[Full-disclosure] Secunia Research: Novell GroupWise Internet Agent TZNAME Parsing Vulnerability
== Secunia Research 27/09/2011 - Novell GroupWise Internet Agent TZNAME Parsing Vulnerability - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * Novell GroupWise 8.0.2 HP2 NOTE: Other versions may also be affected. == 2) Severity Rating: Highly critical Impact: System compromise Where: Remote == 3) Vendor's Description of Software Novell GroupWise 8 gives you a wide range of collaborative tools to create a truly plugged in work environment.. Product Link: http://www.novell.com/products/groupwise/ == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within g1.dll when GroupWise Internet Agent parses TZNAME variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long TZNAME property value. Successful exploitation may allow execution of arbitrary code. == 5) Solution Update to version 8.02 Hot Patch 3. == 6) Time Table 04/03/2011 - Vendor notified. 04/03/2011 - Vendor response. 19/05/2011 - Vendor provides status update. 01/06/2011 - Vendor provides status update. 30/06/2011 - Vendor provides status update. 12/08/2011 - Vendor provides status update. 24/08/2011 - Vendor provides status update. 26/09/2011 - Vendor provides status update. 27/09/2011 - Public disclosure. == 7) Credits Discovered by Carsten Eiram, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2011-0333 for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2011-66/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Secunia Research: Novell GroupWise Internet Agent HTTP Interface Buffer Overflow
== Secunia Research 27/09/2011 - Novell GroupWise Internet Agent HTTP Interface Buffer Overflow - == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * Novell GroupWise 8.0.2 HP2 NOTE: Other versions may also be affected. == 2) Severity Rating: Moderately critical Impact: Denial of Service System Compromise Where: Local Network == 3) Vendor's Description of Software Novell GroupWise 8 gives you a wide range of collaborative tools to create a truly plugged in work environment.. Product Link: http://www.novell.com/products/groupwise/ == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request. == 5) Solution Update to version 8.02 Hot Patch 3. == 6) Time Table 10/03/2011 - Vendor notified. 10/03/2011 - Vendor response. 19/05/2011 - Vendor provides status update. 01/06/2011 - Vendor provides status update. 30/06/2011 - Vendor provides status update. 12/08/2011 - Vendor provides status update. 24/08/2011 - Vendor provides status update. 26/09/2011 - Vendor provides status update. 27/09/2011 - Public disclosure. == 7) Credits Discovered by Carsten Eiram, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2011-0334 for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2011-67/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ == ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Privilege escalation on Windows using Binary Planting
Well yeah, if the system that's designed to protect you isn't functioning, then you aren't protected and all sorts of bad things can happen. When services starts up, the root service executable looks through a registry key to find all the services that should be run. It then executes the value in the key relative to each service based on which account is specified. There is no signature checking or anything funky like that going on. If the path stored in the registry entry is a valid executable, it will get executed. It is up to the installer to make sure that the service cannot be replaced. This is done by storing it in Program Files, or one of the other recommended locations, which only administrators can access by default. If the executable is stored in another location, it is still up to the installer to set up proper file permissions. Further, only an administrator should be able to start or stop the service. All of this is up to the installer, and the service itself to handle. If a service or installer deviates from the prescribed design set out by Microsoft, is it really Windows' fault that it happened? Not really. So, yes you could escalate privilege through this method, but really the failure is by the developer of the service, or by the developer of the installer. -Original Message- From: listbou...@securityfocus.com [mailto:listbou...@securityfocus.com] On Behalf Of Madhur Ahuja Sent: Sunday, September 25, 2011 2:31 PM To: security-bas...@securityfocus.com; full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Privilege escalation on Windows using Binary Planting Imagine a situation where I have a Windows system with the restricted user access and want to get the Administrator access. There are many services in Windows which run with SYSTEM account. If there exists even one such service whose executable is not protected by Windows File Protection, isn't it possible to execute malicious code (such as gaining Administrator access) simply by replacing the service executable with malicious one and then restarting the service. As a restricted user, what's stopping me to do this ? Is there any integrity check performed by services.msc or service itself before executing with SYSTEM account ? Madhur ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Privilege escalation on Windows using Binary Planting
the trick is to find one that is writable while logged in as a less priveleged user and then overwrite the executable. Anti virus executables are typically a good place to start :) tasklist /fi USERNAME eq NT AUTHORITY\SYSTEM” Image Name PID Session Name Session#Mem Usage = == System Idle Process0 Console 0 28 K System 4 Console 0236 K smss.exe 704 Console 0388 K csrss.exe752 Console 0 4,032 K winlogon.exe 776 Console 0 2,904 K services.exe 820 Console 0 4,612 K lsass.exe832 Console 0 1,724 K ati2evxx.exe 980 Console 0 2,676 K svchost.exe 1020 Console 0 5,948 K svchost.exe 1200 Console 0 23,100 K DLService.exe 1484 Console 0 7,856 K spoolsv.exe 1848 Console 0 6,992 K schedul2.exe2028 Console 0 2,036 K inetinfo.exe 228 Console 0 10,484 K mnmsrvc.exe 364 Console 0 3,436 K rundll32.exe 352 Console 0 3,168 K SAVAdminService.exe 356 Console 0 2,548 K ManagementAgentNT.exe580 Console 0 4,624 K ALsvc.exe748 Console 0944 K RouterNT.exe1004 Console 0 4,884 K vsAOD.Exe 1868 Console 0 4,224 K C:\Documents and Settings\pentest From: Steve Syfuhs [st...@syfuhs.net] Sent: 26 September 2011 19:09 To: Madhur Ahuja; security-bas...@securityfocus.com; full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Privilege escalation on Windows using Binary Planting Well yeah, if the system that's designed to protect you isn't functioning, then you aren't protected and all sorts of bad things can happen. When services starts up, the root service executable looks through a registry key to find all the services that should be run. It then executes the value in the key relative to each service based on which account is specified. There is no signature checking or anything funky like that going on. If the path stored in the registry entry is a valid executable, it will get executed. It is up to the installer to make sure that the service cannot be replaced. This is done by storing it in Program Files, or one of the other recommended locations, which only administrators can access by default. If the executable is stored in another location, it is still up to the installer to set up proper file permissions. Further, only an administrator should be able to start or stop the service. All of this is up to the installer, and the service itself to handle. If a service or installer deviates from the prescribed design set out by Microsoft, is it really Windows' fault that it happened? Not really. So, yes you could escalate privilege through this method, but really the failure is by the developer of the service, or by the developer of the installer. -Original Message- From: listbou...@securityfocus.com [mailto:listbou...@securityfocus.com] On Behalf Of Madhur Ahuja Sent: Sunday, September 25, 2011 2:31 PM To: security-bas...@securityfocus.com; full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Privilege escalation on Windows using Binary Planting Imagine a situation where I have a Windows system with the restricted user access and want to get the Administrator access. There are many services in Windows which run with SYSTEM account. If there exists even one such service whose executable is not protected by Windows File Protection, isn't it possible to execute malicious code (such as gaining Administrator access) simply by replacing the service executable with malicious one and then restarting the service. As a restricted user, what's stopping me to do this ? Is there any integrity check performed by services.msc or service itself before executing with SYSTEM account ? Madhur ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your
Re: [Full-disclosure] Twitter URL spoofing still exploitable
So their patching method merely introduced another exploitation method? Reminds me of some of Oracles patches... On Tue, Sep 27, 2011 at 3:18 AM, Pablo Ximenes pa...@ximen.es wrote: Some of you might consider this blog post of value: http://ximen.es/?p=534 Thanks, Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.orgwrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Twitter URL spoofing still exploitable
Ok, now nobody can spoof a URL, but how come a user will tell good URLs and bad ones apart? Oh boy! Wherever did you get the idea that users can do this? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Twitter URL spoofing still exploitable
On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky d...@doxpara.com wrote: Ok, now nobody can spoof a URL, but how come a user will tell good URLs and bad ones apart? Oh boy! Wherever did you get the idea that users can do this? Jokes apart, I do find it annoying that URLs aren't expanded automatically anymore. But I don't expect this situation to be permanent. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Twitter URL spoofing still exploitable
On 28 September 2011 01:00, Mario Vilas mvi...@gmail.com wrote: On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky d...@doxpara.com wrote: Ok, now nobody can spoof a URL, but how come a user will tell good URLs and bad ones apart? Oh boy! Wherever did you get the idea that users can do this? Jokes apart, I do find it annoying that URLs aren't expanded automatically anymore. But I don't expect this situation to be permanent. Agreed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Twitter URL spoofing still exploitable
If you hover over the t.co links the alt= tag holds the real url. On Tue, Sep 27, 2011 at 4:11 PM, dave bl db.pub.m...@gmail.com wrote: On 28 September 2011 01:00, Mario Vilas mvi...@gmail.com wrote: On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky d...@doxpara.com wrote: Ok, now nobody can spoof a URL, but how come a user will tell good URLs and bad ones apart? Oh boy! Wherever did you get the idea that users can do this? Jokes apart, I do find it annoying that URLs aren't expanded automatically anymore. But I don't expect this situation to be permanent. Agreed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Twitter URL spoofing still exploitable
Aparently twitter is back to normal, t.co isn't showing in place of every URL anymore. This was indeed temporary while they were fixing things as mentioned. Att, Pablo Ximenes http://ximen.es/ http://twitter.com/pabloximenes 2011/9/27 Benji m...@b3nji.com: If you hover over the t.co links the alt= tag holds the real url. On Tue, Sep 27, 2011 at 4:11 PM, dave bl db.pub.m...@gmail.com wrote: On 28 September 2011 01:00, Mario Vilas mvi...@gmail.com wrote: On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky d...@doxpara.com wrote: Ok, now nobody can spoof a URL, but how come a user will tell good URLs and bad ones apart? Oh boy! Wherever did you get the idea that users can do this? Jokes apart, I do find it annoying that URLs aren't expanded automatically anymore. But I don't expect this situation to be permanent. Agreed. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2311-1] openjdk-6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2311-1 secur...@debian.org http://www.debian.org/security/Florian Weimer September 27, 2011 http://www.debian.org/security/faq - - Package: openjdk-6 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871 Debian Bug : 629852 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. In addition, this update removes support for the Zero/Shark and Cacao Hotspot variants from the i386 and amd64 due to stability issues. These Hotspot variants are included in the openjdk-6-jre-zero and icedtea-6-jre-cacao packages, and these packages must be removed during this update. For the oldstable distribution (lenny), these problems will be fixed in a separate DSA for technical reasons. For the stable distribution (squeeze), these problems have been fixed in version 6b18-1.8.9-0.1~squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid(, these problems have been fixed in version 6b18-1.8.9-0.1. We recommend that you upgrade your OpenJDK packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJOgi6wAAoJEL97/wQC1SS+tVMH/jqNKwe9WMsTptRPR4OGue/F uXY9ThI/eFs4YZ9Ah9tON2b76LhLtxr7s01yrFRZJQNxev1YYYSdJHDzF+b1CD+v /AqzRPYoPQbXCIgDoBBM0+fHh56cpZybPoSRkL5gTIkeKNxukTWNwJRRu5hieO/5 F0Sp6sqWrPGKkkb2FjuGozOwEwzzMqIVh+nnQ1xFk2M+zKAynokHkbxrJ4fIUA9y OtXLGrjQkwzkJ+t7ubQ1YAkrOY4tI2znpmOFJmEIsKaXi+Mi8MDVBdT6W1D9PJmp PgwMqq9ic4eH8z+n8gp+YPkqFnEf3r00HAbx2lLEGRjfyvaYrPn//2jVt5bArNM= =h3JV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
#pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.orgwrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
On 9/27/2011 10:10 PM, sandeep k wrote: Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com mailto:tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com mailto:doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com mailto:d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org mailto:laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com mailto:noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com mailto:ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Ferenc Kovács @Tyr43l - http://tyrael.hu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From my understanding they used the channel as a possible recruitment ground, though only 6 people were officially a part of lulzsec , i find it disturbing that law enforcement considers being in an irc channel tantamount to being a part of lulzsec. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
Hello Laurelai , Oh i agree it is still a terrible precedent to be set.. I dont even know where, legally, i stand anymore... It is rather disturbing, nomatter WHO it was laurela. I am all for the hatred against the VPN provs, and this is not just happening here, and i made a BIG statement about this, and privacy, in my channel on efnet, first as i saw it. Then saw a torrentfreak feed,of someone who was an owner of a huge torrent site, was handed to authorities, not by the hoster, no... but by the frigging payment handler, ie paypal or alertpay most likely. This is not good, it makes a grey could now over what is 'anon' and what isnt. and thats a bad thing for us all. To much fraud is causing this, thats plain and simple.Abusing places like Sony, and, major banks, only make the authorities turn to politics, whom in turn can bully with federal and state laws of ANY country, i think this is the dangerous part wich is affecting lulzsec members or whoever was apart of it, and, i mean efnet is no recruiting grounds for decent hkrs. Simple as that, you know it, maybe thru word of mouth ok, but not alone by being in channels but that network, is one federal hideout now..and, that is every channel, if it is not being spied (yea they have a module m_spychannel.c or similar, wich, they actually had without realising, asked a friend, to code for them. This was rejected by me/her,but i believe they have the module running now. So, what was to stop them adding theyre own hidden spy mode to it :s look at what they did to my old channel #haqnet, they introduced drinemon and a bunch of other things, when it could have been simply worked out with words.. but anyhow, i will not brood on the past, i hope this is mutual Laurelai, I have nothing bad to say about you, and in turn, expect the same. Respect for respect dear. I do agree with you about the situation and, as you can see, am not holding 9undisclosed) crappy things wich happened along time ago, over one idiotic kid, on efnet, whom now i know you do not associate with. So, i want that, to be laid rest now.. please. And, we can only hope that the greater common sense will prevail and hopefully, places will be forced to proove anonymity in some way, wether that be by showing people email interaction with requester's of peoples info, or anything simple even, wich would be then a standard for VPN, I do not use them but, if i bought anonymous vpn, id expect exactly that,without political interaction and grey areas about who and what is now legal and not legal on the internet, on chatrooms, and on even websites. ok, thats plenty, cheers! xd On 28 September 2011 13:41, Laurelai laure...@oneechan.org wrote: On 9/27/2011 10:10 PM, sandeep k wrote: Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
Im suprised, someone on the internet who *doesn't * hate me :p On Sep 27, 2011 11:29 PM, GloW - XD doo...@gmail.com wrote: Hello Laurelai , Oh i agree it is still a terrible precedent to be set.. I dont even know where, legally, i stand anymore... It is rather disturbing, nomatter WHO it was laurela. I am all for the hatred against the VPN provs, and this is not just happening here, and i made a BIG statement about this, and privacy, in my channel on efnet, first as i saw it. Then saw a torrentfreak feed,of someone who was an owner of a huge torrent site, was handed to authorities, not by the hoster, no... but by the frigging payment handler, ie paypal or alertpay most likely. This is not good, it makes a grey could now over what is 'anon' and what isnt. and thats a bad thing for us all. To much fraud is causing this, thats plain and simple.Abusing places like Sony, and, major banks, only make the authorities turn to politics, whom in turn can bully with federal and state laws of ANY country, i think this is the dangerous part wich is affecting lulzsec members or whoever was apart of it, and, i mean efnet is no recruiting grounds for decent hkrs. Simple as that, you know it, maybe thru word of mouth ok, but not alone by being in channels but that network, is one federal hideout now..and, that is every channel, if it is not being spied (yea they have a module m_spychannel.c or similar, wich, they actually had without realising, asked a friend, to code for them. This was rejected by me/her,but i believe they have the module running now. So, what was to stop them adding theyre own hidden spy mode to it :s look at what they did to my old channel #haqnet, they introduced drinemon and a bunch of other things, when it could have been simply worked out with words.. but anyhow, i will not brood on the past, i hope this is mutual Laurelai, I have nothing bad to say about you, and in turn, expect the same. Respect for respect dear. I do agree with you about the situation and, as you can see, am not holding 9undisclosed) crappy things wich happened along time ago, over one idiotic kid, on efnet, whom now i know you do not associate with. So, i want that, to be laid rest now.. please. And, we can only hope that the greater common sense will prevail and hopefully, places will be forced to proove anonymity in some way, wether that be by showing people email interaction with requester's of peoples info, or anything simple even, wich would be then a standard for VPN, I do not use them but, if i bought anonymous vpn, id expect exactly that,without political interaction and grey areas about who and what is now legal and not legal on the internet, on chatrooms, and on even websites. ok, thats plenty, cheers! xd On 28 September 2011 13:41, Laurelai laure...@oneechan.org wrote: On 9/27/2011 10:10 PM, sandeep k wrote: Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
never did... was only for one buttcheek kid that i was alittle pissed and thinking things wich, prolly were wrong at the time... I am adult enough to apologise for what happened back then, and hopefully it is just, cool. :) cheers, your loved by many, you just have many trollers to :sp take care , xd On 28 September 2011 14:32, Laurelai Storm laure...@oneechan.org wrote: Im suprised, someone on the internet who *doesn't * hate me :p On Sep 27, 2011 11:29 PM, GloW - XD doo...@gmail.com wrote: Hello Laurelai , Oh i agree it is still a terrible precedent to be set.. I dont even know where, legally, i stand anymore... It is rather disturbing, nomatter WHO it was laurela. I am all for the hatred against the VPN provs, and this is not just happening here, and i made a BIG statement about this, and privacy, in my channel on efnet, first as i saw it. Then saw a torrentfreak feed,of someone who was an owner of a huge torrent site, was handed to authorities, not by the hoster, no... but by the frigging payment handler, ie paypal or alertpay most likely. This is not good, it makes a grey could now over what is 'anon' and what isnt. and thats a bad thing for us all. To much fraud is causing this, thats plain and simple.Abusing places like Sony, and, major banks, only make the authorities turn to politics, whom in turn can bully with federal and state laws of ANY country, i think this is the dangerous part wich is affecting lulzsec members or whoever was apart of it, and, i mean efnet is no recruiting grounds for decent hkrs. Simple as that, you know it, maybe thru word of mouth ok, but not alone by being in channels but that network, is one federal hideout now..and, that is every channel, if it is not being spied (yea they have a module m_spychannel.c or similar, wich, they actually had without realising, asked a friend, to code for them. This was rejected by me/her,but i believe they have the module running now. So, what was to stop them adding theyre own hidden spy mode to it :s look at what they did to my old channel #haqnet, they introduced drinemon and a bunch of other things, when it could have been simply worked out with words.. but anyhow, i will not brood on the past, i hope this is mutual Laurelai, I have nothing bad to say about you, and in turn, expect the same. Respect for respect dear. I do agree with you about the situation and, as you can see, am not holding 9undisclosed) crappy things wich happened along time ago, over one idiotic kid, on efnet, whom now i know you do not associate with. So, i want that, to be laid rest now.. please. And, we can only hope that the greater common sense will prevail and hopefully, places will be forced to proove anonymity in some way, wether that be by showing people email interaction with requester's of peoples info, or anything simple even, wich would be then a standard for VPN, I do not use them but, if i bought anonymous vpn, id expect exactly that,without political interaction and grey areas about who and what is now legal and not legal on the internet, on chatrooms, and on even websites. ok, thats plenty, cheers! xd On 28 September 2011 13:41, Laurelai laure...@oneechan.org wrote: On 9/27/2011 10:10 PM, sandeep k wrote: Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html Though HMA claims they complied with a court order, it looks as if they facilitated a law enforcement request. The US and the FBI have no jurisdiction in the UK. Jeff
[Full-disclosure] European Security Services GPS v1.0 - Multiple Vulnerabilities
Title: == European Security Services GPS 1.x - Multiple Vulnerabilities Date: = 2011-09-28 VL-ID: = 63 Reference: == http://www.vulnerability-lab.com/get_content.php?id=63 Introduction: = Für eine geringe Ortungsgebühr erhalten Sie einen Zugang zu unserem Online Control Center. Nach erfolgreichem Login stehen Ihnen Nachfolgende einstellungsmöglichkeiten und Daten zur Verfügung. Dieses ermöglicht Ihnen z.B.: - Punkt genaue Fahrstrecken Analyse - Geschwindigkeitsangabe - Tagesbericht - Monatsbericht - Geo-Fenster - Real-Time Verfolgung - Datensicherung 24 Monate - 2D/3D Ansicht - Ortung bis auf Hausnummer Ebene - Adress Angabe - Daten-Download (CSV) - Adress-Suche Dank der modernsten Technik sind wir heute im Stande mit diesen Gegebenheiten auch für mehr Sicherheit zu sorgen. Mit unserer Technik haben Sie die Möglichkeit z.B. Personen, Tiere, Fahrzeuge, Container, Waren, Schiffe usw. Weltweit bis auf 2 Meter genau zu orten. Zusätzlich stehen Ihnen noch zahllose weitere Möglichkeiten zur Verfügung. Sie können Beispielsweise Online in unserem H.E.S.S. Control Center beobachten wie in Real time Ihr Kind morgens zur Schule geht oder Ihre Ware in Japan vom Schiff geladen wird. Dem Einsatzspektrum sind keine Grenzen gesetzt. Einsatzbeispiele: Für Privatkunden Kinderortung - z.B. auf dem Nachhauseweg Abends vom Training im Verein Senioren - z.B. für senile Ältere Personen die sich schnell Verlaufen Sportler - z.B. für Bergwanderer, Skifahrer oder Extremsportler die schnell in Gefahr kommen Kfz Ortung / Diebstahlschutz - z.B. zur Kfz widerbeschaffung nach einem Diebstahl Tiere - z.B. für Weidetiere oder Pferde Für Gewerbliche Kunden Kfz Ortung / Diebstahlschutz - z.B. zur Fahrer- / Routenkontrolle Ihrer Fahrzeuge Baumaschinen - z.B. zur Absicherung Ihrer Baumaschinen auf Baustellen Sicherheitsunternehmen - z.B. zur Observation / Detektivarbeiten Speditionen - z.B. zur Überwachung der Lieferungen bzw. Transport Überwachung Alten- und Krankenpflege - z.B. zur Überwachung Ältere Personen die sich schnell Verlaufen Leasinggesellschaften - z.B. zur Kontrolle und Überwachung Ihrer Leasing Produkte Taxiunternehmen - z.B. zur Koordinierung in der Taxizentrale / zur Sicherung der Fahrer Fahrschulen - z.B. zur Fahrtroutenanalyse und zu Trainingszwecken Behörden - z.B. zur Überwachung von Personen und Fahrzeugen (Copy of the Vendor Homepage: http://www.hess-security.de/das_control_center.html) Abstract: = The Vulnerability-Lab Team discovered multiple Web Vulnerabilities on the gps tracking system of (EES) European Security Services. Report-Timeline: 2011-03-02:Vendor Notification 2011-04-08:Vendor Response/Feedback 2011-**-**:Vendor Fix/Patch 2011-09-28:Public or Non-Public Disclosure Status: Published Affected Products: == European Security Services GPS v1.0 Exploitation-Technique: === Remote Severity: = Critical Details: 1.1 An Integer Overflow vulnerability is detected on the gps tracking system of (EES) European Security Services. The calender application module allows an attacker to crash the applikation service via integer overflow bug. Vulnerable Module(s): [+] Calender --- Exception Logs --- System.Overflow: Arithmetic operation resulted in an overflow. at Microsoft.VisualBasic.CompilerServices.IntegerType.FromString(String Value) at findMe.showData.Page_Load(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 1.2 Multiple persistent input validation vulnerabilities are detected on the gps tracking system of (EES) European Security Services. The vulnerability allows an local low privileged user account to inject/implement malicious persistent script codes on application side. Successful exploitation of the vulnerability can result in session hijacking or content request manipulation. Vulnerable Module(s): (Persistent) [+] Userdata Form allows [+] Group Administration Track ID [+] User Password CSRF + Reset 1.2.1 Another vulnerability is located on the session handling of the gps tracking system of (EES) European Security Services. The passwords got transfered in plain via session cookie. Successful exploitation can result in session hijacking without high required user inter action. Vulnerable Module(s): [+] Session Handling 1.3 Attacker can bypass the auth of the login form. The vulnerability allows remote attackers to access the admin control panel without authorization. Vulnerable Module(s): [+] Login Proof of Concept: = 1.1 Reference(s): File(s): showdata.aspx
Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member
Its all good dude. What really concerns me is that vpn providers might give over logs to oppressive regemes. TOR is starting to look better and better. On Sep 27, 2011 11:40 PM, GloW - XD doo...@gmail.com wrote: never did... was only for one buttcheek kid that i was alittle pissed and thinking things wich, prolly were wrong at the time... I am adult enough to apologise for what happened back then, and hopefully it is just, cool. :) cheers, your loved by many, you just have many trollers to :sp take care , xd On 28 September 2011 14:32, Laurelai Storm laure...@oneechan.org wrote: Im suprised, someone on the internet who *doesn't * hate me :p On Sep 27, 2011 11:29 PM, GloW - XD doo...@gmail.com wrote: Hello Laurelai , Oh i agree it is still a terrible precedent to be set.. I dont even know where, legally, i stand anymore... It is rather disturbing, nomatter WHO it was laurela. I am all for the hatred against the VPN provs, and this is not just happening here, and i made a BIG statement about this, and privacy, in my channel on efnet, first as i saw it. Then saw a torrentfreak feed,of someone who was an owner of a huge torrent site, was handed to authorities, not by the hoster, no... but by the frigging payment handler, ie paypal or alertpay most likely. This is not good, it makes a grey could now over what is 'anon' and what isnt. and thats a bad thing for us all. To much fraud is causing this, thats plain and simple.Abusing places like Sony, and, major banks, only make the authorities turn to politics, whom in turn can bully with federal and state laws of ANY country, i think this is the dangerous part wich is affecting lulzsec members or whoever was apart of it, and, i mean efnet is no recruiting grounds for decent hkrs. Simple as that, you know it, maybe thru word of mouth ok, but not alone by being in channels but that network, is one federal hideout now..and, that is every channel, if it is not being spied (yea they have a module m_spychannel.c or similar, wich, they actually had without realising, asked a friend, to code for them. This was rejected by me/her,but i believe they have the module running now. So, what was to stop them adding theyre own hidden spy mode to it :s look at what they did to my old channel #haqnet, they introduced drinemon and a bunch of other things, when it could have been simply worked out with words.. but anyhow, i will not brood on the past, i hope this is mutual Laurelai, I have nothing bad to say about you, and in turn, expect the same. Respect for respect dear. I do agree with you about the situation and, as you can see, am not holding 9undisclosed) crappy things wich happened along time ago, over one idiotic kid, on efnet, whom now i know you do not associate with. So, i want that, to be laid rest now.. please. And, we can only hope that the greater common sense will prevail and hopefully, places will be forced to proove anonymity in some way, wether that be by showing people email interaction with requester's of peoples info, or anything simple even, wich would be then a standard for VPN, I do not use them but, if i bought anonymous vpn, id expect exactly that,without political interaction and grey areas about who and what is now legal and not legal on the internet, on chatrooms, and on even websites. ok, thats plenty, cheers! xd On 28 September 2011 13:41, Laurelai laure...@oneechan.org wrote: On 9/27/2011 10:10 PM, sandeep k wrote: Lolz members was really insane ,i m not why to use that crapy hma. On Sep 27, 2011 8:36 PM, Ferenc Kovacs tyr...@gmail.com wrote: yeah, and usually the same goes for calling others kids ;) On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD doo...@gmail.com wrote: #pure-elite , rofl... yes indeed :P hehe... nice story tho...funny about the elite channel thing... why do ppl tag themselves as elite? usually when they are not... ohwell, thats efnut :s (irc sucks) xd On 27 September 2011 19:03, Darren Martyn d.martyn.fulldisclos...@gmail.com wrote: Hope this sends correctly, new email client and all... But seeing as it is an international investigation many people have been bending over backwards to assist LEO on this. HMA and perfect privacy were the VPN's of choice for them it would appear, oh, and he was part of the #pure-elite channel on that IRC server, and hence, considered by LEO and others as Part of LulzSec. TL;DR, this is nothing new. On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm laure...@oneechan.org wrote: And the guy wasnt even a part of lulzsec On Sep 26, 2011 10:37 PM, Jeffrey Walton noloa...@gmail.com wrote: On Mon, Sep 26, 2011 at 8:47 PM, Ivan . ivan...@gmail.com wrote: http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
[Full-disclosure] Barracuda Backup v2.0 - Multiple Web Vulnerabilities
Title: == Barracuda Backup v2.0 - Multiple Web Vulnerabilities Date: = 2011-09-28 References: === Barracuda Backup Application v2.0 VL-ID: = 31 Introduction: = Barracuda Networks - Worldwide leader in email and Web security. Barracuda Backup Service is a complete and affordable data backup solution. The Barracuda Backup Server provides a full local data backup and is combined with a storage subscription to replicate data to two offsite locations. This approach provides the best of both worlds - onsite backups for fast restore times and secure, offsite storage for disaster recovery. Block level deduplication is applied inline to reduce traditional backup storage requirements by 20 to 50 times while also reducing backup windows and bandwidth requirements. Cloud Storage with Deduplication Barracuda Backup Subscription plans provide diverse offsite storage at affordable monthly fees that scale to meet increasing data requirements. * Secure backup to two geo-separate data centers * Deduplicated efficient backup storage * Redundant disk-based storage * Best-of-breed data retention policies * Web interface multi-location management * Restore by Web, FTP and Windows software (Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products/backup_overview.php) Abstract: = Vulnerability-lab Team discovered multiple Input Validation Vulnerabilities on Barracuda Backup Service v2.0. Report-Timeline: 2011-05-03: Vendor Notification 2011-06-07: Vendor Response/Feedback 2011-08-28: Vendor Fix/Patch 2011-09-28: Public or Non-Public Disclosure Status: Published Affected Products: == Barracuda Networks Product: Backup Application v2.0 Exploitation-Technique: === Remote Severity: = Medium Details: 1.1 Multiple persistent Input Validation vulnerabilities are detected on Barracudas Backup v2.x. Local low privileged user account remote attackers (with user inter action)can implement/inject malicious persistent script code (Java/HTML). When exploited by an authenticated user, the identified vulnerabilities can lead to information disclosure, access to intranet available servers, manipulated persistent content. Vulnerable Module(s): [+] E-Mail Message Browser - Filter [+] Expressions [+] Exclsuion Rules Pictures: ../ive1.png ../ive2.png ../ive3.png ../ive4.png 1.2 A Header manipulation vulnerability is detected on Barracudas Backup v2.0 application. The Vulnerability can be used by attackers to manipulate the running session cookies by including cross-site requests. Proof of Concept: = The vulnerabilities can be exploited by local low privileged user accounts or remote attackers with high required user inter action. For demonstration or reproduce ... 1.1 Manually reproduce ... 1. Login 2. Switch to the vulnerable module of the barracuda backup application 3. Include your own script code on the vulnerable input section. Save! 4. Enjoy the persistent output results 1.2 GET https://backup.barracuda.com:443/bbs_1133/status HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: backup.barracuda.com Cookie: BACKUPSESSID=29fefd04a0caebd28dc09c35dbc5ca22;backup_ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22d30734090eaf5f 9b34aa34593587c361%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22112.121.165.99%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4. 0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.0%3B%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1260251514%3B%7D28316719bb797611e774a93af543e3fe; bbs_list_width=1px%3B%7D%2F%2Astealth%2A%2Fbody%20%7B%20background-image%3Aurl%28%27javascript%3Aalert%28%2Fstealth%20found%20you%2F%29%3B %27%29%7D%2Esource_list%7Bwidth%3A1 Connection: Close Pragma: no-cache Risk: = The security risk of the discovered persistent vulnerabilities are estimated as medium(+). The security risk of the client-side header vulnerability is estimated as low. Credits: Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers
