[Full-disclosure] Fw: Ubisoft DDoS
- Forwarded Message From: Shinnok rayde...@yahoo.com To: Jan Schejbal jan.mailinglis...@googlemail.com Sent: Fri, March 12, 2010 10:43:30 AM Subject: Re: [Full-disclosure] Ubisoft DDoS Hi, I'd more likely believe that this is a story made up by Ubisoft to hide out their big failure in the new centralized DRM system. Buyers of Assassins Creed and alikes that use the new DRM system haven't been able to play it for a couple of days if not an entire week. That is damn bad business and publicity for Ubisoft and lots of money have been lost during these days when the users couldn't play the games they paid for, but they're friends using cracked versions of the games could. Even if it was for real DDOS to be blamed for, which we may never know, still their new DRM systems raises lots of questions and will be a(another) deciding factor for new users wanting to buy some new Ubisoft game. Br, Shinnok - Original Message From: Jan Schejbal jan.mailinglis...@googlemail.com To: full-disclosure@lists.grok.org.uk Sent: Tue, March 9, 2010 3:10:18 PM Subject: [Full-disclosure] Ubisoft DDoS Hi there, Ubisoft apparently got a DDoS on their DRM servers [1], causing legitimate players of Assassins Creed II etc. being unable to play their games. (as the new DRM system requires constant connection to the servers) - I assume pirated copies ran fine, of course... Is there any information who was behind that attack? Some people angry about the DRM wanting to make a point, or criminal botherders trying to extort money from Ubisoft? What are the best strategies to defend against such an attack, except of course not creating such a stupid thing that has a large sign reading DDoS ME! built into it and pisses of a lot of people at the same time? Some people claim that attacks were announced on IRC, in Usenet and on the Steam forums - can anyone confirm this and/or provide message IDs? Sincerely Jan [1] http://twitter.com/Ubisoft/status/10184920360 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2012-1] New Linux 2.6.26 packages fix several issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2012-1secur...@debian.org http://www.debian.org/security/ dann frazier March 11, 2010 http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service Problem type : local Debian-specific: no CVE Id(s) : CVE-2009-3725 CVE-2010-0622 Debian Bug(s) : 568561 570554 Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This allows local users to manipulate settings for uvesafb devices which are normally reserved for privileged users. CVE-2010-0622 Jermome Marchand reported an issue in the futex subsystem that allows a local user to force an invalid futex state which results in a denial of service (oops). This update also includes fixes for regressions introduced by previous updates. See the referenced Debian bug pages for details. For the stable distribution (lenny), this problem has been fixed in version 2.6.26-21lenny4. We recommend that you upgrade your linux-2.6 and user-mode-linux packages. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+21lenny4 Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.dsc Size/MD5 checksum: 5778 654eb4987f9f2853b393ab6be6d64fb4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz Size/MD5 checksum: 61818969 85e039c2588d5bf3cb781d1c9218bbcb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.diff.gz Size/MD5 checksum: 7768525 3b2021343de67e0e44a1fea6375d5b07 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-21lenny4_all.deb Size/MD5 checksum: 124758 7d6ca8cdb3c826d60830bec04703ca15 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 1765822 cae11a267708271e220ff80842771b49 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 48683994 759775a26d4b421ddc417f08abf21e14 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 2730552 4d0740fb0605d849c5fbf304d24cce07 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 4630404 2ef909c6ce8d12e1c4a7ca94ce94141a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-21lenny4_all.deb Size/MD5 checksum: 109452 3003dfc231736c4edaa2ad07558ade6b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 367442 ae54c048cfcf07312eedb4a060e16714 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 108924 52cd1ac16de0efe804a44e63a67a3197 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 743318 d3249f39cea733dae50082df74ec829c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 28476886 43e3e0acdcb907f1709016b519a98c19 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb Size/MD5 checksum: 29187648 4c27d524d470ea9f840b17e71d0ef45a
[Full-disclosure] [SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2014-1 secur...@debian.org http://www.debian.org/security/Giuseppe Iuculano March 12, 2010http://www.debian.org/security/faq - Package: moin Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Debian Bugs: 569975 Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0668 Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. CVE-2010-0669 MoinMoin does not properly sanitize user profiles. CVE-2010-0717 The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages. For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny3. For the unstable distribution (sid), these problems have been fixed in version 1.9.2-1, and will migrate to the testing distribution (squeeze) shortly. We recommend that you upgrade your moin package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny3.dsc Size/MD5 checksum: 1259 66683a3699687a13f1d814e24bc46dbd http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz Size/MD5 checksum: 5468224 871337b8171c91f9a6803e5376857e8d http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny3.diff.gz Size/MD5 checksum:89391 38256114fbb76fcb388ce5ca148acbac Architecture independent packages: http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny3_all.deb Size/MD5 checksum: 4510584 a9440eb4eccc639f5dc1c7e2f27a9857 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-annou...@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuaHJwACgkQNxpp46476ao+GQCdE64LfkMXImcmR53Kmh0sHjmM QcAAoJswYbNHdtkVZRQml9SB1RxWp7ph =QZGd -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] SecurityFocus to partially shut down
*Since its inception in 1999, SecurityFocus has been a mainstay in the security community. From original news content to detailed technical papers and guest columnists, we’ve strived to be the community’s source for all things security related. SecurityFocus was formed with the idea that the community needed a place to come together and share its collected wisdom and knowledge. * * At the time, the security community was fairly fragmented with mainstream security information in its infancy. If you worked in security, it was difficult and frustrating to find the information you were looking for because it was scattered across a small number of mailing lists, sites and publications. There was no single place where a community of security professionals could go to get the information they needed and there was a unique opportunity to build a community portal that would provide its users with a destination and voice* http://www.securityfocus.com/news/11582 -- http://netinfinity-sec.blogspot.com http://www.ubuntu-pe.tk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 2nd CfP: INTERNET 2010 || September 20-25, 2010 - Valencia, Spain
INVITATION: = Please consider to contribute to and/or forward to the appropriate groups the following opportunity to submit and publish original scientific results. = == INTERNET 2010 | Call for Papers === CALL FOR PAPERS, TUTORIALS, PANELS INTERNET 2010: The Second International Conference on Evolving Internet September 20-25, 2010 - Valencia, Spain General page: http://www.iaria.org/conferences2010/INTERNET10.html Call for Papers: http://www.iaria.org/conferences2010/CfPINTERNET10.html Submission deadline: April 20, 2010 Sponsored by IARIA, www.iaria.org Extended versions of selected papers will be published in IARIA Journals: http://www.iariajournals.org Publisher: CPS ( see: http://www2.computer.org/portal/web/cscps ) Archived: IEEE CSDL (Computer Science Digital Library) and IEEE Xplore Submitted for indexing: Elsevier's EI Compendex Database, EI's Engineering Information Index Other indexes are being considered: INSPEC, DBLP, Thomson Reuters Conference Proceedings Citation Index Please note the Poster Forum and Work in Progress options. The topics suggested by the conference can be discussed in term of concepts, state of the art, research, standards, implementations, running experiments, applications, and industrial case studies. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal in the following, but not limited to, topic areas. All tracks are open to both research and industry contributions, in terms of Regular papers, Posters, Work in progress, Technical/marketing/business presentations, Demos, Tutorials, and Panels. Before submission, please check and conform with the Editorial rules: http://www.iaria.org/editorialrules.html INTERNET 2010 Tracks (tracks' topics and submission details: see CfP on the site) Advanced Internet mechanisms Access: call admission control vs. QoE vs. structural QoS / capability-based access control vs. role-based access control vs. attribute-based access control; Routing and pricing models: BGP, pricing peering agreements using microeconomics, topological routing vs. table-based routing vs. network coding, power-efficient routing; Optimization in P2P/CDN networks: peer placement for streaming P2P, analysis of P2P networks; Traffic engineering: estimating traffic matrices, constrained routing, exponentially bounded burstness; Behavioral traffic recognition: identifying applications from traffic behavior; Traffic analysis: methods for analysis and visualization of multidimensional measurements, characterizing protocols; Software defined radio networks: low power signal processing methods, applications of machine learning; Cognitive radio: medium access, spatiotemporality, complexity, spectrum sharing and leasing, channel selection, multi-stage pricing, cyclostationary signatures, ! frame synchronization; Streaming vi deo: learning from video, techniques for in-network modulation; Location: statistical location, partial measurements, delay estimation Graph theory/topology/routing Internet support Information theory: distributed network coding, Shannon's entropy, Nash equilibrium; Optimization: LP, NLP, NeuroP, quadratic, convex programming, compressed sensing; Graph theory: random graphs, spectra graph theory, percolations and phase transitions, methods from statistical physics, geometric random graphs; Algebraic techniques: tensor analysis, matrix decomposition; Processing: signal processing techniques, equalization, point-process, source coding vs. network coding, recoverability; Statistical machine learning: probabilistic graphical models, classification, clustering, regression, classification, neural networks, support vector machines, decision forests; Game Theory/Microeconomic theory: social choice theory, equilibria, arbitrage and incentive oriented distributed mechanism design, cooperative games, and games on graphs; Stochastic network calculus; Fractal behavior and stability mechanisms; Kolmogorov complexity for performance evaluation; Complexity theory Internet security mechanisms Cryptography: design and analysis of cryptographic algorithms, applied cryptography, cryptographic protocols and functions; Specification, validation design of security and dependability: security and trust models, semantics and computational models for security and trust, business models in security management, security policies models, security architectures, formal methods for verification and certification, multi-level security specification; Vulnerabilities, attacks and risks: methods of detection, analysis, prevention, intrusion detection, tolerance, response and prevention, attacks and prevention of on-line fraud, denial of services attacks and prevention methods; Access Control: authentication and non-repudiation, accounting and audit, anonymity and pseudonymity; identity and trust
[Full-disclosure] 2nd CfP: ICCGI 2010 || September 20-25, 2010 - Valencia, Spain
2nd CfP: ICCGI 2010 || September 20-25, 2010 - Valencia, Spain INVITATION: = Please consider to contribute to and/or forward to the appropriate groups the following opportunity to submit and publish original scientific results. = == ICCGI 2010 | Call for Papers === CALL FOR PAPERS, TUTORIALS, PANELS ICCGI 2010: The Fifth International Multi-Conference on Computing in the Global Information Technology September 20-25, 2010 - Valencia, Spain General page: http://www.iaria.org/conferences2010/ICCGI10.html Call for Papers: http://www.iaria.org/conferences2010/CfPICCGI10.html Submission deadline: April 20, 2010 Sponsored by IARIA, www.iaria.org Co-sponsored by IEEE Spain, Illinois State University, University Politehnica Bucharest, Universidad Politecnica de Valencia, La Machinista Valenciana, IGIC, Hydro-Quebec, Ruder Boskovic Institute, Orange, Universidad Complutense Madrid Extended versions of selected papers will be published in IARIA Journals: http://www.iariajournals.org Publisher: CPS ( see: http://www2.computer.org/portal/web/cscps ) Archived: IEEE CSDL (Computer Science Digital Library) and IEEE Xplore Submitted for indexing: Elsevier's EI Compendex Database, EI's Engineering Information Index Other indexes are being considered: INSPEC, DBLP, Thomson Reuters Conference Proceedings Citation Index Please note the Poster Forum and Work in Progress options. The topics suggested by the conference can be discussed in term of concepts, state of the art, research, standards, implementations, running experiments, applications, and industrial case studies. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal in the following, but not limited to, topic areas. All tracks are open to both research and industry contributions, in terms of Regular papers, Posters, Work in progress, Technical/marketing/business presentations, Demos, Tutorials, and Panels. Before submission, please check and conform with the Editorial rules: http://www.iaria.org/editorialrules.html ICCGI 2010 Tracks (tracks' topics and submission details: see CfP on the site) Industrial systems Control theory and systems; Fault-tolerance and reliability; Data engineering; Enterprise computing and evaluation; Electrical and electronics engineering; Economic decisions and information systems; Advanced robotics; Virtual reality systems; Industrial systems and applications; Industrial and financial systems; Industrial control electronics; Industrial IT solutions Evolutionary computation Algorithms, procedures, mechanisms and applications; Computer architecture and systems; Computational sciences; Computation in complex systems; Computer and communication systems; Computer networks; Computer science theory; Computation and computer security; Computer simulation; Digital telecommunications; Distributed and parallel computing; Computation in embedded and real-time systems; Soft computing; User-centric computation Autonomic and autonomous systems Automation and autonomous systems; Theory of Computing; Autonomic computing; Autonomic networking; Network computing; Protecting computing; Theories of agency and autonomy; Multi-agent evolution, adaptation and learning; Adjustable and self-adjustable autonomy; Pervasive systems and computation; Computing with locality principles; GRID networking and services; Pervasive computing; Cluster computing and performance; Artificial intelligence Computational linguistics; Cognitive technologies; Decision making; Evolutionary computation; Expert systems; Computational biology Bio-technologies Models and techniques for biometric technologies; Bioinformatics; Biometric security; Computer graphics and visualization; Computer vision and image processing; Computational biochemistry; Finger, facial, iris, voice, and skin biometrics; Signature recognition; Multimodal biometrics; Verification and identification techniques; Accuracy of biometric technologies; Authentication smart cards and biometric metrics; Performance and assurance testing; Limitations of biometric technologies; Biometric card technologies; Biometric wireless technologies; Biometric software and hardware; Biometric standards Knowledge data systems Data mining and Web mining; Knowledge databases and systems; Data warehouse and applications; Data warehousing and information systems; Database performance evaluation; Semantic and temporal databases; Database systems Databases and information retrieval; Digital library design; Meta-data modeling Mobile and distance education Human computer interaction; Educational technologies; Computer in education; Distance learning; E-learning; Mobile learning Cognitive support for learning; Internet-based education; Impact of ICT on education and society; Group decision making and software; Habitual domain and information technology;
Re: [Full-disclosure] SecurityFocus to partially shut down
Didn't securityfocus make the article about n3td3v? No one ever followed up on who he really was, who impersonated, and that GOBBLES had nothing (I don't think, did they?) to do with him. - Original Message - From: netinfinity Sent: 03/12/10 11:28 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] SecurityFocus to partially shut down Since its inception in 1999, SecurityFocus has been a mainstay in the security community. From original news content to detailed technical papers and guest columnists, we’ve strived to be the community’s source for all things security related. SecurityFocus was formed with the idea that the community needed a place to come together and share its collected wisdom and knowledge. At the time, the security community was fairly fragmented with mainstream security information in its infancy. If you worked in security, it was difficult and frustrating to find the information you were looking for because it was scattered across a small number of mailing lists, sites and publications. There was no single place where a community of security professionals could go to get the information they needed and there was a unique opportunity to build a community portal that would provide its users with a destination and voice http://www.securityfocus.com/news/11582 http://www.securityfocus.com/news/11582 -- http://netinfinity-sec.blogspot.com http://netinfinity-sec.blogspot.com http://www.ubuntu-pe.tk http://www.ubuntu-pe.tk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SecurityFocus to partially shut down
http://www.securityfocus.com/news/11582 While the news portal section of SecurityFocus will no longer be offered, we think our readers will be better served by this change as we combine our efforts with Symantec Connect and continue to provide a valuable service to the community. http://www.symantec.com/connect/ In other words, RIP :-/ /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SecurityFocus to partially shut down
On Fri, Mar 12, 2010 at 5:50 PM, Son of Ram sonof...@gmx.com wrote: Didn't securityfocus make the article about n3td3v? No one ever followed up on who he really was, and that GOBBLES had nothing (I don't think, did they?) to do with him. What would the follow up say We were completely wrong sue us for thousands of dollars in damages Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Is Hal Turner a hero? Updates on police survellience and my life being ruined from afar. (rambling rant)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Son of Ram wrote: my life is totally ruined by police. Maybe a paid PI worked closely with a cop (illegal) to pressure me and hope to get a criminal conviction to ruin my life. Or perhaps it's because they wanted to get me to commit a crime so I would talk about a friend I used to have. This is totally wrong because I'd gladly help if they didn't just ruin my life like I was a parasite. They like to work on me from afar, going to my friends and associates behind my back, then looking VERY strictly and scrutinizing as if nothing happened, Let's see how our subject reacts. And of course, playing dirty is used as a psychological tactics to ruin me, anger me, and in their hopes, radicalize me (rofl). These guys are pretty sick. They're stalkers. The only thing is they have a badge to rationalize it and the power it gives to do anything as long as it doesn't Shock the conscience. Sure, it's shocking to _you_, but will it be shocking when it's on the desk of a conservative judge? rofl. Samuel Alito would like cops act as priests, doctors, etc and do whatever they can, I'm strict, I'm a real bear *bends eye brows* i can articulate political opinions because I'm happy with my share in society *straightens lip, nods head* *turns on fox news* god i'm intelligent So wrong. I mean, What am I supposed to do? What are my options? I feel so powerless and its just. What the hell you do? It's typical for people under such scrutiny to go into fight for flight, and in fight, the US Attorney can get evidence someone is violent, when in reality its normal for someone to react to such adverse, unfair circumstances like that. Look at Steven Hatfill. How he went up to the FBI that followed him, how they ran over his foot. He called the police, he got a ticket. Imagine the injustice that swirled in his life. The innuendo, the attitude that would make you believe, ya know this guy is the killer, worst person in the world. But it was all fluff, indeed, he was no criminal. Such witchhunt is the so-called wisdom of the crowds, the human nature, that's why civil rights and due process exist guys. We need oversight in law enforcement even before hand to make sure this doesn't happen. These guys are like spoil kids and all you hear about is abuse, but politicians cave in easily, It's chilling law enforcement's ability to 'investigate'. Please, you can fight crime and respect civil liberties. You can be thoughtful, prudent, rational and not ruin people's lives. Lol. Yes, sure, I'm a criminal. I studied to be a cop. I guess I'm too smart to be one, and too law-abiding. Seriously. Apparently. Or maybe you want to be like Hal Turner, and be the FBI's informant, or useful idiot. Used as if you're someone useful, and as a nobody who works at burger king, you wait all your life waiting to hear that. In reality, you're held in contempt and used cynically. Hal Turner helped find radical right wing lone wolves, and for his dedicated he is charged with a felony doing what the FBI taught him to do. Why? Just why? He was racist and a radical. But he worked for the gov to find bad guys. And what he gets in return for helping. What kind of double standards is this? Why can't we be fair? It's just oppression, Just cause, that's what it feels like. If you want to fight crime, try to actually be a cop. Because then you get all the power and ability to make mistakes and accidentially' harass people for 2 years and ruin their lives. Nothing happens to cops who do bad things. I love how informants give this oscar winning performances, Look! I can help! I can be useful, and the cops all follow you thinking they're in a movie, the world revolves around them, I bet if we follow this kid into Wendy's we'll have a case that'll be on all the news!. Because cops can't use rear view mirrors. damn, some pretty smart craftmanship. Dreams. fantasies. Losers. Fakes. And at my loss. the son of ram p.s. oh and btw, I see your honeytrap to see if I would go back and hang out with the Bad guys again. As if I would be tempted after all ive been through in my life and all the good I have. I love it when idiots come right to my door with a subterfuge, I sigh, no one will ever understand. Oh, I'll make sure to have no friends so you won't get them to go into my medicine cabinets, try to buy my personal perscriptions or try to entrap me as a cyberstalker or a hacker. Perhaps pretext my mom's house as a contruction worker? The red head with facial hair? Big ego smile? Seen him driving by me in an unmarked car before as if I'm a hoodrat (rofl), the tape under my car? I presume for GPS monitoring, since you don't need a warrant cept in 2 states? Apparently my liberties are oppurtunities to be taken as your liberties. ;-) Enjoy drawing as straws, I'm an idiot for even honoring your
Re: [Full-disclosure] Is Hal Turner a hero? Updates on police survellience and my life being ruined from afar. (rambling rant)
mrx wrote: I have to go... Elvis Costello Watching the detectives has just started playing, how ironic, I feel the urge to dance. Take care Oh it's so cute... -- Toff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SecurityFocus to partially shut down
Would the damages come from professional losses? (Pardon me, but I believe you said you never had a paying job) or would it come from emotional distress? (Have you ever ended up paying psychiatric bills?) Also, do you live with your parents? Do you take welfare from the government? What is your family situation like? Do you have siblings? Is there anything about your upbringing you would like us to know about? - Original Message - From: james o' hare Sent: 03/12/10 07:33 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] SecurityFocus to partially shut down On Fri, Mar 12, 2010 at 5:50 PM, Son of Ram sonof...@gmx.com wrote: Didn't securityfocus make the article about n3td3v? No one ever followed up on who he really was, and that GOBBLES had nothing (I don't think, did they?) to do with him. What would the follow up say We were completely wrong sue us for thousands of dollars in damages Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SecurityFocus to partially shut down
On Fri, March 12, 2010 1:45 pm, Michal Zalewski wrote: http://www.securityfocus.com/news/11582 While the news portal section of SecurityFocus will no longer be offered, we think our readers will be better served by this change as we combine our efforts with Symantec Connect and continue to provide a valuable service to the community. http://www.symantec.com/connect/ In other words, RIP :-/ Who didn't see this coming? Symantec... OM NOM NOMMING companies since 1984. Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ...because you can't get enough of clickjacking
[ I promise to post something more interesting shortly - but in the meantime, I wanted to drop a quick note about something kinda amusing. ] There was a considerable amount of buzz around clickjacking [1] in the past year or so. It is commonly believed that this simple attack can only be realistically employed to exploit one-click UI actions. Alas, a related vector is generally overlooked: JS focus semantics - a source of considerable amount of grief in the past [2] - can be abused to execute multi-step attacks by altering focus between a hidden frame and the edited document while the user is simply typing something in. No need for pixel-accurate positioning of the target, too. Consider this whimsical proof-of-concept exploit (works on Windows, WebKit-based browsers only): http://lcamtuf.coredump.cx/focus-webkit/ It's not very serious, but more cuter than clickjacking proper. WebKit focus behavior on Windows makes this particular PoC easier there, but I believe that no browser is designed to counter this general attack pattern in any particular way. The usual opt-in mitigations (X-Frame-Options, frame busting) should offer a reasonable degree of protection already. [1] http://code.google.com/p/browsersec/wiki/Part2#Arbitrary_page_mashups_%28UI_redressing%29 [2] http://lcamtuf.coredump.cx/focusbug/ and so forth ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
