Re: [Full-disclosure] ATTENTION FBI - Want the real names folks involved in the iPad hack???
orly? On Thu, Jul 8, 2010 at 10:46 PM, IRC FRAUD ALERT ircfraudal...@gmail.comwrote: Sam Hocevar aka sam, Debian developer who provides *.goatse.fr Kenneth Fister aka Fister. Virginia resident. Martin Liland aka DiKKy. Norwegian citizen. Nick Price aka Rucas. Texas resident. Marc R. Uchniat aka feem, works for Colo4Dallas and 420chan moderator Mischa Spieglemock aka h8crime or jenk, was with weev at Toorcon. California resident. Zachary Deardoff aka l0de. New York resident. Timothy E. Copperfield aka timecop. Resident of Japan. Daniel Spitler aka JacksonBrown, provided iPad. San Francisco resident. Christopher Lolich Abad aka aemperi. California resident. Montel Deonte Edwards, aka montel - weev attempted to adopt this young negro like his younger brother ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IRC FRAUD ALERT ADVISORY 01-2010-07
I am sure glad that people understand how well posting links to pornography gets a point across... Date: Thu, 8 Jul 2010 15:16:30 -0400 From: ircfraudal...@gmail.com To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] IRC FRAUD ALERT ADVISORY 01-2010-07 http://1dikky1bottle.com See what Norway has to offer. On Thu, Jul 8, 2010 at 12:49 PM, DiKKy Heartiez dikkyheart...@hotmail.com wrote: After attempting to read your massive emailblog, it was quite clear that you are a group of people who DEEPLY care about IRC and blogging. Therefore, I would like to invite you to #caretown on irc.hardchats.com - it's a channel for people who care about things. We have a very active community who will write ten-page blogs in response to things such as chat logs, short political satire, media statements, various fast food, being virgins, and hating life and wanting to die. I think it'd be a perfect match! Hope to see you soon! Hotmail: Powerful Free email with security by Microsoft. Get it now. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ATTENTION FBI - Want the real names folks involved in the iPad hack???
Wow, way to be a fricken racist snitch. - Forwarded Message From: IRC FRAUD ALERT ircfraudal...@gmail.com To: full-disclosure full-disclosure@lists.grok.org.uk Sent: Thu, July 8, 2010 8:46:40 PM Subject: [Full-disclosure] ATTENTION FBI - Want the real names folks involved in the iPad hack??? Sam Hocevar aka sam, Debian developer who provides *.goatse.fr Kenneth Fister aka Fister. Virginia resident. Martin Liland aka DiKKy. Norwegian citizen. Nick Price aka Rucas. Texas resident. Marc R. Uchniat aka feem, works for Colo4Dallas and 420chan moderator Mischa Spieglemock aka h8crime or jenk, was with weev at Toorcon. California resident. Zachary Deardoff aka l0de. New York resident. Timothy E. Copperfield aka timecop. Resident of Japan. Daniel Spitler aka JacksonBrown, provided iPad. San Francisco resident. Christopher Lolich Abad aka aemperi. California resident. Montel Deonte Edwards, aka montel - weev attempted to adopt this young negro like his younger brother ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Nostalgia and days gone by
I know this is offtopic but... This is my official fuck you/middle finger to the modern world of computing: Thinkpad 600E 363mhz Penitum II 192MB RAM 10GB HD Cisco PCM340 PCMCIA card I'm listening to house of the rising sun on ancient speakers, using xmms, under slackware 13.0, with lilo (not grub), using xfce as a desktop manager. Just thought I 'd share for the old fogies and nostalgic people such as myself. Once in a while it feels nice to relive those days. ...I also own a function IBM AS/400 circa 1986. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nostalgia and days gone by
Meh. Mine's an i7 + 4GB + ATI 5970 in a P2-class casing.. Don't ask how I managed to stick the 5970 card into that casing ;) On Fri, Jul 9, 2010 at 3:38 PM, Iadnah iad...@uplinklounge.com wrote: I know this is offtopic but... This is my official fuck you/middle finger to the modern world of computing: Thinkpad 600E 363mhz Penitum II 192MB RAM 10GB HD Cisco PCM340 PCMCIA card I'm listening to house of the rising sun on ancient speakers, using xmms, under slackware 13.0, with lilo (not grub), using xfce as a desktop manager. Just thought I 'd share for the old fogies and nostalgic people such as myself. Once in a while it feels nice to relive those days. ...I also own a function IBM AS/400 circa 1986. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in SimpNews
Hello Full-Disclosure! I want to warn you about security vulnerabilities in SimpNews. - Advisory: Vulnerabilities in SimpNews - URL: http://websecurity.com.ua/4245/ - Affected products: SimpNews V2.47.03 and previous versions. - Timeline: 26.10.2009 - found vulnerabilities. 29.05.2010 - announced at my site. 30.05.2010 - informed developer. 31.05.2010 - developer released SimpNews v2.48. In version 2.48 the developer fixed all mentioned vulnerabilities. 09.07.2010 - disclosed at my site. - Details: These are Full path disclosure and Cross-Site Scripting vulnerabilities. Full path disclosure: http://site/simpnews/news.php?lang=1layout=layout2sortorder=0category=1 XSS: http://site/simpnews/news.php?layout=%3Cscript%3Ealert(document.cookie)%3C/script%3E http://site/simpnews/news.php?lang=enlayout=layout2sortorder=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] List Charter
[Full-Disclosure] Mailing List Charter John Cartwright jo...@grok.org.uk - Introduction Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and their discussion. The list is administered by John Cartwright. The Full-Disclosure list is hosted and sponsored by Secunia. - Subscription Information - Subscription/unsubscription may be performed via the HTTP interface located at http://lists.grok.org.uk/mailman/listinfo/full-disclosure. Alternatively, commands may be emailed to full-disclosure-requ...@lists.grok.org.uk, send the word 'help' in either the message subject or body for details. - Moderation Management - The [Full-Disclosure] list is unmoderated. Typically posting will be restricted to members only, however the administrators may choose to accept submissions from non-members based on individual merit and relevance. It is expected that the list will be largely self-policing, however in special circumstances (eg spamming, misappropriation) then offending members may be removed from the list by the management. An archive of postings is available at http://lists.grok.org.uk/pipermail/full-disclosure/. - Acceptable Content - Any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information. Gratuitous advertisement, product placement, or self-promotion is forbidden. Disagreements, flames, arguments, and off-topic discussion should be taken off-list wherever possible. Humour is acceptable in moderation, providing it is inoffensive. Politics should be avoided at all costs. Members are reminded that due to the open nature of the list, they should use discretion in executing any tools or code distributed via this list. - Posting Guidelines - The primary language of this list is English. Members are expected to maintain a reasonable standard of netiquette when posting to the list. Quoting should not exceed that which is necessary to convey context, this is especially relevant to members subscribed to the digested version of the list. The use of HTML is discouraged, but not forbidden. Signatures will preferably be short and to the point, and those containing 'disclaimers' should be avoided where possible. Attachments may be included if relevant or necessary (e.g. PGP or S/MIME signatures, proof-of-concept code, etc) but must not be active (in the case of a worm, for example) or malicious to the recipient. Vacation messages should be carefully configured to avoid replying to list postings. Offenders will be excluded from the mailing list until the problem is corrected. Members may post to the list by emailing full-disclos...@lists.grok.org.uk. Do not send subscription/ unsubscription mails to this address, use the -request address mentioned above. - Charter Additions/Changes - The list charter will be published at http://lists.grok.org.uk/full-disclosure-charter.html. In addition, the charter will be posted monthly to the list by the management. Alterations will be made after consultation with list members and a concensus has been reached. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there: Once again, this is Dario Ciccarone with the Cisco PSIRT. This email's purpose is to provide our conclusions on the investigation we performed on this issue. First, we would like to thank Mr. Shang Tsung for his help and cooperation during our investigation - Mr. Tsung did indeed provide the Cisco PSIRT with all the information required to investigate and reproduce the issue. Second, this *is* indeed a vulnerability on Cisco IOS that *can be triggered* by an nmap scan. But before everyone run to the nearest Linux box to run an nmap scan against their neighbor's network and attempts to trigger it: this is a *known* and *previously publicly disclosed* vulnerability, for which the Cisco PSIRT published an advisory back in 2004: Cisco Security Advisory: Vulnerabilities in SNMP Message Processing - which can be found at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml . The bug ID on our bug database being CSCed68575. The original advisory did make clear that the effect of the vulnerability would be a crash and reload of the device, provided workarounds and as usual on Cisco Security Advisories, a list of fixed software releases. At this time, we consider the case closed. And again, we would like to thank Mr Tsung for his help and cooperation on driving this issue to a satisfactory outcome. bit of advertising follows Cisco provides access to our Security Vulnerability Policy at http://www.cisco.com/en/US/products/products_security_vulnerability_po licy.html - which includes not only information on how to contact the Cisco PSIRT, but details on the process we follow with any reported vulnerability. Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. Any researcher or customer, with or without a support contract, is encouraged to contact us at ps...@cisco.com so we can work together on the investigation of any purported security vulnerability on any Cisco product. /bit of advertising ends Thanks, Dario Dario Ciccarone dcicc...@cisco.com Incident Manager - CCIE #10395 Product Security Incident Response Team (PSIRT) Cisco Systems, Inc. +1 212 714 4218 PGP Key ID: 0xBA1AE0F0 http://www.cisco.com/go/psirt -Original Message- From: listbou...@securityfocus.com [mailto:listbou...@securityfocus.com] On Behalf Of Shang Tsung Sent: Wednesday, June 30, 2010 7:04 AM To: pen-t...@securityfocus.com Subject: Should nmap cause a DoS on cisco routers? Hello, Some days ago, I had the task to discover the SNMP version that our servers and networking devices use. So I run nmap using the following command: nmap -sU -sV -p 161-162 -iL target_file.txt This command was supposed to use UDP to probe ports 161 and 162, which are used for SNMP and SNMP Trap respectively, and return the SNMP version. This innocent command caused most networking devices to crash and reboot, causing a Denial of Service attack and bringing down the network. Now my question is.. Should this had happened? Can nmap bring the whole network down from one single machine? Is this a configuration error of the networking devices? This is scary... Shang Tsung -- -- This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -- -- -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBTDdE+4yVGB+6GuDwEQJBbgCgxILU27FqQ3mlH49cYL+txC3WCC4An0Zd rGZ0NHYdaCYN4tGKCCeKLx/s =nauF -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Nostalgia and days gone by
What Model of AS/400 B10 B20 or a proper one :-)Ross Bushby - CISSPSenior Security Architectross.bus...@imtech-ict.co.ukM. +44 (0)7771 994 026Imtech ICT UK LimitedUnits B C, Oakcroft Business Centre, Oakcroft Road, Chessington, Surrey, KT9 1RHT. 0208 391 4080 | F. 0208 391 4081 | W. www.imtech-ict.co.uk Iadnah ---09/07/2010 15:01:11---I know this is offtopic but... Iadnah iad...@uplinklounge.com Sent by: full-disclosure-boun...@lists.grok.org.uk09/07/2010 15:01Tofull-disclosure@lists.grok.org.uk cc Subject[Full-disclosure] Nostalgia and days gone by I know this is offtopic but...This is my official fuck you/middle finger to the modern world of computing:Thinkpad 600E363mhz Penitum II192MB RAM10GB HDCisco PCM340 PCMCIA cardI'm listening to house of the rising sun on ancient speakers, usingxmms, under slackware 13.0, with lilo (not grub), using xfce as adesktop manager.Just thought I 'd share for the old fogies and nostalgic people such asmyself. Once in a while it feels nice to relive those daysI also own a function IBM AS/400 circa 1986.___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/= NOTICE This message and any attachments are intended only for the individual or company to which it is addressed and may contain information which is privileged, confidential or prohibited from disclosure or unauthorised use. Any form of dissemination, copying, disclosure, distribution and/or publication of this e-mail message or its attachments to third parties is only permitted with the express permission of the sender. If you have received this E-mail in error please notify serviced...@imtech-ict.co.uk or telephone +44 (0)20 8391 4080 and delete it from your system. Any opinions expressed are those of the author and do not necessarily represent the views of Imtech ICT UK Ltd. Any emails that you send to Imtech ICT UK Limited personnel may be monitored by systems or persons other than the named communicant, for the purposes of ascertaining whether the communication complies with the law and Imtech ICT Uk's policies. We cannot accept any liability for any loss or damage sustained as a result of software viruses. It is your responsibility to carry out such virus checking as is necessary before opening any attachment. Imtech ICT UK Ltd Registered Office Address : Oakcroft Business Centre, Oakcroft Road, Chessington, Surrey KT9 1RH. Registered Company Number : 03024706 = inline: pic24048.gif___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ATTENTION FBI - Want the real names folks involved in the iPad hack???
No, u! From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Jhfjjf Hfdsjj Sent: 09 July 2010 04:50 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] ATTENTION FBI - Want the real names folks involved in the iPad hack??? Wow, way to be a fricken racist snitch. - Forwarded Message From: IRC FRAUD ALERT ircfraudal...@gmail.com To: full-disclosure full-disclosure@lists.grok.org.uk Sent: Thu, July 8, 2010 8:46:40 PM Subject: [Full-disclosure] ATTENTION FBI - Want the real names folks involved in the iPad hack??? Sam Hocevar aka sam, Debian developer who provides *.goatse.frhttp://goatse.fr Kenneth Fister aka Fister. Virginia resident. Martin Liland aka DiKKy. Norwegian citizen. Nick Price aka Rucas. Texas resident. Marc R. Uchniat aka feem, works for Colo4Dallas and 420chan moderator Mischa Spieglemock aka h8crime or jenk, was with weev at Toorcon. California resident. Zachary Deardoff aka l0de. New York resident. Timothy E. Copperfield aka timecop. Resident of Japan. Daniel Spitler aka JacksonBrown, provided iPad. San Francisco resident. Christopher Lolich Abad aka aemperi. California resident. Montel Deonte Edwards, aka montel - weev attempted to adopt this young negro like his younger brother ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IRC FRAUD ALERT ADVISORY 01-2010-07
On Thu, Jul 08, 2010, IRC FRAUD ALERT wrote: Our team strictly consists of volunteers that use their spare time to help make the Internet, especially IRC, a better and enjoyable place by exposing the scammers and hypocrites of IRC. Dear sir, could you elaborate on how exactly blackmailing and threatening me by e-mail, then sending falsified copies of my answers to my ISP's CTO and owner as well as to my employer's owner and director help make the Internet a better place? You won. Your actions have truly demolished me beyond any possible recovery and my only hope is that the moral responsibility of my psychological breakdown and forthcoming self-inflicted scars will haunt you for the rest of your life. Regards, -- Sam. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] TGP v1.2 released
Greetings: I've just released v1.2.1 of TGP. It now directly supports appropriate x509 certificates loaded from the MSFT certificate store for RSA public and private key usage. If you would rather use your existing PKI infrastructure or certificate store for your encryption/decryption keys, you may now do so with TGP. http://www.hammerofgod.com/tgp.html [Description: Description: Description: Description: TimSig] Timothy Thor Mullen Hammer of God t...@hammerofgod.commailto:t...@hammerofgod.com www.hammerofgod.comhttp://www.hammerofgod.com inline: image001.png___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Should nmap cause a DoS on cisco routers?
On Jul 9, 2010, at 8:49 AM, Dario Ciccarone (dciccaro) wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there: Once again, this is Dario Ciccarone with the Cisco PSIRT. This email's purpose is to provide our conclusions on the investigation we performed on this issue. snip Second, this *is* indeed a vulnerability on Cisco IOS that *can be triggered* by an nmap scan. But before everyone run to the nearest Linux box to run an nmap scan against their neighbor's network and attempts to trigger it: this is a *known* and *previously publicly disclosed* vulnerability, for which the Cisco PSIRT published an advisory back in 2004: Handy flow chart for handling possible bug discoveries: http://www.smtps.net/images/i-think-i-found-a-bug.jpg (I'm sure this will come back to haunt me at some point) -- chort ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Zend studio location Cross-Domain Scripting Vulnerability
Author: www.80vul.com [Email: saiy1...@gmail.com]
Release Date: 2010/7/10
References:
http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm
Zend Studio is a commercial, proprietary integrated development environment
(IDE) for PHP developed by Zend Technologies, based on the PHP Development
Tools (PDT) plugin for the Eclipse platform (the PDT project is led by
Zend).
We found a security bug of it in Zend studio [version 6.0], the description
of a function of php script does'nt be escaped or htmlencode, so it lead to
can be exploited to execute arbitrary HTML and script code what the attacker
inject evil codz on function’s description.
And this vul is a “Cross-Zone Scripting” vul, so Successful exploitation
allows execution of arbitrary code in user’s system.
DEMO:
?php
/**
* scriptnew
ActiveXObject(WScript.shell).Run('calc.exe',1,true);/script);
*/
function a() {
}
Then Open the function a()’s description [type a word a or move your mouse
on it] ,the calc.exe well be run.
Disclosure Timeline:
2009/07/08 - Found this Vulnerability
2009/07/10 - Public Disclosure
--
hitest
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
