Re: [Full-disclosure] FW: Your email message was blocked
On Fri, Dec 24, 2010 at 12:42:18AM +, Thor (Hammer of God) wrote: Classic. Just send him an email with the link you want from whatever address you want, and you can spam people with the subject, including links. :) Extra points for wording: 6740 13:23:32.532 1 user(s) match rule - Block Virus - Zero Day Protection Framework 6740 13:23:32.532 1 user(s) match rule - Block Known Threats ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [IMF 2011] 2nd Call - Deadline Extended - Addenunm
Addenum: Merry Christmas to everyone! Ollie -- Oliver Goebelmailto:goe...@cert.uni-stuttgart.de Stabsstelle DV-Sicherheit (RUS-CERT) Tel:+49 711 685 1 CERT Universitaet Stuttgart Tel:+49 711 685 8-3678 / Fax:-3688 Breitscheidstr. 2, 70174 Stuttgart http://CERT.Uni-Stuttgart.DE/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
I agree that there's a good paper in this, I would love to see the entropy added by the multi-consumer model quantified, or even an upper bound placed on it. In the past when I've given my talk on randomness in the OpenBSD network stack, I've discussed this and I always ask for someone to come forward with such a paper. So there are these many hundreds of lines of entropy management code in OpenBSD implementing what is claimed to be a novel architecture for random number generation and yet this guy, who is going around giving talks on it, is expecting someone else to quantify it and come forward with a paper? This is the kind of stuff that just doesn't make a bit of sense. Unfortunately I don't get the impression that the amateur cryptographers questioning the OpenBSD PRNG are qualified to produce such a paper (if they were, they wouldn't be mailing here, they'd be submitting it to real cryptographers for peer review) The burden of proof lies with the amateur cryptographers making the security claims about it, not those questioning them. - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [IMF 2011] 2nd Call - Deadline Extended - Addenunm
On 12/24/2010 03:51 AM, Oliver Goebel wrote: Addenum: Merry Christmas to everyone! Ollie +1! - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
Hello full disclosure!!! I'd like to warn you about many things but not bucketing. However is you must read and not be troll for you is to understand this for your own. musntlive cannot be all everyone's guide to common sense. A Provably Secure And Efficient Countermeasure Against Timing Attacks http://eprint.iacr.org/2009/089.pdf Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks http://users.cis.fiu.edu/~smithg/papers/csf10.pdf In is musntlive's interpretation is everyone miss OpenBSD big picturuski: a1) Hiding in plain sight a2) Developer Deception Is musntlive establish (proven: this is not theory) that developers lied all along. So while is many cry troll, musntlive laugh and think of Cassandra. b1) Is OpenBSD not audit anything otherwise this not happen b2) For those trolls (Schmehl) who state: `Someone would have caught it` - they is forget that crypto is highly specialized and is all a part of the corruption machine, there is none to catch [is see Juvenal quote who watching watchers] b3) We is now privy to see how Theo via foreign financial accounts is tied into this - he can disprove this is he like but he is likely stay shut b4) Theo is come clean not to show public `I come clean I not know` but more is to say `is I come clean before is beans spilled, everyone is believe me` [Response a1] Is because crypto implementation very hard is difficult for to someone to audit is code. In normal programming a simple operator can is change the entire game. Is difference between and is say is all one need. For this we is now take into account 'salami attacks' (do not is say musntlive not warn you) [Response a2] Is everyone forget KGII (key goal is indicators) of everything. Money is talk (see b3) and when is everyone is on the same ledger[payroll] and is give geek dream job of one being superspyman, egos run stupid. Geeks is like Jason is stupid for to government say: Give is stupid nerd some Mountain Dew, mousepad, new laptop, he ours! versus old school he is wants Ferrari, cash and ladies (see Mafiosi requirements for cash). When money is motivator is one be surprised at what someone is capable of is... is. Is everyone too stupid to remember this or do everyone is believe no one is above corruption particularisly FOSS developers. (I is pity you is you think this) [Response b1] Is who will come clean when all is dirty on the developer team. 3 people on code all on the same covert team and is one head honchoruski (Theo see b3) is getting kickbacks in covert accounts [Response b2] For Paul Schmehl and other trolls I is like to introduce you to is Cassandra Complex http://en.wikipedia.org/wiki/Cassandra_(metaphor) [Response b3] http://www.youtube.com/watch?v=bjZRAvsZf1g [Response b4] Theo is not to be believed on this whole matter see Cassandra Complex Happy Merry Jolly and is Merry Happy New Year. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2010:251-1 ] firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:251-1 http://www.mandriva.com/security/ ___ Package : firefox Date: December 24, 2010 Affected: 2010.0 ___ Problem Description: Security issues were identified and fixed in firefox: Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by the rendering engine. Sites using these character encodings would thus be potentially vulnerable to script injection attacks if their script filtering code fails to strip out these specific characters (CVE-2010-3770). Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. An attacker could use this bug to spoof the location bar and trick a user into thinking they were on a different site than they actually were (CVE-2010-3774). Mozilla security researcher moz_bug_r_a4 reported that the fix for CVE-2010-0179 could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges (CVE-2010-3773). Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that JavaScript arrays were vulnerable to an integer overflow vulnerability. The report demonstrated that an array could be constructed containing a very large number of items such that when memory was allocated to store the array items, the integer value used to calculate the buffer size would overflow resulting in too small a buffer being allocated. Subsequent use of the array object could then result in data being written past the end of the buffer and causing memory corruption (CVE-2010-3767). Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to a inconsistent state where the iterator points to an object it believes is part of the DOM but actually points to some other object. If such an object had been deleted and its memory reclaimed by the system, then the iterator could be used to call into attacker-controlled memory (CVE-2010-3766). Security researcher Gregory Fleischer reported that when a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read local files, launch processes, and create network connections (CVE-2010-3775). Mozilla added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several issues independently reported by Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl (CVE-2010-3768). Security researcher wushi of team509 reported that when a XUL tree had an HTML \div\ element nested inside a \treechildren\ element then code attempting to display content in the XUL tree would incorrectly treat the \div\ element as a parent node to tree content underneath it resulting in incorrect indexes being calculated for the child content. These incorrect indexes were used in subsequent array operations which resulted in writing data past the end of an allocated buffer. An attacker could use this issue to crash a victim's browser and run arbitrary code on their machine (CVE-2010-3772). Security researcher echo reported that a web page could open a window with an about:blank location and then inject an \isindex\ element into that page which upon submission would redirect to a chrome: document. The effect of this defect was that the original page would wind up with a reference to a chrome-privileged object, the opened window, which could be leveraged for privilege escalation attacks (CVE-2010-3771). Dirk Heinrich reported that on Windows platforms when document.write() was called with a very long string a buffer overflow was caused in line breaking routines attempting to process the string for display. Such cases triggered an invalid read past the end of an array causing a crash which an attacker could potentially use to run arbitrary code on a victim's computer (CVE-2010-3769). Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other
Re: [Full-disclosure] How long was the twitter outage?
As much as your revenue stream. Is their a security 0day for being a spoiled, rotten manchild? http://valleywag.gawker.com/5317292/twitter-co+founder-moving-out-of-minimalist-poets-cottage/gallery/ Enjoy your bubble while it lasts moron. Google the definition of fad. It'll be sweet justice when you're homeless and the next ghost town. You are a worthless piece of shit. --- On Thu, 12/23/10, John Adams j...@twitter.com wrote: From: John Adams j...@twitter.com Subject: Re: [Full-disclosure] How long was the twitter outage? To: Georgi Guninski gunin...@guninski.com Cc: full-disclosure@lists.grok.org.uk Date: Thursday, December 23, 2010, 9:39 PM The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.com wrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -Inline Attachment Follows- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
See also Xanga after Myspace came into town and Myspace when Facebook appeared on the scene. Better cash in on Twitter ASAP and move on to your next startup. On 12/24/2010 09:15 AM, Josey Yelsef wrote: As much as your revenue stream. Is their a security 0day for being a spoiled, rotten manchild? http://valleywag.gawker.com/5317292/twitter-co+founder-moving-out-of-minimalist-poets-cottage/gallery/ Enjoy your bubble while it lasts moron. Google the definition of fad. It'll be sweet justice when you're homeless and the next ghost town. You are a worthless piece of shit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [US-2010-xmas]: American Women are lazy, hypocritical, corpulent, psychotic thieves. People are treacherous and worthless.
Yes sheep, hypocrisy is here. Related: http://seclists.org/fulldisclosure/2010/Nov/125 In the form of your 500 pound BBW wife. Enjoy the pig owning your house and driving your life into the ground. Have you ever seen rape before? You need not look far. View the dockets in any divorce court to see total tyranny. Yes ur honor I would like to file a 0day. This is more important than any wikileak. This here is a public service to the human species and my the people of my country (in addition to my usual steady stream of criminal complaints against frauds, hackers and the like) Manufactured * is the new fetish around here. Self-absorbed decadence and thuggery is the new thing eh? Wake up. Wake up and read... Learn. Absorb intelligence. We live in a generation of bullshitters and liars folks. It's time to wake up and take responsibility. Reclaim honor and virtue. 2010-12-23. URL:http://dontmarry.wordpress.com/. Accessed: 2010-12-23. (Archived by WebCite® at http://www.webcitation.org/5vCeVfZsb) What I'm saying is that human beings are nasty weak treacherous creatures that are for the most part totally untrustworthy. Experience is my basis for this statement, both mine and others who I know or who have written reliable histories. If you can find a woman to be your companion who is not treacherous, a deceitful little actress, a sly whore or a manipulative nag or a shrieking hag, then you are among the lucky few. Congratulations. I hope your luck continues to hold out. Enter the truth. Have a few pages of crystallized purity. Enjoy: This writing seeks to educate men about the realities of what they may be getting into when they marry a Western Woman. An informed decision is less likely to be one that may be regretted later in the marriage. The intent is not to dissuade men from marrying, but to encourage them to communicate frankly their concerns and expectations regarding marriage with their potential spouses. The secondary aim of this essay is to enlighten women to a few of the reasons why increasingly larger numbers of successful, eligible, unmarried men, who would otherwise prefer monogamous long-term relationships, are turning their backs on marriage. Society typically paints a negative stereotype of men who hesitate, delay, or elect not to marry. They are labeled as either: A) Womanisers who are unable to participate in a long term relationship, or B) Selfish, childish or irresponsible men who can not take care of themselves or another person. No other explanation is ever explored. The cost of proclaiming your undying love In University, in professional sports, in politics, in the workplace; women have the same educational and professional career opportunities as men. Contrary to commonly believed feminist propaganda, women do indeed get paid the same salary as men, given that they are willing to work the same types of jobs as men, and work as many hours as the men do. Despite this reality, many women come into marriage with very few assets, and often are saddled with substantial quantities of debt. In general, men are the ones who save and invest. Don’t believe me? Count the number of women of marrying age that you know who subscribe to financial services magazines or newspapers. A significant number of 20-something and 30-something women spend all of their disposable income on luxury rental apartments, upscale restaurants, frequent exotic vacations, leased cars, spa treatments, and excessive amounts of clothing, purses, shoes and accessories. Yet ironically, in the media, men are the ones who are portrayed as reckless, irresponsible spendthrifts. When marriage enters the picture, double standards and financial imbalances leave responsible men to pick up the slack and fix the mess she may have made of her finances. Men are forced to spend their hard-earned savings, or take out an usurious loan, on a diamond ring. Women justify this relatively recent, mid-20th Century ritual, which was spawned by a brilliant 1940′s mass-brainwashing campaign launched by DeBeers, by insisting that a man wants to buy her a diamond and that it makes him proud to be able to proclaim his love and affection towards her in this fashion. Granted there are some men who may be inclined to declare their commitment to a life-long partner in this way, but there are plenty of men whom seek a lifelong partnership and commitment who have no interest in buying diamonds. What choice do these men have? None! To many young men, the ring, catered wedding, and honeymoon in an exotic locale at a five-star hotel is an unwelcome land mine on their journey towards adult financial stability and independence. To add insult to injury, he is now locked into a lifetime of insurance payments for this grossly overpriced jewelry. Contrary to popularly held belief diamonds are not rare at all, but instead are common and inexpensive. Their high price is due to their supply having
[Full-disclosure] [ MDVSA-2010:251-2 ] firefox
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:251-2 http://www.mandriva.com/security/ ___ Package : firefox Date: December 24, 2010 Affected: 2010.0 ___ Problem Description: Security issues were identified and fixed in firefox: Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by the rendering engine. Sites using these character encodings would thus be potentially vulnerable to script injection attacks if their script filtering code fails to strip out these specific characters (CVE-2010-3770). Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. An attacker could use this bug to spoof the location bar and trick a user into thinking they were on a different site than they actually were (CVE-2010-3774). Mozilla security researcher moz_bug_r_a4 reported that the fix for CVE-2010-0179 could be circumvented permitting the execution of arbitrary JavaScript with chrome privileges (CVE-2010-3773). Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that JavaScript arrays were vulnerable to an integer overflow vulnerability. The report demonstrated that an array could be constructed containing a very large number of items such that when memory was allocated to store the array items, the integer value used to calculate the buffer size would overflow resulting in too small a buffer being allocated. Subsequent use of the array object could then result in data being written past the end of the buffer and causing memory corruption (CVE-2010-3767). Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a nsDOMAttribute node can be modified without informing the iterator object responsible for various DOM traversals. This flaw could lead to a inconsistent state where the iterator points to an object it believes is part of the DOM but actually points to some other object. If such an object had been deleted and its memory reclaimed by the system, then the iterator could be used to call into attacker-controlled memory (CVE-2010-3766). Security researcher Gregory Fleischer reported that when a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read local files, launch processes, and create network connections (CVE-2010-3775). Mozilla added the OTS font sanitizing library to prevent downloadable fonts from exposing vulnerabilities in the underlying OS font code. This library mitigates against several issues independently reported by Red Hat Security Response Team member Marc Schoenefeld and Mozilla security researcher Christoph Diehl (CVE-2010-3768). Security researcher wushi of team509 reported that when a XUL tree had an HTML \div\ element nested inside a \treechildren\ element then code attempting to display content in the XUL tree would incorrectly treat the \div\ element as a parent node to tree content underneath it resulting in incorrect indexes being calculated for the child content. These incorrect indexes were used in subsequent array operations which resulted in writing data past the end of an allocated buffer. An attacker could use this issue to crash a victim's browser and run arbitrary code on their machine (CVE-2010-3772). Security researcher echo reported that a web page could open a window with an about:blank location and then inject an \isindex\ element into that page which upon submission would redirect to a chrome: document. The effect of this defect was that the original page would wind up with a reference to a chrome-privileged object, the opened window, which could be leveraged for privilege escalation attacks (CVE-2010-3771). Dirk Heinrich reported that on Windows platforms when document.write() was called with a very long string a buffer overflow was caused in line breaking routines attempting to process the string for display. Such cases triggered an invalid read past the end of an array causing a crash which an attacker could potentially use to run arbitrary code on a victim's computer (CVE-2010-3769). Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other
[Full-disclosure] OpenBSD CD's NSA crafted
Hi list I warn you, Has I say here more reveals of our favoorite backdoored system. OpenBSD songs has crafted by NSA agents to send subliminal message. Be warned by me that anyone who listen to the songs will unawarelessly get brain sucked by OpenBSD, Theo and pro-USA thoughts. The technic uses ultra low frequency infra red sound that can not has really heard but your brain hear anyhow and repeat the voice inside. If want proof just look at Paul Smchehl posts to see how one can has become after listening to it. It is more likely too that the backdoor coders has used it in the past. The impact of 0-day has huge has many coders and users contaminated. Though cleaning up has easy. If has the CD pleaze throw it as soon as can, turn off the light and watch at a Walker Texas Ranger episode to refresh your mind. Has be warned and has a merry christmass, Dave Nett ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How long was the twitter outage?
o_O On Fri, Dec 24, 2010 at 2:15 PM, Josey Yelsef hg_expo...@yahoo.com wrote: As much as your revenue stream. Is their a security 0day for being a spoiled, rotten manchild? http://valleywag.gawker.com/5317292/twitter-co+founder-moving-out-of-minimalist-poets-cottage/gallery/ Enjoy your bubble while it lasts moron. Google the definition of fad. It'll be sweet justice when you're homeless and the next ghost town. You are a worthless piece of shit. --- On *Thu, 12/23/10, John Adams j...@twitter.com* wrote: From: John Adams j...@twitter.com Subject: Re: [Full-disclosure] How long was the twitter outage? To: Georgi Guninski gunin...@guninski.com Cc: full-disclosure@lists.grok.org.uk Date: Thursday, December 23, 2010, 9:39 PM The site was not down for all users. A small number of users were affected by the failure of specific database node. Please see our status blog for details. http://status.twitter.com -j On Thu, Dec 23, 2010 at 12:23 PM, Georgi Guninski gunin...@guninski.comhttp://mc/compose?to=gunin...@guninski.com wrote: How long was the twitter outage from yesterday coinciding with the other outage? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -Inline Attachment Follows- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FW: Your email message was blocked
I think we should all thank Georgi for starting the twitter discussion and thus bringing us many luls in the form of yet another retarded content filtering system.. And to think I was bitching about it to begin with lmao. On Fri, Dec 24, 2010 at 8:19 AM, Georgi Guninski gunin...@guninski.comwrote: On Fri, Dec 24, 2010 at 12:42:18AM +, Thor (Hammer of God) wrote: Classic. Just send him an email with the link you want from whatever address you want, and you can spam people with the subject, including links. :) Extra points for wording: 6740 13:23:32.532 1 user(s) match rule - Block Virus - Zero Day Protection Framework 6740 13:23:32.532 1 user(s) match rule - Block Known Threats ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Security Advisory - FlexVision Listener Vulnerability
=[ Tempest Security Intelligence - Advisory #02 / 2010 ]= Information Disclosure Vulnerability in FlexVision Agent Listener - Authors: Victor Ribeiro Hora victor *SPAM* tempest.com.br http://tempest.com.br Tempest Security Intelligence - Brazil =[ Table of Contents ]= 1. Overview 2. Detailed description 3. Additional context Solutions 4. References 5. Thanks =[ Overview ]== * System affected: FlexVision Agent Listener 1.3 for Windows, Linux and Solaris (other versions may be vulnerable) * Release date: 22 October 2010 * Impact: Successful exploitation of this vulnerability may lead to remote server sensitive information disclosure. FlexVision [1] claims to be an IT service focused on hardware and software management, offering features like capacity planning, SLA monitoring and systems inventory. The service is used by several major companies in Brazil, including banking, telecom, energy, health and independent product sectors. The vulnerability was found in the inventory agent listener or fval. Exploitation of this weakness does not require any authentication and may lead to remote disclosure of sensitive information from the server running the agent. Specifically, an attacker can download non-binary files, and list running services, running processes and installed software. It seems there is some active filtering for known sensitive data, but other sensitive information may leak. =[ Detailed description ] FlexVision Inventory service has several agents (servers) to collect data from different platforms and send them to a central console on the network. These agents are installed on the hardware to be monitored and listen for incoming client connections. One of the agents that was analyzed is the FlexVision Actions Listener 1.3 for Linux, used for the inventory of Linux systems. This agent is executed by a Linux binary called fval started at boot time through an initscript in /etc/init.d/rc.fval. Apparently the fval binary executes a chdir() to /opt/flex/plugins, then it opens a socket listening for connections on port 3810/TCP in daemon mode. As soon as the TCP Three-Way Handshake is completed, the agent keeps waiting for commands to perform the various inventory functions. These commands are interpreted as internal functions of the fval binary, such as help, version, exit or run. Specifically, the run function expects a parameter. We noted that this parameter is a bash script file in the /opt/flex/plugins directory. This script is executed by the fval binary, and the output of the script is returned on the same TCP connection to the central console application. These commands are normally sent from a central console to the monitored agent. As the connection is not authenticated nor encrypted in any way, it gives the possibility of any computer that has access to the 3810/TCP port of any agent, sending commands to be executed by the agent. In spite of the fact that the agent uses an active filter for some well known sensitive data (like password hashes in the shadow file, for example), it is possible to get other not easily predictable but sensitive data. Some special chars we tested were also filtered, such as '*', ';', '' , and also white spaces, tabs and other special delimiters used on bash and other shells. The following is an example of the recovery of a private SSH RSA key file that belongs to the root user on a Linux server: --- v...@victim01:~$ telnet 192.168.1.1 3810 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. FVALrun symonfile.sh /root/.ssh id_rsa -BEGIN RSA PRIVATE KEY- MIIEogIBAAKCAQEA3wKpWZ0xgmIWX4JVb72wt5STGdhr2x0whvY25hhNfI9zpNIG eV0zRXy4hbVqRvcJVu3+Ho6ZyXIg8bVzljFJdx/anBs5KLrlvfoMDrgwNWtp8Slz Fuhfp7ej0wr57ZRyKq4imz3vvle24SRtROymSMDCtolbY4wZFCRu6JJ+3jAVqlxJ 9YMdVqL7BoF0Nbp+s7FqIdbpwwOtcS0PpprvWTbFcQ+z3ReN7B7SybZTkuZPD56o z1QtnzhgnVFHBD3TPXPorKf42uuDeW3twFKYlFOuSmz46tKCsbBoM8TBPNtYCvAe 3G7Aj0R/jvBdL9+hz/cG+riwL0NYTSe7uTO4kQIBIwKCAQATHXw64ZaHhMAW0Kg8 xx3Gl7TWVGEEJxLJvVUpqk/I2RiKeGb0dbPwA2BF+ZtlKx4Ow/E10bVpCchPO3BO s8R37MmYWhrXmv2/05qiLQtySwkUq8gJRx4kUZGzAPDZ2YYg6lq82WxSJMaIU5RW XW1WsW/GgM1RrOw07S4T70yz9VUvFo4M5m7GMP0AjffvJv8dhABNRPV1uzBGqjyV --- Just like Linux fval, on Windows it's also possible to dump any non-binary file. It's worth saying that as fval always runs as privileged user (Administrator/root), all the system files are accessible and most of them are readable. Windows hosts behave similary. As soon as the Agent is installed, it is registered as a System Service and runs at boot time. This service runs the fval binary
[Full-disclosure] OpenBSD - grey user's oppinion.
reading this whole discussion, did you ever considered if grey user, just like me, will ever care ? if backdooring major *bsd distribution will make a difference whether to choose OpenBSD or something else when it's really no real choice between backdoored or not backdoored distro have any matter ? even without such Theo's confesion with his so called private mail that got released to the public.. do i care? sure i do, but i don't have any alternative. i keep using it in hope that it's too serious for my needs. If someone want to invigilate me, i will check if A-Team is somewhere near my house, i would need to have serious reasons to worry. Pretty lame to worry about it, and me - grey user - well, prove or die, can't take such claims seriously if really skilled set of coders can't figure it out whether it's backdoored or not. I don't need such confession to stop using OpenBSD, it serve well for my purposes but i would use nothing that is well known, for critical communication. Some posts are paranoid about it, some IS MUST is annoying but sounds like the person does CARE about it. i don't. at least since it's not proved... sorry for my lame english. marry x-mass eve, stop please. or prove. (even if you do, prove me that the alternative is safe, no? 2bad). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
I is Love musntlive. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of ?? Sent: 24 December 2010 13:05 To: coderman Cc: full-disclosure@lists.grok.org.uk; mic...@lucifer.net Subject: Re: [Full-disclosure] how i stopped worrying and loved the backdoor Hello full disclosure!!! I'd like to warn you about many things but not bucketing. However is you must read and not be troll for you is to understand this for your own. musntlive cannot be all everyone's guide to common sense. A Provably Secure And Efficient Countermeasure Against Timing Attacks http://eprint.iacr.org/2009/089.pdf Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks http://users.cis.fiu.edu/~smithg/papers/csf10.pdf In is musntlive's interpretation is everyone miss OpenBSD big picturuski: a1) Hiding in plain sight a2) Developer Deception Is musntlive establish (proven: this is not theory) that developers lied all along. So while is many cry troll, musntlive laugh and think of Cassandra. b1) Is OpenBSD not audit anything otherwise this not happen b2) For those trolls (Schmehl) who state: `Someone would have caught it` - they is forget that crypto is highly specialized and is all a part of the corruption machine, there is none to catch [is see Juvenal quote who watching watchers] b3) We is now privy to see how Theo via foreign financial accounts is tied into this - he can disprove this is he like but he is likely stay shut b4) Theo is come clean not to show public `I come clean I not know` but more is to say `is I come clean before is beans spilled, everyone is believe me` [Response a1] Is because crypto implementation very hard is difficult for to someone to audit is code. In normal programming a simple operator can is change the entire game. Is difference between and is say is all one need. For this we is now take into account 'salami attacks' (do not is say musntlive not warn you) [Response a2] Is everyone forget KGII (key goal is indicators) of everything. Money is talk (see b3) and when is everyone is on the same ledger[payroll] and is give geek dream job of one being superspyman, egos run stupid. Geeks is like Jason is stupid for to government say: Give is stupid nerd some Mountain Dew, mousepad, new laptop, he ours! versus old school he is wants Ferrari, cash and ladies (see Mafiosi requirements for cash). When money is motivator is one be surprised at what someone is capable of is... is. Is everyone too stupid to remember this or do everyone is believe no one is above corruption particularisly FOSS developers. (I is pity you is you think this) [Response b1] Is who will come clean when all is dirty on the developer team. 3 people on code all on the same covert team and is one head honchoruski (Theo see b3) is getting kickbacks in covert accounts [Response b2] For Paul Schmehl and other trolls I is like to introduce you to is Cassandra Complex http://en.wikipedia.org/wiki/Cassandra_(metaphor) [Response b3] http://www.youtube.com/watch?v=bjZRAvsZf1g [Response b4] Theo is not to be believed on this whole matter see Cassandra Complex Happy Merry Jolly and is Merry Happy New Year. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
Well that makes one of you!!! ;-) Gary B On 12/24/2010 09:18 AM, McGhee, Eddie wrote: I is Love musntlive. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of ?? Sent: 24 December 2010 13:05 To: coderman Cc: full-disclosure@lists.grok.org.uk; mic...@lucifer.net Subject: Re: [Full-disclosure] how i stopped worrying and loved the backdoor Hello full disclosure!!! I'd like to warn you about many things but not bucketing. However is you must read and not be troll for you is to understand this for your own. musntlive cannot be all everyone's guide to common sense. A Provably Secure And Efficient Countermeasure Against Timing Attacks http://eprint.iacr.org/2009/089.pdf Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks http://users.cis.fiu.edu/~smithg/papers/csf10.pdf In is musntlive's interpretation is everyone miss OpenBSD big picturuski: a1) Hiding in plain sight a2) Developer Deception Is musntlive establish (proven: this is not theory) that developers lied all along. So while is many cry troll, musntlive laugh and think of Cassandra. b1) Is OpenBSD not audit anything otherwise this not happen b2) For those trolls (Schmehl) who state: `Someone would have caught it` - they is forget that crypto is highly specialized and is all a part of the corruption machine, there is none to catch [is see Juvenal quote who watching watchers] b3) We is now privy to see how Theo via foreign financial accounts is tied into this - he can disprove this is he like but he is likely stay shut b4) Theo is come clean not to show public `I come clean I not know` but more is to say `is I come clean before is beans spilled, everyone is believe me` [Response a1] Is because crypto implementation very hard is difficult for to someone to audit is code. In normal programming a simple operator can is change the entire game. Is difference between and is say is all one need. For this we is now take into account 'salami attacks' (do not is say musntlive not warn you) [Response a2] Is everyone forget KGII (key goal is indicators) of everything. Money is talk (see b3) and when is everyone is on the same ledger[payroll] and is give geek dream job of one being superspyman, egos run stupid. Geeks is like Jason is stupid for to government say: Give is stupid nerd some Mountain Dew, mousepad, new laptop, he ours! versus old school he is wants Ferrari, cash and ladies (see Mafiosi requirements for cash). When money is motivator is one be surprised at what someone is capable of is... is. Is everyone too stupid to remember this or do everyone is believe no one is above corruption particularisly FOSS developers. (I is pity you is you think this) [Response b1] Is who will come clean when all is dirty on the developer team. 3 people on code all on the same covert team and is one head honchoruski (Theo see b3) is getting kickbacks in covert accounts [Response b2] For Paul Schmehl and other trolls I is like to introduce you to is Cassandra Complex http://en.wikipedia.org/wiki/Cassandra_(metaphor) [Response b3] http://www.youtube.com/watch?v=bjZRAvsZf1g [Response b4] Theo is not to be believed on this whole matter see Cassandra Complex Happy Merry Jolly and is Merry Happy New Year. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD - grey user's oppinion.
If you don't care, then what makes you think anyone else will care that you don't care? Is your intent to tell the list that you don't care about the topic? -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of asmo Sent: Thursday, December 23, 2010 5:26 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] OpenBSD - grey user's oppinion. reading this whole discussion, did you ever considered if grey user, just like me, will ever care ? if backdooring major *bsd distribution will make a difference whether to choose OpenBSD or something else when it's really no real choice between backdoored or not backdoored distro have any matter ? even without such Theo's confesion with his so called private mail that got released to the public.. do i care? sure i do, but i don't have any alternative. i keep using it in hope that it's too serious for my needs. If someone want to invigilate me, i will check if A-Team is somewhere near my house, i would need to have serious reasons to worry. Pretty lame to worry about it, and me - grey user - well, prove or die, can't take such claims seriously if really skilled set of coders can't figure it out whether it's backdoored or not. I don't need such confession to stop using OpenBSD, it serve well for my purposes but i would use nothing that is well known, for critical communication. Some posts are paranoid about it, some IS MUST is annoying but sounds like the person does CARE about it. i don't. at least since it's not proved... sorry for my lame english. marry x-mass eve, stop please. or prove. (even if you do, prove me that the alternative is safe, no? 2bad). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On Fri, Dec 24, 2010 at 1:53 AM, Marsh Ray ma...@extendedsubset.com wrote: ... So there are these many hundreds of lines of entropy management code in OpenBSD implementing what is claimed to be a novel architecture for random number generation and yet this guy, who is going around giving talks on it, is expecting someone else to quantify it and come forward with a paper? given the OpenBSD architecture and entropy consumption the performance and characteristics of random number generation and use is very context and architecture specific. while i agree this guy should have access to either his own or remotely accessible compatibility test cluster, he clearly is lacking applied test and measurement with sufficient detail for a paper. in any case, did i mention good entropy is hard? :) The burden of proof lies with the amateur cryptographers making the security claims about it, not those questioning them. sure. perhaps the most frequent misconception is the model around entropy consumption in OpenBSD vs. most other unix and windows variants. OpenBSD in particular assumes significant and sustained use of random numbers in across kernel and userspace domains. this is a distinction conveniently negligible if you've got fast true random hardware entropy sources available. speaking of Cassandra complex, coming up on a decade of hw entropy advocacy [0] and still about the same level of progress as IPv6 core deployment... how many of you have a competent userspace entropy daemon funneling hardware sources into host pool? *grin* 0. VIA Padlock C5XL, C5P XSTORE http://www.mail-archive.com/openssl-dev@openssl.org/msg18264.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On Fri, Dec 24, 2010 at 4:27 PM, coderman coder...@gmail.com wrote: how many of you have a competent userspace entropy daemon funneling hardware sources into host pool? It would be nice if there were inexpensive hardware sources available and a means to distribute the entropy among hosts in one's own trusted infrastructure. I have a mail server, a name server, an ntp server (usually several), among various other sorts of pieces of infrastructure which serve hundreds or even thousands of servers. Why not an entropy server? It would be nice if I could setup an entropy generating black box somewhere and attach it via USB to my entropy server host then install a package with a config file on all of my machines pointing to the entropy host. But so far I know of no such thing. Do you? BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On Fri, Dec 24, 2010 at 4:37 PM, BMF badmotherfs...@gmail.com wrote: On Fri, Dec 24, 2010 at 4:27 PM, coderman coder...@gmail.com wrote: how many of you have a competent userspace entropy daemon funneling hardware sources into host pool? It would be nice if there were inexpensive hardware sources available and a means to distribute the entropy among hosts in one's own trusted infrastructure. I have a mail server, a name server, an ntp server (usually several), among various other sorts of pieces of infrastructure which serve hundreds or even thousands of servers. Why not an entropy server? It would be nice if I could setup an entropy generating black box somewhere and attach it via USB to my entropy server host then install a package with a config file on all of my machines pointing to the entropy host. But so far I know of no such thing. Do you? Don't we have hardware RNG in most motherboard chipsets nowadays? (Not that you should exclusively trust it, but the nature of RNG's is that it's easy to mix in sources.) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD - grey user's oppinion.
Well you've been on this list longer than I have Thor, I'd've thought you'd figured it out by now. The point is to keep the top-posting email chain as long and as wasteful of everybody's time as possible! It's a game called meta trolling and it's just a slightly less creative version of forward the urban legend about the AIDS-infected syringe hidden in gas pump handle to everyone in my address book. (It's been adapted for computer types who prefer belonging to mailing lists where they joke about recursion over having address books full of people they care about dearly.) So here goes: Why should I care that you don't care that he doesn't care? Merry Christmas, -Marsh On 12/24/2010 01:26 PM, Thor (Hammer of God) wrote: If you don't care, then what makes you think anyone else will care that you don't care? Is your intent to tell the list that you don't care about the topic? -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of asmo Sent: Thursday, December 23, 2010 5:26 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] OpenBSD - grey user's oppinion. reading this whole discussion, did you ever considered if grey user, just like me, will ever care ? if backdooring major *bsd distribution will make a difference whether to choose OpenBSD or something else when it's really no real choice between backdoored or not backdoored distro have any matter ? even without such Theo's confesion with his so called private mail that got released to the public.. do i care? sure i do, but i don't have any alternative. i keep using it in hope that it's too serious for my needs. If someone want to invigilate me, i will check if A-Team is somewhere near my house, i would need to have serious reasons to worry. Pretty lame to worry about it, and me - grey user - well, prove or die, can't take such claims seriously if really skilled set of coders can't figure it out whether it's backdoored or not. I don't need such confession to stop using OpenBSD, it serve well for my purposes but i would use nothing that is well known, for critical communication. Some posts are paranoid about it, some IS MUST is annoying but sounds like the person does CARE about it. i don't. at least since it's not proved... sorry for my lame english. marry x-mass eve, stop please. or prove. (even if you do, prove me that the alternative is safe, no? 2bad). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On 12/24/2010 07:08 PM, Dan Kaminsky wrote: Don't we have hardware RNG in most motherboard chipsets nowadays? (Not that you should exclusively trust it, but the nature of RNG's is that it's easy to mix in sources.) Haha, you're going to love this: http://code.bsd64.org/cvsweb/openbsd/src/sys/dev/rnd.c?rev=1.106;content-type=text%2Fplain switch(minor(dev)) { case RND_RND: ret = EIO; /* no chip -- error */ break; case RND_SRND: case RND_URND: case RND_ARND_OLD: case RND_ARND: arc4random_buf(buf, n); break; default: ret = ENXIO; } - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
Such a gay thread subject, ain't it? On Fri, Dec 24, 2010 at 11:24 PM, Marsh Ray ma...@extendedsubset.com wrote: On 12/24/2010 07:08 PM, Dan Kaminsky wrote: Don't we have hardware RNG in most motherboard chipsets nowadays? (Not that you should exclusively trust it, but the nature of RNG's is that it's easy to mix in sources.) Haha, you're going to love this: http://code.bsd64.org/cvsweb/openbsd/src/sys/dev/rnd.c?rev=1.106;content-type=text%2Fplain switch(minor(dev)) { case RND_RND: ret = EIO; /* no chip -- error */ break; case RND_SRND: case RND_URND: case RND_ARND_OLD: case RND_ARND: arc4random_buf(buf, n); break; default: ret = ENXIO; } - Marsh ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OpenBSD - grey user's oppinion.
You has not know what theses guys are able to do. There are very very dangerous. Be warned by me Dave. So you hasn't want to open the doors to your system to these men. Anyway here has the way to always use OpenBSD (from a long time ago to me) within 10 rules : 0x01 standalone test machine with no network connection 0x02 OR virtualized guest with no network access 0x03 has in no way mount an ipsec tunnel 0x04 shut off your wifi router and to has sure your dsl like box 0x05 has remove any rj45 cable off in a range of 5 meter from the OBSD machine 0x06 has not watch the boot sequence has all this text moving can has contain malicious content 0x07 has never ever listen to there CD songs, even better listen to scientology CDs 0x08 has start again from 0x01 to make sure that NO NETWORK As the FBI agents set OpenBSD mostly has a router, the coders did probably not bother with other stuff like user interface so you has still able to transfer file with usb key. --- On Fri, 12/24/10, asmo a...@moon-station.us wrote: From: asmo a...@moon-station.us Subject: [Full-disclosure] OpenBSD - grey user's oppinion. To: full-disclosure@lists.grok.org.uk Date: Friday, December 24, 2010, 1:25 AM reading this whole discussion, did you ever considered if grey user, just like me, will ever care ? if backdooring major *bsd distribution will make a difference whether to choose OpenBSD or something else when it's really no real choice between backdoored or not backdoored distro have any matter ? even without such Theo's confesion with his so called private mail that got released to the public.. do i care? sure i do, but i don't have any alternative. i keep using it in hope that it's too serious for my needs. If someone want to invigilate me, i will check if A-Team is somewhere near my house, i would need to have serious reasons to worry. Pretty lame to worry about it, and me - grey user - well, prove or die, can't take such claims seriously if really skilled set of coders can't figure it out whether it's backdoored or not. I don't need such confession to stop using OpenBSD, it serve well for my purposes but i would use nothing that is well known, for critical communication. Some posts are paranoid about it, some IS MUST is annoying but sounds like the person does CARE about it. i don't. at least since it's not proved... sorry for my lame english. marry x-mass eve, stop please. or prove. (even if you do, prove me that the alternative is safe, no? 2bad). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] how i stopped worrying and loved the backdoor
On Fri, Dec 24, 2010 at 5:08 PM, Dan Kaminsky d...@doxpara.com wrote: Don't we have hardware RNG in most motherboard chipsets nowadays? Do we? By what mechanism do they operate? Thermal noise seems the easiest way to go although I have always preferred the idea of sampling random radioactive decay simply for the purity of the immediate result. What is the quality of the entropy of the devices you speak of? How fast do they generate entropy? I have heard nothing about this. How could I tell if my machine had hw rng built in? Some i810 series chipsets have hw rng. There is also the Intel 80802 Firmware Hub chip that nobody seems to use anymore. I have heard of people pointing webcams at lava lamps and such to get random numbers. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/