[Full-disclosure] ZDI-11-085: Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability
ZDI-11-085: Oracle Java XGetSamplePtrFromSnd Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-085 February 15, 2011 -- CVE ID: CVE-2010-4462 -- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10626. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within jsound!XGetSamplePtrFromSnd. When extracting a sample from a soundbank stream user supplied data is used to calculate the bounds of a call to PV_Swap16BitSamples. By supplying a specially crafted sound file, a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html -- Disclosure Timeline: 2010-09-23 - Vulnerability reported to vendor 2011-02-15 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * binaryproof -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-1065-1] shadow vulnerability
=== Ubuntu Security Notice USN-1065-1 February 15, 2011 shadow vulnerability CVE-2011-0721 === A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: passwd 1:4.1.4.1-1ubuntu2.2 Ubuntu 10.04 LTS: passwd 1:4.1.4.2-1ubuntu2.2 Ubuntu 10.10: passwd 1:4.1.4.2-1ubuntu3.2 In general, a standard system update will make all the necessary changes. Details follow: Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the system, resulting in a denial of service or unauthorized access. Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.4.1-1ubuntu2.2.diff.gz Size/MD5:80909 51c66e9b503868bdedd54efe4928cfa3 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.4.1-1ubuntu2.2.dsc Size/MD5: 2349 aafbd5790c84b6d4c4ca8e26d5c22198 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.4.1.orig.tar.gz Size/MD5: 2781704 9f7882c359156aef377cbe9ffac9353e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.4.1-1ubuntu2.2_amd64.deb Size/MD5: 320530 263ed41dfe971c3996b93b4497050089 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.4.1-1ubuntu2.2_amd64.deb Size/MD5: 954262 c01298f5056b5a917106e294ca1872b8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.4.1-1ubuntu2.2_i386.deb Size/MD5: 311918 9e71b023fd5e25ce6c1e49d51debb33b http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.4.1-1ubuntu2.2_i386.deb Size/MD5: 875522 f0f66df1a33eeab27ced964bdd0e83b1 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.4.1-1ubuntu2.2_armel.deb Size/MD5: 313518 c2c22045cd6e83fbd524251b348799d8 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.4.1-1ubuntu2.2_armel.deb Size/MD5: 845826 eab58be5d011f6e9cdca11f3d3031ab5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.4.1-1ubuntu2.2_lpia.deb Size/MD5: 310598 de603be6f2e72a4f3086e8d5851505be http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.4.1-1ubuntu2.2_lpia.deb Size/MD5: 878912 ec0a4cfb27bc68adeca780e997b5d5aa powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.4.1-1ubuntu2.2_powerpc.deb Size/MD5: 316752 1b15b43bca6e7bd1454fafad22ea9aad http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.4.1-1ubuntu2.2_powerpc.deb Size/MD5: 905518 6b5100df7648271fdb6427a75c08d8c4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.4.1-1ubuntu2.2_sparc.deb Size/MD5: 315378 a9670dab758ba0cf07194c51b13f3648 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.4.1-1ubuntu2.2_sparc.deb Size/MD5: 888354 e9dd9dd30efa1a744f824b0fa4cbc809 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.4.2-1ubuntu2.2.diff.gz Size/MD5:81829 877012c903d9fdcce5d77f017f2f0584 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.4.2-1ubuntu2.2.dsc Size/MD5: 2349 788910a4c21d47240c4540f597c3fd72 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.4.2.orig.tar.gz Size/MD5: 2814130 0d9a6f7b631f3f3673c263685a0a6ab3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.4.2-1ubuntu2.2_amd64.deb Size/MD5: 323954 3c8b86ff34b431a45bfa0bf24478142f http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.4.2-1ubuntu2.2_amd64.deb Size/MD5: 953290 60cd08b5dde3b45130d6828e9c6db01d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.4.2-1ubuntu2.2_i386.deb Size/MD5: 316222 4b6a57b7eeacf397636968ea58281df2 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.4.2-1ubuntu2.2_i386.deb Size/MD5: 880966 7332752fb2e57abc7132417ed1ad06f8 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/s/shado
Re: [Full-disclosure] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow
On Mon, Feb 14, 2011 at 8:00 AM, Pwned MSRC wrote: > > #MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow > ... > #From dailydave: > [https://lists.immunityinc.com/pipermail/dailydave/20110121/57.html], So > your 31337 con is the only place to get 0day? Here's some pre-auth / > #broadcast 0day free for all on FD with 0% conference whoring, and punks are > welcome as well. does CANVAS 6 0day get you free conference? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-082: Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability
ZDI-11-082: Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-082 February 15, 2011 -- CVE ID: CVE-2010-4466 -- CVSS: 6.4, (AV:N/AC:L/Au:N/C:P/I:P/A:N) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9709. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to leak authentication details on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of NTLM authentication requested generated in the context of the Java Runtime. The Java Virtual Machine will ignore browser policies and respond to WWW-Authenticate requests from the Internet zone resulting in the leakage of NTLM authentication hashes to attackers. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html -- Disclosure Timeline: 2009-08-20 - Vulnerability reported to vendor 2011-02-15 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sami Koivu -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-086: Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability
ZDI-11-086: Oracle Java Webstart Trusted JNLP Extension Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-086 February 15, 2011 -- CVE ID: CVE-2010-4463 -- CVSS: 9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10619. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Java Webstart loader of the Java Runtime Environment. When parsing a .jnlp file containing an extension, the loader will honor the permissions defined within. This will allow one to explicitly define the security permissions of their java component which will then get executed. This will allow one to execute code outside of the context of the JRE sandbox. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html -- Disclosure Timeline: 2010-10-18 - Vulnerability reported to vendor 2011-02-15 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Peter Csepely -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability
ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-084 February 15, 2011 -- CVE ID: CVE-2010-4452 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10594. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the findClass method of the sun.plugin2.applet.Applet2ClassLoader class. Due to a failure to properly validate URLs supplied by an implicitly trusted applet, it is possible to execute arbitrary code on Windows 32-bit and 64-bit, as well as Linux 32-bit platforms under the context of the SYSTEM user. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html -- Disclosure Timeline: 2010-09-28 - Vulnerability reported to vendor 2011-02-15 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Frederic Hoguin -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ZDI-11-083: Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
ZDI-11-083: Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-083 February 15, 2011 -- CVE ID: CVE-2010-4465 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10851. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw is due to insufficient defenses against system clipboard hijacking. When in focus, a handle to the system clipboard can be retrieved without user interaction by a malicious component. The clipboard can then be arbitrarily read from or written to. By writing a TransferableProxy object to the system clipboard and then forcing a paste action, arbitrary code can be executed under the context of the user invoking the JRE. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html -- Disclosure Timeline: 2010-01-26 - Vulnerability reported to vendor 2011-02-15 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sami Koivu -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
I now also declare rule 34. On Tue, Feb 15, 2011 at 9:10 PM, Eyeballing Weev wrote: > You look really good in heels and a skirt, nice legs also. > > On 02/15/2011 04:08 PM, Kain, Rebecca (.) wrote: > > Of course that's where I got it from. A woman couldn't be *that* > > creative > > > > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
I declare rule 31 on Rebecca. ( As you are a girl, and therefore are unaware of the rules of the internet, please may I direct your attention to http://encyclopediadramatica.com/Rules_of_the_Internet ) On Tue, Feb 15, 2011 at 9:08 PM, Kain, Rebecca (.) wrote: > Of course that's where I got it from. A woman couldn't be *that* > creative > > > > -Original Message- > From: full-disclosure-boun...@lists.grok.org.uk > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Randal > T. Rioux > Sent: Tuesday, February 15, 2011 4:05 PM > To: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop > and Anonymous trackdown > > Thought this would be appropriate :-) > > http://xkcd.com/149/ > > On 2/15/2011 4:00 PM, Eyeballing Weev wrote: > > What do you expect from a woman? > > > > Rebecca, kindly make me a sandwich > > > > On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote: > >> I did apologise, no need to drag it out into the yard and beat it > with a > >> stick lol. > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
http://a1.l3-images.myspacecdn.com/images01/49/3fb5839feabb972e4b40c2807e328396/l.jpg Rule 34. Now. On Tue, Feb 15, 2011 at 9:13 PM, Cal Leeming [Simplicity Media Ltd] < cal.leem...@simplicitymedialtd.co.uk> wrote: > I now also declare rule 34. > > On Tue, Feb 15, 2011 at 9:10 PM, Eyeballing Weev < > eyeballing.w...@gmail.com> wrote: > >> You look really good in heels and a skirt, nice legs also. >> >> On 02/15/2011 04:08 PM, Kain, Rebecca (.) wrote: >> > Of course that's where I got it from. A woman couldn't be *that* >> > creative >> > >> > >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
You look really good in heels and a skirt, nice legs also. On 02/15/2011 04:08 PM, Kain, Rebecca (.) wrote: > Of course that's where I got it from. A woman couldn't be *that* > creative > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Only if you call me "your little sudo" -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Eyeballing Weev Sent: Tuesday, February 15, 2011 4:01 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown What do you expect from a woman? Rebecca, kindly make me a sandwich On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote: > I did apologise, no need to drag it out into the yard and beat it with a > stick lol. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Of course that's where I got it from. A woman couldn't be *that* creative -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Randal T. Rioux Sent: Tuesday, February 15, 2011 4:05 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown Thought this would be appropriate :-) http://xkcd.com/149/ On 2/15/2011 4:00 PM, Eyeballing Weev wrote: > What do you expect from a woman? > > Rebecca, kindly make me a sandwich > > On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote: >> I did apologise, no need to drag it out into the yard and beat it with a >> stick lol. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Thought this would be appropriate :-) http://xkcd.com/149/ On 2/15/2011 4:00 PM, Eyeballing Weev wrote: > What do you expect from a woman? > > Rebecca, kindly make me a sandwich > > On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote: >> I did apologise, no need to drag it out into the yard and beat it with a >> stick lol. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
How about under threat of receiving a shiner? On 02/15/2011 04:02 PM, Kain, Rebecca (.) wrote: > Only if you call me "your little sudo" > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
What do you expect from a woman? Rebecca, kindly make me a sandwich On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote: > I did apologise, no need to drag it out into the yard and beat it with a > stick lol. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
I did apologise, no need to drag it out into the yard and beat it with a stick lol. On Tue, Feb 15, 2011 at 8:33 PM, Kain, Rebecca (.) wrote: > > cool, thanks coderman > > If something's a private joke, I don't see why it needed to be aired > here, that's all. > > > -Original Message- > From: full-disclosure-boun...@lists.grok.org.uk > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of coderman > Sent: Tuesday, February 15, 2011 3:31 PM > To: Eyeballing Weev > Cc: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop > and Anonymous trackdown > > On Tue, Feb 15, 2011 at 7:48 AM, Eyeballing Weev > wrote: > > Wanna hang out later, Rebecca? I got some cocaine, LSD and pills that > if > > we get caught I will claim they are not mine and the police planted > them > > on us. > > poor eyeballer, must be bored silly. did you leech that correctional > cctv feed yet? > > and beware Rebecca, eyeballer is a selfish and arrogant lover, like > Assange perhaps. don't be a link to his node on the irc sex chart! > > :o > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [USN-1064-1] OpenSSL vulnerability
=== Ubuntu Security Notice USN-1064-1 February 15, 2011 openssl vulnerability CVE-2011-0014 === A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.6 Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.4 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: Neel Mehta discovered that incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This could allow a remote attacker to cause a crash and denial of service by triggering invalid memory accesses. Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.diff.gz Size/MD5: 113947 666d4d39c8d15495574b3e8cde84d14b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.dsc Size/MD5: 2097 a9aee866b987128cbb53018bb4c3e076 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.6_all.deb Size/MD5: 640766 4410bba4b493067940d740ba0bfd9e36 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb Size/MD5: 630236 4e57f2683a2fd11379ef834de483e92a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 2143716 b73b8e9eca5d99faf5bba7b3ad885d0d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 1650734 15024c4129edb6729aadd42a3c6625d9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb Size/MD5: 136136 c691630136d1888d9818afcbef5b3376 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 979838 e410fcc0f092be5bdf0dd48866030de6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_amd64.deb Size/MD5: 406380 45ae705310a650701711237bc24834fa i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb Size/MD5: 582632 605d20a6d46358bb020263b589628bc7 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 2006542 2651ca8bad5a1274f8ac9eb3c9928f10 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 5806564 99755b3eed448fd0bedaf6c90c760222 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb Size/MD5: 129782 08548187135f8ef21f91c1206231c46c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 3015290 d32c63182c7b0eb4ef8eb8427d89ec65 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_i386.deb Size/MD5: 400386 0a10c201d957f574524d98d9e4b87df3 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb Size/MD5: 532308 0532b6933c19ecb8ddf0cf502acdbef7 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 1935434 3b86a27ba4064993fa641b7a57700947 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 1624860 cc66be850879a7506c83199a8307c0a8 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb Size/MD5: 115646 5f09e1585b7d8213a34c326e878d2855 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 849808 fe1a2c9bb7fa58309897e2c74428565c http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_armel.deb Size/MD5: 394134 6dae0590575a5d6cca5ec37bee48c3d0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb Size/MD5: 627048 9cc7f8c9c8e834804f6b8ad9d4f038e1 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_powerpc.deb Size/MD5: 2147450 1fa01d48576c59ece29b15e52067a0
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
cool, thanks coderman If something's a private joke, I don't see why it needed to be aired here, that's all. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of coderman Sent: Tuesday, February 15, 2011 3:31 PM To: Eyeballing Weev Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown On Tue, Feb 15, 2011 at 7:48 AM, Eyeballing Weev wrote: > Wanna hang out later, Rebecca? I got some cocaine, LSD and pills that if > we get caught I will claim they are not mine and the police planted them > on us. poor eyeballer, must be bored silly. did you leech that correctional cctv feed yet? and beware Rebecca, eyeballer is a selfish and arrogant lover, like Assange perhaps. don't be a link to his node on the irc sex chart! :o ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
On Tue, Feb 15, 2011 at 7:48 AM, Eyeballing Weev wrote: > Wanna hang out later, Rebecca? I got some cocaine, LSD and pills that if > we get caught I will claim they are not mine and the police planted them > on us. poor eyeballer, must be bored silly. did you leech that correctional cctv feed yet? and beware Rebecca, eyeballer is a selfish and arrogant lover, like Assange perhaps. don't be a link to his node on the irc sex chart! :o ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [AntiSnatchOr] Drupal <= 6.20 insecure Captcha defaults PoC
Some guys pay more for women with "extra hardware". What are you doing later? ;-) > What the hell :) > I'm a man mate. > > Michele is like Michael. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [AntiSnatchOr] Drupal <= 6.20 insecure Captcha defaults PoC
On Tue, Feb 15, 2011 at 12:25 AM, Eyeballing Weev wrote: > > > On Mon, Feb 14, 2011 at 4:54 PM, MustLive > wrote: >> >> Hello Michele! >> >> Few days ago I saw your advisory about Drupal's captcha. It's interesting >> advisory, but I have one note concerning it - your research is very close >> to >> mine ;-) (it concerns similar holes which I found before you). > > Quit being sexist. Is this because of a woman disclosed this? What the hell :) I'm a man mate. Michele is like Michael. antisnatchor > >> >> Second, in your PoC (bruteforce exploit for Drupal) you're talking about >> Brute Force hole. But in title you said about insecure Captcha (which is >> Insufficient Anti-automation). These are different classes of >> vulnerabilities, like in WASC TC - Brute Force (WASC-11) and Insufficient >> Anti-automation (WASC-21). So your title is not fully correct. > > Again, more sexism by you. > > >> >> All these holes in Drupal (from my 4 advisories concerning Drupal) will be >> disclosed soon. It was planned for February, so at this week I begun >> disclosing these holes. >> >> So, Michele, good luck in your security researches. > > > Good luck to anyone reading your Engrish ridden "advisories" > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [AntiSnatchOr] Drupal <= 6.20 insecure Captcha defaults PoC
2011/2/14 MustLive : > Hello Michele! > > Few days ago I saw your advisory about Drupal's captcha. It's interesting > advisory, but I have one note concerning it - your research is very close to > mine ;-) (it concerns similar holes which I found before you). I didn't found anything in FD or other public lists mentioning this issue before, so :) > > First, you are talking Drupal captcha and saying that Drupal <= 6.20 are > vulnerable. But it's not fully correct - Drupal Captcha module it's not core > module, but third party one, so these holes have no relation to Drupal. It's > how Drupal developers answered me in December, when I informed them about > holes in their Captcha (I'm not using Drupal, so I didn't know is core this > module or not). And so the hole in captcha concerns only Captcha module for > Drupal (and sites on any version of Drupal with such module can be > vulnerable) - so correctly to write about vulnerability not in Drupal, but > exactly in Captcha module. > > Second, in your PoC (bruteforce exploit for Drupal) you're talking about > Brute Force hole. But in title you said about insecure Captcha (which is > Insufficient Anti-automation). These are different classes of > vulnerabilities, like in WASC TC - Brute Force (WASC-11) and Insufficient > Anti-automation (WASC-21). So your title is not fully correct. I don't care too much about WASC classification, as you probably do. wasc-21 can lead to wasc-11, so I don't want to bother on classifying these things. > >> This means the following: if I will be able to correctly solve the first >> Captcha challenge in the login form, but the login credentials are >> invalid, there will be no new Captcha challenge to solve in the login form >> presented after the HTTP response. In this situation is possible to >> automate a dictionary/bruteforcing attack. > > This a little different from my hole - in my hole I'm bypassing captcha > without any correct solving of challenges, i.e. complete bypass (and > "persistence option" will not help against my attack). But your advisory is > still close to mine ;-). > > Third, concerning the dates. > > At 2010-12-10 I announced different vulnerabilities in Drupal > (http://websecurity.com.ua/4749/), found in summer. Including Insufficient > Anti-automation vulnerabilities concerning captcha (as I'll write in my > advisory, there are IAA holes as in captcha, as in Drupal itself). > At 2010-12-11 I informed Drupal about these vulnerabilities in Drupal. > At 2010-12-11 John Morahan from Drupal security team answered me. And in > particular he stated, that Drupal Captcha is separate module. > At 2010-12-12 I draw John's attention, that IAA holes existed not only in > captcha module, but in Drupal itself (so it concerned Drupal too). > At 2010-12-15 I announced new vulnerabilities in Drupal > (http://websecurity.com.ua/4749/), found in summer. Including Brute Force > (as concerning captcha module, as Drupal itself). > At 2010-12-16 I informed Drupal about these vulnerabilities in Drupal. > > So as you can see I announced and informed developers more than month before > you. Did they told you, that I informed them about similar attacks and very > close holes in December? Looks like they didn't. Which is strange, it's > unlikely that they forgot after just a month about it or that the whole > Drupal security team had amnesia in January. > > All these holes in Drupal (from my 4 advisories concerning Drupal) will be > disclosed soon. It was planned for February, so at this week I begun > disclosing these holes. They didn't told me anything: I've been in contact with Jakub Suchy and Mori Sugimoto. They said that the issue I've reported qualified for public disclosure. Probably they didn't told me about you because they don't give a shit about you, as all of us that write in FD do :) Have a good day mr. MustLive > > So, Michele, good luck in your security researches. > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > [Full-disclosure] [AntiSnatchOr] Drupal <= 6.20 insecure Captcha defaults > PoC > Michele Orru antisnatchor at gmail.com > Thu Feb 10 12:15:01 GMT 2011 > > >> Drupal <= 6.20 insecure Captcha defaults PoC >> >> Name: Drupal <= 6.20 insecure Captcha defaults PoC >> Systems Affected: Drupal <= 6.20 with Captcha <= 2.3 >> Severity: Medium >> Vendor: http://drupal.org >> Advisory: http://antisnatchor.com/Drupal_insecure_Captcha_defaults_PoC >> Author: Michele "antisnatchor" Orru` (michele.orru AT antisnatchor DOT >> com) >> Date: 20110210 >> >> I. BACKGROUND >> Drupal is a world-wide used open-source CMS written in PHP: >> being really flexible and easy to extend, is the de-facto >> choice for many small and big websites/portals that need a robust >> framework on which model their business. >> >> II. DESCRIPTION >> Many Drupal users use Captcha challenges (specially with reCaptcha) in >> their >> websites to protect sensitive resources from b
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
wasnt meant that harshly :) was a simpsons quote 2011/2/15 Cal Leeming [Simplicity Media Ltd] < cal.leem...@simplicitymedialtd.co.uk> > Bit of an inside joke, sorry, should have kept it off the list! > > > On Tue, Feb 15, 2011 at 3:30 PM, Kain, Rebecca (.) wrote: > >> I haven't understood a word of this so far >> >> >> -- >> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: >> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *huj huj huj >> *Sent:* Tuesday, February 15, 2011 10:29 AM >> *To:* Cal Leeming [Simplicity Media Ltd] >> *Cc:* full-disclosure@lists.grok.org.uk >> >> *Subject:* Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop >> and Anonymous trackdown >> >> hey funboys! get a room.. >> >> 2011/2/15 Cal Leeming [Simplicity Media Ltd] < >> cal.leem...@simplicitymedialtd.co.uk> >> >>> Come at me bro :D >>> >>> >>> On Tue, Feb 15, 2011 at 1:29 PM, Benji wrote: >>> fighting words. On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] < cal.leem...@simplicitymedialtd.co.uk> wrote: > I know right? > > First I hold myself back from posting your dox everywhere, and now > this! > > On Tue, Feb 15, 2011 at 1:06 PM, Benji wrote: > >> Well check you out. >> >> >> On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] >> wrote: >> >>> Lol, I ain't touching this shit with a barge pole. >>> >>> On Mon, Feb 14, 2011 at 11:05 PM, wrote: >>> HI i extracted all attachments from the first 3 emails, provided a dump of all files categorized by type. Also you can spread the most significative files on anonymous/wikileaks that i selected on the web page. http://xqz3u5drneuzhaeo.onion/users/hbgary/ It doesn't include attachment from greg emails. It can be also accessed with: https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 and https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ - Digital PSYOP / INFOOPS to influence public media in support to US Government PSYOPS Response.doc PPT/PSYOP Process-1.ppt PAGES/PSYOPS Response-1.pages - Anti Anonymous Operations PDF/Anonymous_v2.pdf with list of operations, name, nicknames DOC/Anonymous.docx - Anti-Wikileaks Operations /PPT/WikiLeaks Response v6.pptx - Analisys of security incidents such as Google Aurora Hacking by Chinese Gov,Stuxnes, etc PDF/HBGThreatReport_Aurora.pdf DOC/Aurora_report_v3.docx PPT/Aurora Tech Group.ppt - Stuxnet ZIP/stuxnet.zi_ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> > >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Wanna hang out later, Rebecca? I got some cocaine, LSD and pills that if we get caught I will claim they are not mine and the police planted them on us. On 02/15/2011 10:30 AM, Kain, Rebecca (.) wrote: > I haven't understood a word of this so far > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
I haven't understood a word of this so far From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of huj huj huj Sent: Tuesday, February 15, 2011 10:29 AM To: Cal Leeming [Simplicity Media Ltd] Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown hey funboys! get a room.. 2011/2/15 Cal Leeming [Simplicity Media Ltd] Come at me bro :D On Tue, Feb 15, 2011 at 1:29 PM, Benji wrote: fighting words. On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] wrote: I know right? First I hold myself back from posting your dox everywhere, and now this! On Tue, Feb 15, 2011 at 1:06 PM, Benji wrote: Well check you out. On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] wrote: Lol, I ain't touching this shit with a barge pole. On Mon, Feb 14, 2011 at 11:05 PM, wrote: HI i extracted all attachments from the first 3 emails, provided a dump of all files categorized by type. Also you can spread the most significative files on anonymous/wikileaks that i selected on the web page. http://xqz3u5drneuzhaeo.onion/users/hbgary/ It doesn't include attachment from greg emails. It can be also accessed with: https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drne uzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 and https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ - Digital PSYOP / INFOOPS to influence public media in support to US Government PSYOPS Response.doc PPT/PSYOP Process-1.ppt PAGES/PSYOPS Response-1.pages - Anti Anonymous Operations PDF/Anonymous_v2.pdf with list of operations, name, nicknames DOC/Anonymous.docx - Anti-Wikileaks Operations /PPT/WikiLeaks Response v6.pptx - Analisys of security incidents such as Google Aurora Hacking by Chinese Gov,Stuxnes, etc PDF/HBGThreatReport_Aurora.pdf DOC/Aurora_report_v3.docx PPT/Aurora Tech Group.ppt - Stuxnet ZIP/stuxnet.zi_ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Bit of an inside joke, sorry, should have kept it off the list! On Tue, Feb 15, 2011 at 3:30 PM, Kain, Rebecca (.) wrote: > I haven't understood a word of this so far > > > -- > *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: > full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *huj huj huj > *Sent:* Tuesday, February 15, 2011 10:29 AM > *To:* Cal Leeming [Simplicity Media Ltd] > *Cc:* full-disclosure@lists.grok.org.uk > > *Subject:* Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop > and Anonymous trackdown > > hey funboys! get a room.. > > 2011/2/15 Cal Leeming [Simplicity Media Ltd] < > cal.leem...@simplicitymedialtd.co.uk> > >> Come at me bro :D >> >> >> On Tue, Feb 15, 2011 at 1:29 PM, Benji wrote: >> >>> fighting words. >>> >>> >>> On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] < >>> cal.leem...@simplicitymedialtd.co.uk> wrote: >>> I know right? First I hold myself back from posting your dox everywhere, and now this! On Tue, Feb 15, 2011 at 1:06 PM, Benji wrote: > Well check you out. > > > On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] < > cal.leem...@simplicitymedialtd.co.uk> wrote: > >> Lol, I ain't touching this shit with a barge pole. >> >> On Mon, Feb 14, 2011 at 11:05 PM, wrote: >> >>> HI >>> >>> i extracted all attachments from the first 3 emails, provided a dump >>> of all files categorized by type. >>> >>> Also you can spread the most significative files on >>> anonymous/wikileaks that i selected on the web page. >>> >>> http://xqz3u5drneuzhaeo.onion/users/hbgary/ >>> >>> It doesn't include attachment from greg emails. >>> >>> It can be also accessed with: >>> >>> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 >>> and >>> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ >>> >>> - Digital PSYOP / INFOOPS to influence public media in support to US >>> Government >>> >>> PSYOPS Response.doc >>> PPT/PSYOP Process-1.ppt >>> PAGES/PSYOPS Response-1.pages >>> >>> - Anti Anonymous Operations >>> >>> PDF/Anonymous_v2.pdf with list of operations, name, nicknames >>> DOC/Anonymous.docx >>> >>> - Anti-Wikileaks Operations >>> /PPT/WikiLeaks Response v6.pptx >>> >>> - Analisys of security incidents such as Google Aurora Hacking by >>> Chinese Gov,Stuxnes, etc >>> >>> PDF/HBGThreatReport_Aurora.pdf >>> DOC/Aurora_report_v3.docx >>> PPT/Aurora Tech Group.ppt >>> >>> - Stuxnet >>> ZIP/stuxnet.zi_ >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > >>> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
hey funboys! get a room.. 2011/2/15 Cal Leeming [Simplicity Media Ltd] < cal.leem...@simplicitymedialtd.co.uk> > Come at me bro :D > > > On Tue, Feb 15, 2011 at 1:29 PM, Benji wrote: > >> fighting words. >> >> >> On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] < >> cal.leem...@simplicitymedialtd.co.uk> wrote: >> >>> I know right? >>> >>> First I hold myself back from posting your dox everywhere, and now this! >>> >>> On Tue, Feb 15, 2011 at 1:06 PM, Benji wrote: >>> Well check you out. On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] < cal.leem...@simplicitymedialtd.co.uk> wrote: > Lol, I ain't touching this shit with a barge pole. > > On Mon, Feb 14, 2011 at 11:05 PM, wrote: > >> HI >> >> i extracted all attachments from the first 3 emails, provided a dump >> of all files categorized by type. >> >> Also you can spread the most significative files on >> anonymous/wikileaks that i selected on the web page. >> >> http://xqz3u5drneuzhaeo.onion/users/hbgary/ >> >> It doesn't include attachment from greg emails. >> >> It can be also accessed with: >> >> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 >> and >> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ >> >> - Digital PSYOP / INFOOPS to influence public media in support to US >> Government >> >> PSYOPS Response.doc >> PPT/PSYOP Process-1.ppt >> PAGES/PSYOPS Response-1.pages >> >> - Anti Anonymous Operations >> >> PDF/Anonymous_v2.pdf with list of operations, name, nicknames >> DOC/Anonymous.docx >> >> - Anti-Wikileaks Operations >> /PPT/WikiLeaks Response v6.pptx >> >> - Analisys of security incidents such as Google Aurora Hacking by >> Chinese Gov,Stuxnes, etc >> >> PDF/HBGThreatReport_Aurora.pdf >> DOC/Aurora_report_v3.docx >> PPT/Aurora Tech Group.ppt >> >> - Stuxnet >> ZIP/stuxnet.zi_ >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >>> >> > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Come at me bro :D On Tue, Feb 15, 2011 at 1:29 PM, Benji wrote: > fighting words. > > > On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] < > cal.leem...@simplicitymedialtd.co.uk> wrote: > >> I know right? >> >> First I hold myself back from posting your dox everywhere, and now this! >> >> On Tue, Feb 15, 2011 at 1:06 PM, Benji wrote: >> >>> Well check you out. >>> >>> >>> On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] < >>> cal.leem...@simplicitymedialtd.co.uk> wrote: >>> Lol, I ain't touching this shit with a barge pole. On Mon, Feb 14, 2011 at 11:05 PM, wrote: > HI > > i extracted all attachments from the first 3 emails, provided a dump of > all files categorized by type. > > Also you can spread the most significative files on anonymous/wikileaks > that i selected on the web page. > > http://xqz3u5drneuzhaeo.onion/users/hbgary/ > > It doesn't include attachment from greg emails. > > It can be also accessed with: > > https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 > and > https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ > > - Digital PSYOP / INFOOPS to influence public media in support to US > Government > > PSYOPS Response.doc > PPT/PSYOP Process-1.ppt > PAGES/PSYOPS Response-1.pages > > - Anti Anonymous Operations > > PDF/Anonymous_v2.pdf with list of operations, name, nicknames > DOC/Anonymous.docx > > - Anti-Wikileaks Operations > /PPT/WikiLeaks Response v6.pptx > > - Analisys of security incidents such as Google Aurora Hacking by > Chinese Gov,Stuxnes, etc > > PDF/HBGThreatReport_Aurora.pdf > DOC/Aurora_report_v3.docx > PPT/Aurora Tech Group.ppt > > - Stuxnet > ZIP/stuxnet.zi_ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >> > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Well check you out. On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] < cal.leem...@simplicitymedialtd.co.uk> wrote: > Lol, I ain't touching this shit with a barge pole. > > On Mon, Feb 14, 2011 at 11:05 PM, wrote: > >> HI >> >> i extracted all attachments from the first 3 emails, provided a dump of >> all files categorized by type. >> >> Also you can spread the most significative files on anonymous/wikileaks >> that i selected on the web page. >> >> http://xqz3u5drneuzhaeo.onion/users/hbgary/ >> >> It doesn't include attachment from greg emails. >> >> It can be also accessed with: >> >> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 >> and >> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ >> >> - Digital PSYOP / INFOOPS to influence public media in support to US >> Government >> >> PSYOPS Response.doc >> PPT/PSYOP Process-1.ppt >> PAGES/PSYOPS Response-1.pages >> >> - Anti Anonymous Operations >> >> PDF/Anonymous_v2.pdf with list of operations, name, nicknames >> DOC/Anonymous.docx >> >> - Anti-Wikileaks Operations >> /PPT/WikiLeaks Response v6.pptx >> >> - Analisys of security incidents such as Google Aurora Hacking by Chinese >> Gov,Stuxnes, etc >> >> PDF/HBGThreatReport_Aurora.pdf >> DOC/Aurora_report_v3.docx >> PPT/Aurora Tech Group.ppt >> >> - Stuxnet >> ZIP/stuxnet.zi_ >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
fighting words. On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] < cal.leem...@simplicitymedialtd.co.uk> wrote: > I know right? > > First I hold myself back from posting your dox everywhere, and now this! > > On Tue, Feb 15, 2011 at 1:06 PM, Benji wrote: > >> Well check you out. >> >> >> On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] < >> cal.leem...@simplicitymedialtd.co.uk> wrote: >> >>> Lol, I ain't touching this shit with a barge pole. >>> >>> On Mon, Feb 14, 2011 at 11:05 PM, wrote: >>> HI i extracted all attachments from the first 3 emails, provided a dump of all files categorized by type. Also you can spread the most significative files on anonymous/wikileaks that i selected on the web page. http://xqz3u5drneuzhaeo.onion/users/hbgary/ It doesn't include attachment from greg emails. It can be also accessed with: https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 and https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ - Digital PSYOP / INFOOPS to influence public media in support to US Government PSYOPS Response.doc PPT/PSYOP Process-1.ppt PAGES/PSYOPS Response-1.pages - Anti Anonymous Operations PDF/Anonymous_v2.pdf with list of operations, name, nicknames DOC/Anonymous.docx - Anti-Wikileaks Operations /PPT/WikiLeaks Response v6.pptx - Analisys of security incidents such as Google Aurora Hacking by Chinese Gov,Stuxnes, etc PDF/HBGThreatReport_Aurora.pdf DOC/Aurora_report_v3.docx PPT/Aurora Tech Group.ppt - Stuxnet ZIP/stuxnet.zi_ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
I know right? First I hold myself back from posting your dox everywhere, and now this! On Tue, Feb 15, 2011 at 1:06 PM, Benji wrote: > Well check you out. > > > On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] < > cal.leem...@simplicitymedialtd.co.uk> wrote: > >> Lol, I ain't touching this shit with a barge pole. >> >> On Mon, Feb 14, 2011 at 11:05 PM, wrote: >> >>> HI >>> >>> i extracted all attachments from the first 3 emails, provided a dump of >>> all files categorized by type. >>> >>> Also you can spread the most significative files on anonymous/wikileaks >>> that i selected on the web page. >>> >>> http://xqz3u5drneuzhaeo.onion/users/hbgary/ >>> >>> It doesn't include attachment from greg emails. >>> >>> It can be also accessed with: >>> >>> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 >>> and >>> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ >>> >>> - Digital PSYOP / INFOOPS to influence public media in support to US >>> Government >>> >>> PSYOPS Response.doc >>> PPT/PSYOP Process-1.ppt >>> PAGES/PSYOPS Response-1.pages >>> >>> - Anti Anonymous Operations >>> >>> PDF/Anonymous_v2.pdf with list of operations, name, nicknames >>> DOC/Anonymous.docx >>> >>> - Anti-Wikileaks Operations >>> /PPT/WikiLeaks Response v6.pptx >>> >>> - Analisys of security incidents such as Google Aurora Hacking by Chinese >>> Gov,Stuxnes, etc >>> >>> PDF/HBGThreatReport_Aurora.pdf >>> DOC/Aurora_report_v3.docx >>> PPT/Aurora Tech Group.ppt >>> >>> - Stuxnet >>> ZIP/stuxnet.zi_ >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ MDVSA-2011:028 ] openssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2011:028 http://www.mandriva.com/security/ ___ Package : openssl Date: February 15, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been found and corrected in openssl: Incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expose contents of a parsed OCSP nonce extension (CVE-2011-0014). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014 http://www.openssl.org/news/secadv_20110208.txt ___ Updated Packages: Mandriva Linux 2009.0: 38f625b6d5fbbe74a8c228aa2261e2dd 2009.0/i586/libopenssl0.9.8-0.9.8h-3.10mdv2009.0.i586.rpm fc61b0714b019365cc6f927b37fc3d10 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.10mdv2009.0.i586.rpm 544527692f55e0a1dd59dc6370ab020b 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.10mdv2009.0.i586.rpm 41849ac9f12a2e2cff0e3944fa6e984e 2009.0/i586/openssl-0.9.8h-3.10mdv2009.0.i586.rpm 4f1f59751b6c48966dd85c761c822762 2009.0/SRPMS/openssl-0.9.8h-3.10mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 83790a38803c0b6622ba71a538653469 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.10mdv2009.0.x86_64.rpm a7e8ca42a278289153a426ff6e63f2d4 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.10mdv2009.0.x86_64.rpm a31de505d5ef07d262fcef09f7846b2c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.10mdv2009.0.x86_64.rpm a2c3c6535501e1d1d1af0a819b38ec20 2009.0/x86_64/openssl-0.9.8h-3.10mdv2009.0.x86_64.rpm 4f1f59751b6c48966dd85c761c822762 2009.0/SRPMS/openssl-0.9.8h-3.10mdv2009.0.src.rpm Mandriva Linux 2010.0: abdfb70b4da472be8e39ebb4c469931c 2010.0/i586/libopenssl0.9.8-0.9.8k-5.5mdv2010.0.i586.rpm 8d36690ea49e17af8473f5005b4c2016 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.5mdv2010.0.i586.rpm 0a34f7cfdbf7ef06a469713ab51d4c4b 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.5mdv2010.0.i586.rpm 572cf6c010a3eab274382ab47611a83f 2010.0/i586/openssl-0.9.8k-5.5mdv2010.0.i586.rpm 70d71de478326bc6db05ca545526e0d0 2010.0/SRPMS/openssl-0.9.8k-5.5mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 1dca8566715761fca736dd8c99bee27f 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.5mdv2010.0.x86_64.rpm 3832de97378a5d8f770bba220bec3d03 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.5mdv2010.0.x86_64.rpm e50266dff1a542a2a2309d805f694b84 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.5mdv2010.0.x86_64.rpm 52bc3bbedec0b2a71498803cd3018b8a 2010.0/x86_64/openssl-0.9.8k-5.5mdv2010.0.x86_64.rpm 70d71de478326bc6db05ca545526e0d0 2010.0/SRPMS/openssl-0.9.8k-5.5mdv2010.0.src.rpm Mandriva Linux 2010.1: 3126c0a905b6ae07b8c163caeefecd25 2010.1/i586/libopenssl1.0.0-1.0.0a-1.7mdv2010.2.i586.rpm 748782b5675681018f3f964da652f5da 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.7mdv2010.2.i586.rpm 73b260f3546ac32de35983b51540af7d 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.7mdv2010.2.i586.rpm 38db90137c3f027973f24d65271a2034 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.7mdv2010.2.i586.rpm 3acf9314ae1419ede25c3897ddbad817 2010.1/i586/openssl-1.0.0a-1.7mdv2010.2.i586.rpm 14a8046b861371a26ea8e9e2ea9766de 2010.1/SRPMS/openssl-1.0.0a-1.7mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: d03e0887fd3deee9d7da9825947a77c7 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.7mdv2010.2.x86_64.rpm 78040f53c574a206638ec1178c07deb7 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.7mdv2010.2.x86_64.rpm 04128b65a742b8e4aee51f927caebd53 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.7mdv2010.2.x86_64.rpm 3a9f13a9b7bc7c3dd49ba3f16d7c8cec 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.7mdv2010.2.x86_64.rpm 529279fa75b63feb3ff983eda628a416 2010.1/x86_64/openssl-1.0.0a-1.7mdv2010.2.x86_64.rpm 14a8046b861371a26ea8e9e2ea9766de 2010.1/SRPMS/openssl-1.0.0a-1.7mdv2010.2.src.rpm Mandriva Enterprise Server 5: 679657e8095b9f35b76cb37b68dec4a3 mes5/i586/libopenssl0.9.8-0.9.8h-3.10mdvmes5.1.i586.rpm 1b6c52db36f80ce13f0afe0f7ba8764b mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.10mdvmes5.1.i586.rpm e7524e8012965ba844b10b3bd959e83b mes5/i586/libopenssl0.9.8-stat
Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Lol, I ain't touching this shit with a barge pole. On Mon, Feb 14, 2011 at 11:05 PM, wrote: > HI > > i extracted all attachments from the first 3 emails, provided a dump of all > files categorized by type. > > Also you can spread the most significative files on anonymous/wikileaks > that i selected on the web page. > > http://xqz3u5drneuzhaeo.onion/users/hbgary/ > > It doesn't include attachment from greg emails. > > It can be also accessed with: > > https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 > and > https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ > > - Digital PSYOP / INFOOPS to influence public media in support to US > Government > > PSYOPS Response.doc > PPT/PSYOP Process-1.ppt > PAGES/PSYOPS Response-1.pages > > - Anti Anonymous Operations > > PDF/Anonymous_v2.pdf with list of operations, name, nicknames > DOC/Anonymous.docx > > - Anti-Wikileaks Operations > /PPT/WikiLeaks Response v6.pptx > > - Analisys of security incidents such as Google Aurora Hacking by Chinese > Gov,Stuxnes, etc > > PDF/HBGThreatReport_Aurora.pdf > DOC/Aurora_report_v3.docx > PPT/Aurora Tech Group.ppt > > - Stuxnet > ZIP/stuxnet.zi_ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
HI i extracted all attachments from the first 3 emails, provided a dump of all files categorized by type. Also you can spread the most significative files on anonymous/wikileaks that i selected on the web page. http://xqz3u5drneuzhaeo.onion/users/hbgary/ It doesn't include attachment from greg emails. It can be also accessed with: https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26 and https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/ - Digital PSYOP / INFOOPS to influence public media in support to US Government PSYOPS Response.doc PPT/PSYOP Process-1.ppt PAGES/PSYOPS Response-1.pages - Anti Anonymous Operations PDF/Anonymous_v2.pdf with list of operations, name, nicknames DOC/Anonymous.docx - Anti-Wikileaks Operations /PPT/WikiLeaks Response v6.pptx - Analisys of security incidents such as Google Aurora Hacking by Chinese Gov,Stuxnes, etc PDF/HBGThreatReport_Aurora.pdf DOC/Aurora_report_v3.docx PPT/Aurora Tech Group.ppt - Stuxnet ZIP/stuxnet.zi_ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/