But it can be worse: some people here do never read newspapers or see the news. But still have an opinion or think that they have the knowledge. Hamas is elected, IMO because they can do something against Israel. You told it: hamas give them food, money and other things if they join them in the fight against israel. The other things you mentioned are (hopefully) weapons. Of course, they do not have to negotiate with the thief that stool their country. Lets help the Palestinian victims: give them food, medicines and weapons. Lets help them fight the occupiers. They deserve their country back. (Yes, you do want to hear it: it is THEIR country) 2009/1/5 Coolz c00l.z...@gmail.com Congratulation's handrix, and few other people here. for proving you amazing history and middle east knowledge. few facts (I'm from Israel, and also in the idf, for everyone who want few more reasons to hate me): In the beginning of the 20th century there were almost no Arabs in the land of Israel. However, the Jews, in spite of two thousand years of persecution, have been the majority of the population there during most of the history. In Jerusalem- they have always been the majority. When general Alenby , the commander of the British army, conquered Israel in 1917-1918, he found only a few thousands Arabs. Other Muslims in the region came from Turkey, or were the descendants of Jews and Christians who were forced to change their religion by the Muslims conquerers- but none of them was originally Arab. That about the so called Palestine country and all of that crap. (btw, if you care about it you may want to search for Philip Hitti AN ARAB PHD for middle east history who said: it is well known that there is no such thing as Palestine in the history there are few other arabs how said pretty much the same... just search it.) for the hamas part, please search for the Fatah, after that, you might ask so why did the Gaza strip people voted for hamas in democratically election? simple, hamas give them food, money and other things if they join them in the fight against israel, hamas control the fuel, hospital and most of the guns in the Gaza strip, they threat people and made them vote hamas, i won't go on with that line, so handrix and few other people here won't say I'm telling lies. from the year 2000 hamas is firing rockets (grad, improved grad qaasam and other rockets) the numbers that people wrote here are not even close to the real numbers. so what would you do? if your country was bombed each day, day after day even when you are not doing anything (and for a long time the idf didn't do anything in gaza) during the cease fire hamas still fire rockets to israeli civilian and military targets! so don't say its israeli propaganda or lies, hamas is a terrorist organization and nothing else matter, we gave them option to stop this stupid fight, they didn't took it. (for example, on the other of israel judea and samaria, israel is letting all the arab enter israel and work, not shooting down anybody and they are not under any israeli control, read about the fatah if you care about what is going on with the israeli arabs. Israel is doing everything it can in order to hurt only hamas people and is doing everything in our power not to hit civilians no one, including the UN,USA or anyone else has the civilians hit rate that the IDF is achieving in the small, crowded Gaza strip (usa bombed weddings and pure civilians targets in Afghanistan, UN is not enforcing there own rules about fire arms in Lebanon, Iraq war do i really need to say anything else?) so please think again before you spread your ignorance to the world. Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. beside that, I'm sorry for for the English mistakes i probably have, as you can understand, i speak Hebrew as prime language, not English Hopefully that i managed to show you the bigger picture (more then a half a million Israelis that are suffering daily from hamas rockets for something that only the hamas can be blamed on) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
I think you're the one who misunderstands. Nobody gives a shit what you have to say, as it's completely OT. Take your rant elsewhere. On Tue, Jan 6, 2009 at 11:07 AM, Mainbox Notif rokade...@gmail.com wrote: Coolz, I think you misunderstood everything: First : you are from Israel, so probably you read only Israeli newspapers. In modern world we see news from reliable (independent) sources. That makes your story not very believable. But it can be worse: some people here do never read newspapers or see the news. But still have an opinion or think that they have the knowledge. Hamas is elected, IMO because they can do something against Israel. You told it: hamas give them food, money and other things if they join them in the fight against israel. The other things you mentioned are (hopefully) weapons. Of course, they do not have to negotiate with the thief that stool their country. Lets help the Palestinian victims: give them food, medicines and weapons. Lets help them fight the occupiers. They deserve their country back. (Yes, you do want to hear it: it is THEIR country) 2009/1/5 Coolz c00l.z...@gmail.com Congratulation's handrix, and few other people here. for proving you amazing history and middle east knowledge. few facts (I'm from Israel, and also in the idf, for everyone who want few more reasons to hate me): In the beginning of the 20th century there were almost no Arabs in the land of Israel. However, the Jews, in spite of two thousand years of persecution, have been the majority of the population there during most of the history. In Jerusalem- they have always been the majority. When general Alenby , the commander of the British army, conquered Israel in 1917-1918, he found only a few thousands Arabs. Other Muslims in the region came from Turkey, or were the descendants of Jews and Christians who were forced to change their religion by the Muslims conquerers- but none of them was originally Arab. That about the so called Palestine country and all of that crap. (btw, if you care about it you may want to search for Philip Hitti AN ARAB PHD for middle east history who said: it is well known that there is no such thing as Palestine in the history there are few other arabs how said pretty much the same... just search it.) for the hamas part, please search for the Fatah, after that, you might ask so why did the Gaza strip people voted for hamas in democratically election? simple, hamas give them food, money and other things if they join them in the fight against israel, hamas control the fuel, hospital and most of the guns in the Gaza strip, they threat people and made them vote hamas, i won't go on with that line, so handrix and few other people here won't say I'm telling lies. from the year 2000 hamas is firing rockets (grad, improved grad qaasam and other rockets) the numbers that people wrote here are not even close to the real numbers. so what would you do? if your country was bombed each day, day after day even when you are not doing anything (and for a long time the idf didn't do anything in gaza) during the cease fire hamas still fire rockets to israeli civilian and military targets! so don't say its israeli propaganda or lies, hamas is a terrorist organization and nothing else matter, we gave them option to stop this stupid fight, they didn't took it. (for example, on the other of israel judea and samaria, israel is letting all the arab enter israel and work, not shooting down anybody and they are not under any israeli control, read about the fatah if you care about what is going on with the israeli arabs. Israel is doing everything it can in order to hurt only hamas people and is doing everything in our power not to hit civilians no one, including the UN,USA or anyone else has the civilians hit rate that the IDF is achieving in the small, crowded Gaza strip (usa bombed weddings and pure civilians targets in Afghanistan, UN is not enforcing there own rules about fire arms in Lebanon, Iraq war do i really need to say anything else?) so please think again before you spread your ignorance to the world. Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. beside that, I'm sorry for for the English mistakes i probably have, as you can understand, i speak Hebrew as prime language, not English Hopefully that i managed to show you the bigger picture (more then a half a million Israelis that are suffering daily from hamas rockets for something that only the hamas can be blamed on) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -
Re: [Full-disclosure] The war in Palestine
When will this thread die? Bitching at each other will prove nothing: beliefs in topics such as national identity cannot be swayed by mere words, especially in the form of argument. Now, everyone stfu. kthnxbai ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
Hello everyone, A bit off topic.. Can somebody explain why signing a cert for a domain is still so expensive ? Or do CA pays a lot of money to browsers so they do not a allow CA with a better price.. ? Why can't a CA sign a certificate free of charge so everyone who own a domain can have a https for it's site ? In my opinion CA (these that are recognized by browsers) charge too much, or I'm missing something ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] anonymous pimp's ideas of list etiquette (was: FD / lists.grok.org - bad SSL cert)
It's off topic for this thread. I think discussing the advantages and disadvantages of using a self signed cert is pretty darned close to the OP's topic, but whatever. Moderation, is, of course, relevant. It comes up about every month. Get over it. Look through the list archives for every angle on it, including third parties which provide a moderated version of the list. Palestine is also somewhat relevant, in that there is a large amount of misinformation and lack of disclosure involved; disclosing information leads to discussion. From the charter: Politics should be avoided at all costs. Netdev should be banned. Good luck. Also, don't just change ths subject, please. Make a new thread. Simply changing the topic does not make it a new thread, many mail clients show it as part of the same thread. You already did. I'm already a sucker for responding to your trolling. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
On Mon, Jan 5, 2009 at 2:53 PM, Adrenalin adrenali...@gmail.com wrote: Hello everyone, A bit off topic.. Can somebody explain why signing a cert for a domain is still so expensive ? Or do CA pays a lot of money to browsers so they do not a allow CA with a better price.. ? Why can't a CA sign a certificate free of charge so everyone who own a domain can have a https for it's site ? Because the effort, even a small amount, to do any verification that the requester is who they say the are is non-trivial. It takes actual humans to do this, which means you have to pay salaries. It also costs money to handle the keys for the CA securely, hardware signing modules, etc. There are some CAs that charge a lot less than others, and there are also resellers who often sell certificates to their customers at less than what someone could buy the cert from the actual CA itself. Is paying 2 months worth of residential DSL for a certificate that can be used to secure an e-commerce storefront really that outrageous? -- chort ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-703-1] xterm vulnerability
=== Ubuntu Security Notice USN-703-1 January 06, 2009 xterm vulnerability CVE-2006-7236, CVE-2008-2383 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: xterm 208-3.1ubuntu3.1 Ubuntu 7.10: xterm 229-1ubuntu0.1 Ubuntu 8.04 LTS: xterm 229-1ubuntu1.1 Ubuntu 8.10: xterm 235-1ubuntu1.1 After a standard system upgrade you need to restart any running xterms to effect the necessary changes. Details follow: Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.diff.gz Size/MD5:62958 2178b13411ef6c0c84c455e7848c3b5a http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.dsc Size/MD5: 800 6ff1855e882930be579eceb46223db59 http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208.orig.tar.gz Size/MD5: 749755 a062d0b398918015d07c31ecdcc5111a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_amd64.deb Size/MD5: 416612 21f755ffe914eb143fb35f6be7d02ff7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_i386.deb Size/MD5: 396128 55b3a16962774230c48fb98ab90b6977 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_powerpc.deb Size/MD5: 408068 f7dab234c7df117de7e401cd966017a0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_sparc.deb Size/MD5: 403704 33cf8ee56acd8dd86540e72c26a5d54a Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.diff.gz Size/MD5:64026 93836a39864144c4f590202c85fb57c7 http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.dsc Size/MD5: 953 9b24ce999d1ca82a60f437f4c00ec847 http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_amd64.deb Size/MD5: 471288 599f1bfda25b6f178a37f94f775f155c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_i386.deb Size/MD5: 454306 6898963b2f11ecd8e950b68afe1d3c20 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu0.1_lpia.deb Size/MD5: 454086 5bddec1c5e539884545e735fee6543f1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_powerpc.deb Size/MD5: 470124 9c002fb71ddfd4d603b3789d234a1ae3 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_sparc.deb Size/MD5: 465888 2df2203939f22f1ea2cfe8aef5f17f3c Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.diff.gz Size/MD5:64381 4b78020812d35038e91ab80718d76be4 http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.dsc Size/MD5: 953 46cf3fcc74956b9fe99ba89faab5ec7c http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_amd64.deb Size/MD5: 469724 70acad02e39d60d79eb8fd80a55da27a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_i386.deb Size/MD5: 453344 2a5d12cc01fa456f4bd205da497a1589 lpia architecture (Low Power Intel Architecture):
Re: [Full-disclosure] The merits and uses of CAs
On Mon, 05 Jan 2009 23:55:59 GMT, Christopher Pritchard said: previous certificate became invalid (for example due to a date issue). It should also be possible to have semi-centralised CRLs that browsers would check for occasions when the server admin wants to change certificates, they could post the old one up on the list and the browser wouldn't warn when a new certificate is presented. Something to consider: In most cases, the CRL that you are supposed to check to see if a cert has been revoked is listed *in the cert you're checking*. That's all fine and dandy if you're dealing with a legitimate CA that's revoking a cert for good reason. However, it is interesting to consider what happens when a dodgy CA issues a cert - they have some good reasons to point the CRL at never-never land. So - if you were a miscreant running a dodgy CA, where would *you* point the CRL? If you were a browser designer, what would you do if you found a CRL that pointed nowhere? One option is to not allow the use of a cert that you can't contact the CRL - except that becomes a massive single point of failure. If users can't do their home banking because their bank's CA is unreachable due to severe backhoe fade, they won't be very happy with their browser. pgpnxYkJy2niu.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security Assessment of the Internet Protocol the IETF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Folks, In August 2008 the UK CPNI (United Kingdom's Centre for the Protection of National Infrastructure) published the document Security Assessment of the Internet Protocol. The motivation of the aforementioned document is explained in the Preface of the document itself. (The paper is available at: http://www.cpni.gov.uk/Docs/InternetProtocol.pdf ) Once the paper was published by CPNI, I produced an IETF Internet-Draft version of the same paper, with the intent of having the IETF publish recommendations and/or update the specifications where necessary. This IETF Internet-Draft is available at: http://www.gont.com.ar/drafts/ip-security/index.html (and of course it's also available at the IETF I-D repository). The Internet-Draft I published was aimed at the OPSEC WG. And the Working Group is right now deciding whether to accept this document as a WG item. This is certainly a critical step. Having the OPSEC WG accept this document as a WG item would guarantee to some extent that the IETF will do something about all this, and would also somehow set a precedent in updating the specifications of core protocols and/or providing advice on security aspects of them. The call for consensus is available at: http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can voice your opinion on the relevant mailing-list sending an e-mail to op...@ietf.org . You don't need to subscribe to the mailing list to post a message (although your message will be held for moderator approval before it is distributed to the list members). The deadline for posting your opinion is January 9th (next Friday). Thanks so much! Kind regards, Fernando Gont -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial use: www.pgp.com wsBVAwUBSWK2AZbuqe/Qdv/xAQi1/AgAn+H3N3LHqbOxrl1HRXX0D2WULRfz7Ni8 VnV3pltrsSmRKXWvflgsrIhwdR0s2nzoFI7mh42Eks2EErKY596kj0CMhUqjQmZT +Oqgaw0jz7XuGadeN6nErze8AOTA5HzIsK+hl93C/qGoyucW42XKNdeJZlXgOp2Q 8RAKGeogoPNAMw0btVNUj6HZP0dLaqM+2VuQSx9Vr1OIU01+WZ9z/BMQwjKgAl91 sixOPNXZeMT07GCqS03UWGGv+USyw3ksgc2n+X6IOv/HmOOAwduqFyGu6BzzEIDE H86b4DAiye5f5qARrx5JNdsGEK11uWY/H1lFTOu6oP+GXZwkyfv5gg== =m6sI -END PGP SIGNATURE- -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: im so done.
really is that ur boilerplate response of the week? gadi gadi gadi? u fukin idiot. On Fri, Jan 2, 2009 at 5:07 PM, n3td3v xploita...@gmail.com wrote: On Fri, Jan 2, 2009 at 9:28 PM, KT listcli...@gmail.com wrote: On 1/2/09, n3td3v xploita...@gmail.com wrote: NEVER On Fri, Jan 2, 2009 at 7:51 PM, j-f sentier j.sent...@gmail.com wrote: Shut the fuckup dumass and quit for ever this list, as you was telling us 6 days ago. You should read what you write. good on you! You provide more entertainment more than a wagon full of clowns. Keep posting you delusional crap to make us all laugh at you; stay. Everyone is staying for the comedy value, even Gadi. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
is this really what ur wasting ur life, and ours with? 1 fucking word? get a fucking job. On Mon, Jan 5, 2009 at 4:57 PM, n3td3v xploita...@gmail.com wrote: On Mon, Jan 5, 2009 at 9:45 PM, Ed Carp e...@pobox.com wrote: On Mon, Jan 5, 2009 at 1:33 PM, j-f sentier j.sent...@gmail.com wrote: They shouldn't let you post at all. LOL! Thanks for the chuckle! Can we have conversation about my opinion on using 'cyber protest' instead of 'cyber war'? I think the community has been getting confused on such matters. Regards, ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure wouldn't let me post this message
I wrote: address. I get the idea that the list has no COPPA filtering (no one 13 or younger allowed), nor does it have any sort of maturity level filtering. On Mon, Jan 5, 2009 at 3:51 PM, Biz Marqee biz.mar...@gmail.com wrote: Stop being a cry baby and go choke yourself to death on your fathers cock you drug fucked faggot. Make that definitely has no sort of maturity level filtering. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Also stolen from the Palestinian people: their domain name. The web site of the Permanent Observer Mission of Palestine to the United Nations: http://www.palestine-un.org/ Click some of the links on the left and check the whois. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.selt...@ziffdavisenterprise.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SVRT-01-09] Redirection Vulnerability in Yahoo! Advertising Service
[SVRT-01-09] Redirection Vulnerability in Yahoo! Advertising Service 1. General Information On December 22, 2008, SVRT-BKIS found a vulnerability in Yahoo! Wap Service. This is the second vulnerability discovered by BKIS in cell phone Web platform, the first one was found in Google Wap Proxy. Taking advantage of this flaw, hackers can perform redirection attack, which means they are able to send users to their malicious websites. We have notified Yahoo! of this vulnerability. Details : http://security.bkis.vn/?p=324 SVRT Advisory : SVRT-01-09 Initial vendor notification : 12-23-2008 Release Date : 01-06-2009 Update Date : 01-06-2009 Discovered by : Dau Huy Ngoc - SVRT-Bkis Attack Type : Redirection Security Rating : High Impact : Phishing Affected Software : Ads image at http://m.yahoo.com 2. Technical Description The flaw lies in the advertising section of Yahoo! Wap Service, which allows displaying advertisements when users visit Yahoo! Wap address http://m.yahoo.com. More specifically, this advertising section includes a link with the following format and it is this link that contains the flaw. http://us.ard.yahoo.com/SIG=17a4cd16v...=12etp7f3d/*[http://ads_image] Note: this link may be expired after several days; you can recreate a new link following these steps: o Open http://m.yahoo.com o At the top of the page, get link of advertising image (here is precisely vulnerable link). o Edit this link by replacing URL after /* to an arbitrary address. o Open the edited link with your browser to see the redirection of this vulnerability. If users clink directly on this link, their browsers will automatically redirect them to the address [http://anh_quang_cao] and everything on that site can be accessed, which makes it a Redirection vulnerability. In order to exploit, hackers only need to change the address [http://ads_image] in the previous link to their website address and send the link to users. As this link uses Yahoo! domain name, users easily think it is safe and if the destination website contains malicious code or cheating content, hacker can steal users' sensitive information or even take control of their computers remotely. 3. Solution Rating this vulnerability high severity, Bkis recommends that users: - Be cautious with strange links, even links starting with domain names of well-known companies like Google, Yahoo!, and Microsoft. - Do not access links starting with http://us.ard.yahoo.com. Credits Thanks to Dau Huy Ngoc for working together with us in the detection and alert process of this vulnerability. SVRT-Bkis ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
On Mon, Jan 5, 2009 at 8:49 PM, Larry Seltzer la...@larryseltzer.com wrote: Also stolen from the Palestinian people: their domain name. Larry Seltzer eWEEK.com Security Center Editor When someone in the press starts regurgitating lies, I've got to step in and say something. Lie #1: There was such a country named Palestine, for the Palestinian people. Fact #1: There never was such a country until 1920 - what is today referred to as the Palestinian people were nomadic tribes that made their homes in encampments in the deserts of Jordan and Egypt. Palestine was only enacted as a separate protectorate in 1920 by the British Mandate in 1920. The region referred to as Palestine in historical terms encompassed a much wider area, comprising Jrodan, Egypt, and many other Middle Eastern countries. Until 1920, there never were any formal boundaries or a formal country. Lie #2: Israel stole Palestine from the Palestinians. Fact #2: In 1920, the British Mandate formed Palestine for the intent of creating a national home for the Jewish prople (note this doesn't say anything about Arabs or Palestinians). In 1947, the UN approved splitting Palestine into two parts - one Jewish, one Arab. In 1948, the Jewish part of Palestine declared its independence, calling itself Israel. From http://en.wikipedia.org/wiki/Israel: After 1945 the United Kingdom became embroiled in an increasingly violent conflict with the Jews.[50] In 1947, the British government withdrew from commitment to the Mandate of Palestine, stating it was unable to arrive at a solution acceptable to both Arabs and Jews.[51] The newly created United Nations approved the UN Partition Plan (United Nations General Assembly Resolution 181) on November 29, 1947, dividing the country into two states, one Arab and one Jewish. Jerusalem was to be designated an international city – a corpus separatum – administered by the UN to avoid conflict over its status.[52] The Jewish community accepted the plan,[53] but the Arab League and Arab Higher Committee rejected it.[54] On December 1, 1947 the Arab Higher Committee proclaimed a 3-day strike, and Arab guerrilla attacks began against Jewish targets. Convinced that these attacks were merely a prelude to full-scale military confrontations with the regular armies of the Arab states, Ben-Gurion elected to escalate the military conflict. As such, Haganah embarked on a policy of aggressive defense. This strategy was accompanied by economic subversion and psychological warfare.[55] On May 14, 1948, the day before the end of the British Mandate, the Jewish Agency proclaimed independence, naming the country Israel. The following day five Arab countries – Egypt, Syria, Jordan, Lebanon and Iraq –invaded Israel, launching the 1948 Arab-Israeli War.[56] Morocco, Sudan, Yemen and Saudi Arabia also sent troops to assist the invaders. After a year of fighting, a ceasefire was declared and temporary borders, known as the Green Line, were established. Jordan annexed what became known as the West Bank and East Jerusalem, and Egypt took control of the Gaza Strip. Israel was admitted as a member of the United Nations on May 11, 1949.[57] During the war 711,000 Arabs, according to UN estimates, or about 80% of the previous Arab population, fled the country.[58] The fate of the Palestinian refugees today is a major point of contention in the Israeli-Palestinian conflict.[59][60] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/