Re: [Full-disclosure] http://cms.netrix.hu - hacked by anti-sec
OMG, WTF is this. ANTI-SEC has successfully pwnd a useless website using lulzy sql injection from milw0rm.com. u assholes, get a name like SHITHOLE and post ur shit somewhere else and stop polluting anti-sec and the anti-sec movement and security mailing list FFS. GO DIE SOMEWHERE ELSE. -kemadruma ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] http://cms.netrix.hu - hacked by anti-sec
You, sir, (Kema Druma), are an idiot. Good day to you. On Tue, Jul 21, 2009 at 4:15 PM, Kema Druma kemadr...@gmail.com wrote: OMG, WTF is this. ANTI-SEC has successfully pwnd a useless website using lulzy sql injection from milw0rm.com. u assholes, get a name like SHITHOLE and post ur shit somewhere else and stop polluting anti-sec and the anti-sec movement and security mailing list FFS. GO DIE SOMEWHERE ELSE. -kemadruma ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] http://cms.netrix.hu - hacked by anti-sec
Yes, I am bcoz, I bothered to reply to it and wasted my time. Ignoring would be best. -kemadruma ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [INFIGO-2009-07-09]: NASA Common Data Format remote buffer overflow(s)
===
'Celebrating 40 years of Apollo and 20 years of buffer overflows'
===
INFIGO IS Security Advisory #ADV-2009-07-09
http://www.infigo.hr/en/
Title: NASA Common Data Format remote buffer overflow(s)
Advisory ID: INFIGO-2009-07-09
Date: 2009-07-20
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2009-07-09
Vendor: NASA GODDARD Space Flight Center
Vendor URL: http://cdf.gsfc.nasa.gov/
Impact: Remote code execution
Risk Level: High
Vulnerability Type: Remote
==[ Overview
CDF is the Common Data Format. It is a conceptual data abstraction for
storing, manipulating, and accessing multidimensional data sets.
The basic component of CDF is a software programming interface that is
a device-independent view of the CDF data model.
The CDF software package is used by hundreds of government agencies,
universities, and private and commercial organizations as well as
independent researchers on both national and international levels.
CDF has been adopted by the International Solar-Terrestrial Physics
(ISTP) project as well as the Central Data Handling Facilities (CDHF)
as their format of choice for storing and distributing key parameter
data. A list of some applications that use the CDF library can be found
at http://cdf.gsfc.nasa.gov/html/examples.html.
==[ Vulnerability
Various memory corruption vulnerabilities have been identified during a
security audit of the CDF library. The vulnerabilities exist in the code
processing CDF files. This advisory contains technical information about
one of the identified vulnerabilities, that can be exploited when a
malformed CDF file is parsed by a CDF reading program.
The vulnerability exists in the ReadAEDRList64() function. This function
is used to read a list of attribute entries from a CDF file.
The attribute entries are stored in a list indexed by the entry number.
The relevant source code is shown below:
./cdf32_1-dist/src/lib/cdfread64.c:
STATICforIDL CDFstatus ReadAEDRList64 (vFILE *fp,
struct AEDRstructExt64 ***AEDRList,
OFF_T AEDRHead,
Int32 MaxEntry)
{
...
struct AEDRstructExt64 *TempAEDR;
Int32 LastAEDRNum = -1;
Int32 i;
OFF_T temp;
...
[1] *AEDRList = cdf_AllocateMemory((MaxEntry + 1) *
sizeof(struct AEDRstructExt64**), NULL);
while (NxtAEDR != 0 LastAEDRNum != MaxEntry)
{
[2] TempAEDR = cdf_AllocateMemory(sizeof(struct AEDRstructExt64), NULL);
...
[3]if (!Read32_64(fp,(TempAEDR-AEDR.Num))) return CRE;
...
[4](*AEDRList)[TempAEDR-AEDR.Num] = TempAEDR;
}
return pStatus;
}
-
The code marked as [1] creates an array of AEDRstructExt64 structures,
allocated on the heap and assigned to the AEDRList variable. The TempAEDR
structure [2] is also allocated on the heap. It is further used in the
while() loop to read the attributes from the CDF file that is being
parsed.
The Read32_64() function [3] is used to read an integer from the
CDF file stream and store it in the TempAEDR-AEDR.Num. At [4] this value
is used as the index that specifies where in the AEDRList the address of
the TempAEDR structure is stored.
This is where the vulnerability exists as the code performs no sanity
checks on the TempAEDR-AEDR.Num value.
In other words, if the CDF file contains a value that is higher than the
number of allocated AEDRList entries, a malicious CDF file can overwrite
arbitrary heap data after the AEDRList array. The value that will be
written is the address of the TempAEDR structure. This can be further
exploited as the attacker can control the content of the TempAEDR
structure, in which malicious code can be embedded.
As the TempAEDR-AEDR.Num is used as the index, the attacker can write 4
bytes to an address higher than the AEDRList's address. Since this index
is added to the AEDRList address, an attacker can also specify a large
value which allows him to overflow the integer in the adding calculation,
effectively writing to any address mapped by the process.
Other protection mechanisms, such as ASLR, could make this exploitation
method less reliable.
Various other memory corruption vulnerabilities have been identified
in SearchForRecord_r_64(), LastRecord64(), CDFsel64() and other functions.
In cooperation with the vendor all identified vulnerable function have
been fixed, and a proper validation module was developed to verify CDF
files before processing them.
==[ Affected Version
The vulnerabilities has been identified in the latest available CDF
version 3.2.4. Previous versions are believed to be vulnerable as well.
==[ Fix
The vendor has addressed
[Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
One bug to rule them all IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror, Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens and more. Update/Changes : Backround : ~~~ + I failed to include details about the nature of the bug (DOM), the root cause is a DOM flaw and not a Javascript flaw as the Backround info might have lead to think. Thanks James Schend for the heads up. + The bug was present in a 9 year old version of Netscape - draw your own conclusions. Patch availability : + Seamonkey 1.1.17 and SeaMonkey 2 (soon to be Beta) have been patched Affected Products : + Blackberry 8800/probably all (null ptr exception, browser crash) Thanks to 528-0444 for the Report. + Google G1 latest (Firmware 1.5, Kernel: 2.6.27-00393-g6607056, Build: CRB43) (Browser crash) Thanks Scott Fraser for the Report. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A brief message on the topic of Anti-Sec
Nobody cares.. lame. Hack something loser. On Mon, 20 Jul 2009 18:29:28 -0400 the.defa...@hushmail.com wrote: Hi, My name is DeadlyData. I enjoy long walks on the beach, getting pizzas delivered to my house when my d0x were dropped, and having anal sex with my buddy Sean/TD Debug. My 1337 hack group The Defaced (thedefaced.org) has been making threats and being homo- erotic on F-D. I'm sure you've seen the email from anti.sec.movem...@gmail.com that said Please check out our website at: http://romeo.copyandpaste.info/; Well, that is RoMeO's website (a TheDefaced admin!) dedicated to posing as a 1337 blackhat haqr. He's got cool things on there like portions of phrack zines, anti- sec ownages (that were done by the other anti-sec factions. You think we can hack? GOOD JOKE!!!), some zines from the olden days, and a speech by our buddy strayfe/n3w7yp3 (we love his dick, but we don't think he likes us ;( We lub you strayfe!). I just wanted to let you all know that our group has no 0days. Don't waste your time reading anti.sec.movem...@gmail.com's bullshit. Just worry about the other anti-sec factions. Ok? Well, then have a nice day and don't hold your breathe waiting for the OpenSSH 0day. 0pen0wn.c (http://www.nopaste.com/p/aDTdT5s1C) was it! Sincerely, DeadlyData ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] anti-sec: OpenSSH = 5.2 zero day exploitcode - 48 hours until it is publicly released!
put up or shut up. On Mon, Jul 20, 2009 at 1:02 PM, epixoipepix...@hush.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 the level of ignorance on this list is overwhelming at times. the individual posting as [anti.sec.movem...@gmail.com] is not affiliated with, nor is a representative of, the anti-sec movement. he is simply a troll. stop indulging this cockfag, and maybe he'll fuck off. it _is_ possible, even probable, that there is an openssh exploit circulating among anti-sec groups -- we've seen evidence of this in several logs that have been shared (not just those posted to Full- Disclosure). but no anti-sec group has ever even bragged about having $EXPLOIT, and they've certainly never shared $EXPLOIT code. so there's really no reason for you skiddies to get your panties in a twist since you'll never see the exploit code, and there's no need for whitehats to incite fear and paranoia in their community -- you should only be worried if you are being targeted by anti-sec. oh, right -- that's most of you on this list. do your research and know your shit. stop believing everything you read. -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkpkox4ACgkQacHgESW3wZpb2AP/bnmxzy16/EbkTEpesiRV+S70kZ95 wOSsayUMxjdah82320O9ihHqGn+23V4ps5pJb4okns354Xp4J05z12WhKL3uCYwy8/IV OdEqJXF4M8BsRwmZcPbNU7Qs+QPmFYPpVSRuaMq2bJCF8jNsFyazk226zUWWDssFPOKV RPWJn6E= =0bZq -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] You are invited to DEFCON EXPLOIT CODES PARTY!
Dear Full-disclosure, Exploitsweatshop invited you to DEFCON EXPLOIT CODES PARTY!. For all of the details, check out the Invitation Page: http://anyvite.com/events/home/f3cgdeapii/z0rm0mjixesvzv/hcox3eqotupzbstajbxe Event Details: * Title: DEFCON EXPLOIT CODES PARTY! * Description: okay guys! big stuff here! EXPLOITING CODES HACKER PARTY at defcons! BRING REMOTE EXPLOIT CODE, GET FREE COCKTAIL! you come, bring explot codes, buy some explot codes, maybe see breakdancing and LIVE RAPS MUSIC! drink and coketail bar also! BIG PARTY TIME AND BIG PIMPGIN FOR INFOSEC INDUSTRY HONCHO! * Date and Time: Thursday, July 30 at 9:00 PM (PDT) * Location: TOP OF RIVEIRA HOTELS, RIVEIRA HOTELS (where defcon at), Last Vages, Nevanda, US of A, in America Note: Please do not forward this email. Doing so could give others access to your Anyvite Invitation. Instead, use the following URL when sharing this event with your friends: http://anyvite.com/events/home/f3cgdeapii/DEFCON-EXPLOIT-CODES-PARTY _ http://anyvite.com/ To change your notification settings, please go to: http://anyvite.com/profile/notifications/z0rm0mjixesvzv/806aad4f84547cdf4b89 For support, please contact supp...@anyvite.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] http://cms.netrix.hu - hacked by anti-sec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ant-Sec Movement wrote: Dear Reader, The anti-sec movement has officially pwned http://cms.netrix.hu in order to spread our message and our goals. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Oh, look. They couldn't get their primary targets so the dorked one they could. Impressive!! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkplXjQACgkQFQICCHwe04JAcgCfQipW2ZIs/Ca1P1Dcp28gpoX9 BzMAnAhUb4pzqvdYslauaNxkzDjMiLlk =wv7L -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] http://cms.netrix.hu - hacked by anti-sec
It is actually a demo site and its admin passwd is available for everyone anyway... 2009/7/21 scott redhowlingwol...@nc.rr.com: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ant-Sec Movement wrote: Dear Reader, The anti-sec movement has officially pwned http://cms.netrix.hu in order to spread our message and our goals. Sincerely, -anti-sec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Oh, look. They couldn't get their primary targets so the dorked one they could. Impressive!! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkplXjQACgkQFQICCHwe04JAcgCfQipW2ZIs/Ca1P1Dcp28gpoX9 BzMAnAhUb4pzqvdYslauaNxkzDjMiLlk =wv7L -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Buherátor http://buhera.blog.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] You are invited to DEFCON EXPLOIT CODES PARTY!
I will be there supporting 5.99USD per hour exploit developments!!! D Exploitsweatshop wrote: [Site Logo] http://anyvite.com/ You're Invited to DEFCON EXPLOIT CODES PARTY! Dear Full-disclosure, Exploitsweatshop invited you to *DEFCON EXPLOIT CODES PARTY!*. View the Invitation http://anyvite.com/events/home/f3cgdeapii/z0rm0mjixesvzv/hcox3eqotupzbstajbxe Invitation Details RSVP DEFCON EXPLOIT CODES PARTY! *okay guys! big stuff here! * *EXPLOITING CODES HACKER PARTY at defcons! BRING REMOTE EXPLOIT CODE, GET FREE COCKTAIL! * *you come, bring explot codes, buy some explot codes, maybe see breakdancing and LIVE RAPS MUSIC!* *drink and coketail bar also!* *BIG PARTY TIME AND BIG PIMPGIN FOR INFOSEC INDUSTRY HONCHO! * Date Time Thursday, July 30 at 9:00 PM (PDT) Location TOP OF RIVEIRA HOTELS RIVEIRA HOTELS (where defcon at) Last Vages, Nevanda US of A, in America Get Map Directions http://maps.google.com/maps?f=dsaddr=daddr=RIVEIRA+HOTELS+%28where+defcon+at%29%2C+Last+Vages%2C+Nevanda%2C+US+of+A%2C+in+America Please Respond: Yes http://anyvite.com/events/response/f3cgdeapii/z0rm0mjixesvzv/hcox3eqotupzbstajbxe/Y Maybe http://anyvite.com/events/response/f3cgdeapii/z0rm0mjixesvzv/hcox3eqotupzbstajbxe/M No http://anyvite.com/events/response/f3cgdeapii/z0rm0mjixesvzv/hcox3eqotupzbstajbxe/N Invite More Guests This email is customized for you. Please do not forward it. Instead, invite guests using Anyvite. http://anyvite.com/events/add_invites/f3cgdeapii/z0rm0mjixesvzv/hcox3eqotupzbstajbxe Unsubscribe Change your Anyvite Notifications http://anyvite.com/profile/notifications/z0rm0mjixesvzv/806aad4f84547cdf4b89 Anyvite.com http://anyvite.com/ Unsubscribe http://anyvite.com/profile/notifications/z0rm0mjixesvzv/806aad4f84547cdf4b89 For support, please contact supp...@anyvite.com mailto:supp...@anyvite.com. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
+ The bug was present in a 9 year old version of Netscape - draw your own conclusions. There are literally thousands of HTML- and JavaScript-related denial of service vectors in modern browsers. If you want a silly, ad hoc example I just made up on the spot (and so could any reader of the list), try: foo = 'marquee'; for (i=0;i7;i++) foo += foo; for (i=0;i1;i++) document.write(foo); Likewise, it trahes just about any renderer (not the JS engine). So do attempts to render highly nested XML documents, render or rescale CANVAS objects with obscene geometries in pretty much all browsers that support the tag... and much, much more. Heck, even silly things such as looping window.print() are an excellent way to lock out the UI. In fact, such DoS scenarios are one of the most significant roadblocks in specialized fuzzing, and need to be painfully and comprehensively accounted for in any such code. Because of this, I am not entirely sure it makes much value to the community to report such patterns individually; developers may address some bugs at random, but will likely ignore most - and because of the nature of HTML and JavaScript, it's unlikely that a sensible set of memory- and CPU-related constraints could be imposed without running into scalability issues with legitimate websites, anyway. In other words, discussing this in a more holistic way, perhaps releasing test suites and recommending general mitigation schemes that do not require the web to be done from scratch, might be a better option. For example, even the approach taken by Chrome - letting attackers take down their own tabs only - is a significant improvement that prevents data loss pretty well in most such cases (though it's definitely not perfect). /mz PS. We may argue over whether DoS attacks in browsers are a security issue by one definition or another, but they are definitely an usability concern and an annoyance - so rest assured, I am not trying to dismiss your work. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] An important message for you sec folks
B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds! L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l! m4sturb4tion 0nly! 8===D~~~ 4nd f0r y0u 4s14ns... 8=D~~~ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] You are invited to DEFCON EXPLOIT CODES PARTY!
On Tue, 21 Jul 2009 05:58:10 -, Exploitsweatshop said: BRING REMOTE EXPLOIT CODE, GET FREE COCKTAIL! Unless you can throw an exploit together in 30 seconds, the dollars per hour value there sucks. Hmm.. I *do* have this '0pen0wn.c' I can probably obfuscate a bit in 30 secs... pgp5BFOFNxEyb.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An important message for you sec folks
Did you do that by hand, or did you download some software off the net to do it for you? 2009/7/21 antisex anti...@hushmail.com B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds! L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l! m4sturb4tion 0nly! 8===D~~~ 4nd f0r y0u 4s14ns... 8=D~~~ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An important message for you sec folks
2009/7/21 Ed Carp e...@pobox.com Did you do that by hand, or did you download some software off the net to do it for you? Judging by the content I would assume he does it by hand. 2009/7/21 antisex anti...@hushmail.com B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds! L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An important message for you sec folks
1 d1d 1t w1th th3 s4m3 h4nd 1 us3 t0 m4sturb4t3. On Tue, 21 Jul 2009 12:18:32 -0400 Killian Faughnan li...@killianfaughnan.com wrote: 2009/7/21 Ed Carp e...@pobox.com Did you do that by hand, or did you download some software off the net to do it for you? Judging by the content I would assume he does it by hand. 2009/7/21 antisex anti...@hushmail.com B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds! L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An important message for you sec folks
Well, I certainly hope you washed your hands before you started typing! But wait a minute ... if you're anti-sex or anti-suck or whatever, what are you doing jacking off?? 2009/7/21 antisex anti...@hushmail.com 1 d1d 1t w1th th3 s4m3 h4nd 1 us3 t0 m4sturb4t3. On Tue, 21 Jul 2009 12:18:32 -0400 Killian Faughnan li...@killianfaughnan.com wrote: 2009/7/21 Ed Carp e...@pobox.com Did you do that by hand, or did you download some software off the net to do it for you? Judging by the content I would assume he does it by hand. 2009/7/21 antisex anti...@hushmail.com B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds! L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An important message for you sec folks
7h15 15 7h3 c0n57ruc7. 17'5 0ur |04d1ng pr0gr4m. W3 c4n |04d 4ny7h1ng w3 n33d.1f y0u'r3 74|k1ng 4b0u7 wh47 y0u c4n f33|, wh47 y0u c4n 5m3||, wh47 y0u c4n 74573 4nd 533, 7h3n r34| 15 51mp|y 3|3c7r1c4| 51gn4|5 1n73rpr373d by y0ur br41n. 7h15 15 7h3 w0r|d 7h47 y0u kn0w. w3|c0m3 70 UN1X w0r|d! On Tue, 21 Jul 2009 18:02:57 +0200 Ed Carp e...@pobox.com wrote: Did you do that by hand, or did you download some software off the net to do it for you? 2009/7/21 antisex anti...@hushmail.com B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds! L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l! m4sturb4tion 0nly! 8===D~~~ 4nd f0r y0u 4s14ns... 8=D~~~ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Hi Michal, Yes, we all know that. The flaw here was not looping on itself a thousands of times, wow. It was a DOM implementation flaw. That's what made it interesting. A border case that was not accounted for. That's all, still interesting. I don't see how Javascripts endless loops are similar at all - sorry. MZ There are literally thousands of HTML- and JavaScript-related denial MZ of service vectors in modern browsers. If you want a silly, ad hoc MZ example I just made up on the spot (and so could any reader of the MZ list), try: MZ foo = 'marquee'; MZ for (i=0;i7;i++) foo += foo; MZ for (i=0;i1;i++) document.write(foo); -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Yes, we all know that. The flaw here was not looping on itself a thousands of times, wow. It was a DOM implementation flaw. The code created an oversized list, which does not seem to be that far from creating an overly nested DOM tree, or drawing an oversized CANVAS shape, or any other creating-too-many-things-for-the-renderer-to-handle attacks... but really, I'm not trying to be dismissive, just saying that a more holistic approach might be more beneficial in the long run. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An important message for you sec folks
Honestly kids... On Tue, Jul 21, 2009 at 1:23 PM, mod-ra...@hushmail.com wrote: 7h15 15 7h3 c0n57ruc7. 17'5 0ur |04d1ng pr0gr4m. W3 c4n |04d 4ny7h1ng w3 n33d.1f y0u'r3 74|k1ng 4b0u7 wh47 y0u c4n f33|, wh47 y0u c4n 5m3||, wh47 y0u c4n 74573 4nd 533, 7h3n r34| 15 51mp|y 3|3c7r1c4| 51gn4|5 1n73rpr373d by y0ur br41n. 7h15 15 7h3 w0r|d 7h47 y0u kn0w. w3|c0m3 70 UN1X w0r|d! On Tue, 21 Jul 2009 18:02:57 +0200 Ed Carp e...@pobox.com wrote: Did you do that by hand, or did you download some software off the net to do it for you? 2009/7/21 antisex anti...@hushmail.com B3c4us3 w3 4ll kn0w th4t n0n3 0f y0u 4r3 g3tt1ng l41d; y0u m1ght 4s w3ll subscr1b3 t0 th3 anti-sex m0v3m3nt. J01n 0ur c4us3. Cur3 41ds! L3t th0s3 b1g 3v1l c0nd0m m4nuf4ctur3rs f41l! m4sturb4tion 0nly! 8===D~~~ 4nd f0r y0u 4s14ns... 8=D~~~ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] An important message for you sec folks
On Tue, 21 Jul 2009 11:21:54 EDT, anti...@hushmail.com said: m4sturb4tion 0nly! You'll discover it becomes a lot more fun once you reach puberty, any year now.. pgpw12vMH1fug.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Hi Steven, SMC we will quickly run SMC into lots of complexity that may well enter the realm of undecidable SMC problems, Yeah, security is too complex. Dude, the fix was to LIMIT the the number of elements. This is not rocket science. -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-09-046: Novell Privileged User Manager Remote DLL Injection Vulnerability
ZDI-09-046: Novell Privileged User Manager Remote DLL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-046 July 21, 2009 -- Affected Vendors: Novell -- Affected Products: Novell Privileged User Manager -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Novell's Privileged User Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unifid.exe service which binds on port 29010 for a protocol providing RPC-like functionality encapsulated over SSL. This protocol allows a client to make a method call into a module. The 'spf' RPC call is implemented unsafely allowing remote attackers to load arbitrary modules over the network resulting in code execution under the context of the service. -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: http://www.novell.com/support/search.do?cmd=displayKCamp;docType=kcamp;ext ernalId=7003640amp;sliceId=1amp;docTypeID=DT_TID_1_1amp;dialogID=72895793 amp;stateId=0%200%2072897343 -- Disclosure Timeline: 2009-06-23 - Vulnerability reported to vendor 2009-07-21 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Stephen Fewer of Harmony Security (www.harmonysecurity.com) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
On Tue, 21 Jul 2009, Thierry Zoller wrote: Yeah, security is too complex. Dude, the fix was to LIMIT the the number of elements. This is not rocket science. I believe Michal and I are having the conversation in a larger context. What you found is valid on its own merit and got addressed, which is great. But now think of the whole ECMAScript API and there are probably dozens or hundreds of such functions that would expose similar issues. There could be a lot of individual reports for each individual function, or one concerted effort that looks at everything at once. (I'm not saying you should have done this - after all it's your research - I'm just saying that *somebody* could.) Extend this to things like web-connected interpreters (PHP anyone?) and similar logic may well apply. I'm sure that I've generated web pages with about 10,000 elements, so now it sounds like this simple select fix could break that. (Maybe I didn't have any business doing such gruesome things, but it wasn't technically incorrect to do so.) - Steve ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Hi Michal, MZ which does not seem to be that far MZ from creating an overly nested DOM tree, or drawing an oversized Interesting tidbit: The W3C DOM specifies the select.length attribute to be *read only*. Yet (all) browsers have implemented it allowing to write to it. I am not sure what use that has (?) but one thing is sure, they failed to add a limit, the W3C didn't, but that's because it was never meant to be written to in the first place. -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
One bug to rule them all I know your get your jollies off finding AV bypasses which is great and all, but I doubt many people call crashing a browser ruling them all. Maybe re-release with slightly inconveniencing them all. 2009/7/22 Thierry Zoller thie...@zoller.lu: Hi Michal, MZ which does not seem to be that far MZ from creating an overly nested DOM tree, or drawing an oversized Interesting tidbit: The W3C DOM specifies the select.length attribute to be *read only*. Yet (all) browsers have implemented it allowing to write to it. I am not sure what use that has (?) but one thing is sure, they failed to add a limit, the W3C didn't, but that's because it was never meant to be written to in the first place. -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Hi Michal, Interesting, http://www.w3.org/TR/REC-DOM-Level-1/level-one-html.html -- readonly attribute long length; -- MZ Does not seem to be the case in HTML5 at least? There must have been a change then between HTML4 and HTML5 MZ It may or may not have any practical uses (dynamic resizing of SELECTs MZ without having to delete individual options). -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
Hi Michal, MZ That was DOM Level 1 (1999). Even level 2 (2000) has this as read-write: MZ http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-94282980 Ah, now that makes sense. So my theory goes right down the drain =X MZ Also keep in mind that with relatively few exceptions, W3C simply MZ trailed and struggled to capture status quo (or some compromise MZ representation thereof) back then. Thanks for your insight! -- http://blog.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
http://www.w3.org/TR/REC-DOM-Level-1/level-one-html.html -- readonly attribute long length; -- That was DOM Level 1 (1999). Even level 2 (2000) has this as read-write: http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-94282980 Also keep in mind that with relatively few exceptions, W3C simply trailed and struggled to capture status quo (or some compromise representation thereof) back then. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
The W3C DOM specifies the select.length attribute to be *read only*. Does not seem to be the case in HTML5 at least? http://dev.w3.org/html5/spec/Overview.html#the-select-element In fact, it has the behavior for writes defined: On setting, it must act like the attribute of the same name on the options collection. It may or may not have any practical uses (dynamic resizing of SELECTs without having to delete individual options). /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] (no subject)
We, the worldwide anti-sec movement have landed yet another coup that will strike full-disclosurizers into the very hearts and soul of their being. Fellow anti-sec'ers and freedom-lovers: Rejoice, for it is time to take revenge against the full disclosure zionist hegemony in retaliation for the damage white hats have been committing against the security world. Our heroic anti-sec warriors have carried out a blessed raid against 4chanarchive.org. 4chan users are now burning with fear, terror and panic on their /b/, /gif/, /r9k/, and /a/ boards. The white hat world will soon be asunder and the enemies will flee from our holy power! We have repeatedly warned the security industry and the people in it. DO NOT FUCK WITH ANTI-SEC! Statistically speaking, every white hat is using 4chan or at least has heard of it. Thus we struck into the very core of their existence. We have fulfilled our promise and carried out our blessed hacking attack on 4chanarchive after our warriors exerted strenuous efforts over a long period of time to ensure the success of the attack. We continue to warn the websites of governmentsecurity and hackforums and all full disclosure public as a whole that they will be punished in the same way if they do not withdraw from their erroneous ways of living and see that white hats are the scum of the earth. Those who warn are excused. The list will be released at the usual places. those in the know do realize where that is. ANTI-SEC FOR LIFE! -- How Strong is Your Score? Click here to see yours for $0! By FreeCreditReport.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Do not fuck with anti-suck. LOL! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
Awww, seriously? Can you leave governmentsecurity alone? I don't want you fucking with my backdoorz. It's not my fault they run litespeed. On Tue, 21 Jul 2009 21:27:38 -0400 anti sec anti- sec4l...@email.com wrote: We, the worldwide anti-sec movement have landed yet another coup that will strike full-disclosurizers into the very hearts and soul of their being. Fellow anti-sec'ers and freedom-lovers: Rejoice, for it is time to take revenge against the full disclosure zionist hegemony in retaliation for the damage white hats have been committing against the security world. Our heroic anti-sec warriors have carried out a blessed raid against 4chanarchive.org. 4chan users are now burning with fear, terror and panic on their /b/, /gif/, /r9k/, and /a/ boards. The white hat world will soon be asunder and the enemies will flee from our holy power! We have repeatedly warned the security industry and the people in it. DO NOT FUCK WITH ANTI-SEC! Statistically speaking, every white hat is using 4chan or at least has heard of it. Thus we struck into the very core of their existence. We have fulfilled our promise and carried out our blessed hacking attack on 4chanarchive after our warriors exerted strenuous efforts over a long period of time to ensure the success of the attack. We continue to warn the websites of governmentsecurity and hackforums and all full disclosure public as a whole that they will be punished in the same way if they do not withdraw from their erroneous ways of living and see that white hats are the scum of the earth. Those who warn are excused. The list will be released at the usual places. those in the know do realize where that is. ANTI-SEC FOR LIFE! -- How Strong is Your Score? Click here to see yours for $0! By FreeCreditReport.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
I'm sorry, log time reader of FD, it's a great mashup of hilarity and vuln disclosure. But this takes the cake. I can't sit silent for this one: Are you OUTSIDE your mind? 4chan? and not even 4chan.org, an archive site. This is the very core of the White Hat being? If this is truly a 'agent of AntiSec' which I highly doubt, you must be selecting low hanging fruit and finding any possible way to associate it with those you hate. I hope those who are in Anti-Sec if there really is such a thing, come and hunt you down... and that's the way it is... for July 21st, 2009 -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com On Tue, Jul 21, 2009 at 9:39 PM, Ed Carp e...@pobox.com wrote: Do not fuck with anti-suck. LOL! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3....
On 21 Jul 2009, at 08:12, Michal Zalewski wrote: There are literally thousands of HTML- and JavaScript-related denial of service vectors in modern browsers... There's one significant difference in this one, though: while a bunch of nested divs (for instance) will just mess with the HTML renderer, a malformed or oversized select element may end up passing bad data to native menu APIs. It's one of the only elements I can think of offhand that often has effects which extend outside the HTML canvas. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
