[Full-disclosure] Barracuda Backup v2.0 - Multiple Web Vulnerabilities

2011-09-27 Thread resea...@vulnerability-lab.com
Title:
==
Barracuda Backup v2.0 - Multiple Web Vulnerabilities


Date:
=
2011-09-28


References:
===
Barracuda Backup Application v2.0


VL-ID:
=
31


Introduction:
=
Barracuda Networks - Worldwide leader in email and Web security.
Barracuda Backup Service is a complete and affordable data backup solution. The 
Barracuda Backup 
Server provides a full local data backup and is combined with a storage 
subscription to replicate 
data to two offsite locations. This approach provides the best of both worlds - 
onsite backups for 
fast restore times and secure, offsite storage for disaster recovery. Block 
level deduplication is 
applied inline to reduce traditional backup storage requirements by 20 to 50 
times while also 
reducing backup windows and bandwidth requirements. Cloud Storage with 
Deduplication

Barracuda Backup Subscription plans provide diverse offsite storage at 
affordable monthly fees that 
scale to meet increasing data requirements.

* Secure backup to two geo-separate data centers
* Deduplicated efficient backup storage
* Redundant disk-based storage
* Best-of-breed data retention policies
* Web interface multi-location management
* Restore by Web, FTP and Windows software


(Copy of the Vendor Homepage: 
http://www.barracudanetworks.com/ns/products/backup_overview.php)


Abstract:
=
Vulnerability-lab Team discovered multiple Input Validation Vulnerabilities on 
Barracuda Backup Service v2.0.


Report-Timeline:

2011-05-03: Vendor Notification
2011-06-07: Vendor Response/Feedback
2011-08-28: Vendor Fix/Patch
2011-09-28: Public or Non-Public Disclosure


Status:

Published


Affected Products:
==
Barracuda Networks
Product: Backup Application v2.0


Exploitation-Technique:
===
Remote


Severity:
=
Medium


Details:

1.1
Multiple persistent Input Validation vulnerabilities are detected on Barracudas 
Backup v2.x. Local low privileged user account 
& remote attackers (with user inter action)can implement/inject malicious 
persistent script code (Java/HTML). When exploited by 
an authenticated user, the identified vulnerabilities can lead to information 
disclosure, access to intranet available servers, 
manipulated persistent content.

Vulnerable Module(s):   
[+] E-Mail Message Browser - Filter
[+] Expressions
[+] Exclsuion Rules


Pictures:
../ive1.png
../ive2.png
../ive3.png
../ive4.png


1.2
A Header manipulation vulnerability is detected on  Barracudas Backup v2.0 
application.
The Vulnerability can be used by attackers to manipulate the running session 
cookies by including cross-site requests.


Proof of Concept:
=
The vulnerabilities can be exploited by local low privileged user accounts or 
remote attackers with high required user inter action. 
For demonstration or reproduce ...

1.1
Manually reproduce ...
1. Login
2. Switch to the vulnerable module of the barracuda backup application
3. Include your own script code on the vulnerable input section. Save! 
4. Enjoy the persistent output results


1.2
GET https://backup.barracuda.com:443/bbs_1133/status HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 
1.1.4322)
Host: backup.barracuda.com
Cookie: 
BACKUPSESSID=29fefd04a0caebd28dc09c35dbc5ca22;backup_ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22d30734090eaf5f
9b34aa34593587c361%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22112.121.165.99%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.
0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.0%3B%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1260251514%3B%7D28316719bb797611e774a93af543e3fe;
bbs_list_width=1px%3B%7D%2F%2Astealth%2A%2Fbody%20%7B%20background-image%3Aurl%28%27javascript%3Aalert%28%2Fstealth%20found%20you%2F%29%3B
%27%29%7D%2Esource_list%7Bwidth%3A1
Connection: Close
Pragma: no-cache


Risk:
=
The security risk of the discovered persistent vulnerabilities are estimated as 
medium(+).
The security risk of the client-side header vulnerability is estimated as low.


Credits:

Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)


Disclaimer:
===
The information provided in this advisory is provided as it is without any 
warranty. Vulnerability-Lab disclaims all warranties, 
either expressed or implied, including the warranties of merchantability and 
capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, 
indirect, incidental, consequential loss of business 
profits or special damages, even if Vulnerability-Lab or its suppliers h

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread Laurelai Storm
Its all good dude. What really concerns me is that vpn providers might give
over logs to oppressive regemes. TOR is starting to look better and better.
On Sep 27, 2011 11:40 PM, "GloW - XD"  wrote:
> never did... was only for one buttcheek kid that i was alittle pissed and
> thinking things wich, prolly were wrong at the time...
> I am adult enough to apologise for what happened back then, and hopefully
it
> is just, cool.
> :)
> cheers, your loved by many, you just have many trollers to :sp
> take care ,
> xd
>
>
> On 28 September 2011 14:32, Laurelai Storm  wrote:
>
>> Im suprised, someone on the internet who *doesn't * hate me :p
>> On Sep 27, 2011 11:29 PM, "GloW - XD"  wrote:
>> > Hello Laurelai ,
>> > Oh i agree it is still a terrible precedent to be set.. I dont even
know
>> > where, legally, i stand anymore...
>> > It is rather disturbing, nomatter WHO it was laurela.
>> > I am all for the hatred against the VPN provs, and this is not just
>> > happening here, and i made a BIG statement about this, and privacy, in
my
>> > channel on efnet, first as i saw it.
>> >
>> > Then saw a torrentfreak feed,of someone who was an owner of a huge
>> torrent
>> > site, was handed to authorities, not by the hoster, no... but by the
>> > frigging payment handler, ie paypal or alertpay most likely.
>> >
>> > This is not good, it makes a grey could now over what is 'anon' and
what
>> > isnt. and thats a bad thing for us all.
>> > To much fraud is causing this, thats plain and simple.Abusing places
like
>> > Sony, and, major banks, only make the authorities turn to politics,
whom
>> in
>> > turn can bully with federal and state laws of ANY country, i think this
>> is
>> > the dangerous part wich is affecting lulzsec members or whoever was
apart
>> of
>> > it, and, i mean efnet is no recruiting grounds for decent hkrs.
>> > Simple as that, you know it, maybe thru word of mouth ok, but not alone
>> by
>> > being in channels but that network, is one federal hideout now..and,
that
>> is
>> > every channel, if it is not being spied (yea they have a module
>> > m_spychannel.c or similar, wich, they actually had without realising,
>> asked
>> > a friend, to code for them.
>> > This was rejected by me/her,but i believe they have the module running
>> now.
>> > So, what was to stop them adding theyre own hidden spy mode to it :s
look
>> at
>> > what they did to my old channel #haqnet, they introduced drinemon and a
>> > bunch of other things, when it could have been simply worked out with
>> > words.. but anyhow, i will not brood on the past, i hope this is mutual
>> > Laurelai, I have nothing bad to say about you, and in turn, expect the
>> same.
>> > Respect for respect dear.
>> > I do agree with you about the situation and, as you can see, am not
>> holding
>> > 9undisclosed) crappy things wich happened along time ago, over one
>> idiotic
>> > kid, on efnet, whom now i know you do not associate with. So, i want
>> that,
>> > to be laid rest now.. please.
>> > And, we can only hope that the greater common sense will prevail and
>> > hopefully, places will be forced to proove anonymity in some way,
wether
>> > that be by showing people email interaction with requester's of peoples
>> > info, or anything simple even, wich would be then a standard for VPN, I
>> do
>> > not use them but, if i bought anonymous vpn, id expect exactly
>> that,without
>> > political interaction and grey areas about who and what is now legal
and
>> not
>> > legal on the internet, on chatrooms, and on even websites.
>> > ok, thats plenty, cheers!
>> > xd
>> >
>> >
>> > On 28 September 2011 13:41, Laurelai  wrote:
>> >
>> >> On 9/27/2011 10:10 PM, sandeep k wrote:
>> >>
>> >> Lolz members was really insane ,i m not why to use that crapy hma.
>> >> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs"  wrote:
>> >> > yeah, and usually the same goes for calling others "kids" ;)
>> >> >
>> >> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD 
wrote:
>> >> >> #pure-elite , rofl... yes indeed :P
>> >> >> hehe... nice story tho...funny about the elite channel thing... why
>> do
>> >> ppl
>> >> >> tag themselves as elite? usually when they are not...
>> >> >> ohwell, thats efnut :s (irc sucks)
>> >> >> xd
>> >> >>
>> >> >>
>> >> >> On 27 September 2011 19:03, Darren Martyn
>> >> >>  wrote:
>> >> >>>
>> >> >>> Hope this sends correctly, new email client and all... But seeing
as
>> it
>> >> is
>> >> >>> an international investigation many people have been bending over
>> >> backwards
>> >> >>> to assist LEO on this. HMA and perfect privacy were the VPN's of
>> choice
>> >> for
>> >> >>> them it would appear, oh, and he was part of the #pure-elite
channel
>> on
>> >> that
>> >> >>> IRC server, and hence, considered by LEO and others as "Part of
>> >> LulzSec".
>> >> >>>
>> >> >>> TL;DR, this is nothing new.
>> >> >>>
>> >> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
>> laure...@oneechan.org
>> >> >
>> >> >>> wrote:
>> >> 
>> >>  And the guy wasnt even a part o

[Full-disclosure] European Security Services GPS v1.0 - Multiple Vulnerabilities

2011-09-27 Thread resea...@vulnerability-lab.com
Title:
==
European Security Services GPS 1.x - Multiple Vulnerabilities


Date:
=
2011-09-28



VL-ID:
=
63


Reference:
==
http://www.vulnerability-lab.com/get_content.php?id=63


Introduction:
=
Für eine geringe Ortungsgebühr erhalten Sie einen Zugang zu unserem
Online Control Center. Nach erfolgreichem Login
stehen Ihnen Nachfolgende einstellungsmöglichkeiten und Daten zur
Verfügung. Dieses ermöglicht Ihnen z.B.:

- Punkt genaue Fahrstrecken Analyse
- Geschwindigkeitsangabe
- Tagesbericht
- Monatsbericht
- Geo-Fenster
- Real-Time Verfolgung
- Datensicherung 24 Monate
- 2D/3D Ansicht
- Ortung bis auf Hausnummer Ebene
- Adress Angabe
- Daten-Download (CSV)
- Adress-Suche

Dank der modernsten Technik sind wir heute im Stande mit diesen
Gegebenheiten auch für mehr Sicherheit zu sorgen.
Mit unserer Technik haben Sie die Möglichkeit z.B. Personen, Tiere,
Fahrzeuge, Container, Waren, Schiffe usw.
Weltweit bis auf 2 Meter genau zu orten. Zusätzlich stehen Ihnen noch
zahllose weitere Möglichkeiten zur Verfügung.
Sie können Beispielsweise Online in unserem H.E.S.S. Control Center
beobachten wie in Real time Ihr Kind morgens
zur Schule geht oder Ihre Ware in Japan vom Schiff geladen wird. Dem
Einsatzspektrum sind keine Grenzen gesetzt.
Einsatzbeispiele:


Für Privatkunden
Kinderortung - z.B. auf dem Nachhauseweg Abends vom Training im Verein
Senioren - z.B. für senile Ältere Personen die sich schnell Verlaufen
Sportler - z.B. für Bergwanderer, Skifahrer oder Extremsportler die
schnell in Gefahr kommen
Kfz Ortung / Diebstahlschutz - z.B. zur Kfz widerbeschaffung nach
einem Diebstahl
Tiere - z.B. für Weidetiere oder Pferde

Für Gewerbliche Kunden
Kfz Ortung / Diebstahlschutz - z.B. zur Fahrer- / Routenkontrolle
Ihrer Fahrzeuge
Baumaschinen - z.B. zur Absicherung Ihrer Baumaschinen auf Baustellen
Sicherheitsunternehmen - z.B. zur Observation / Detektivarbeiten
Speditionen - z.B. zur Überwachung der Lieferungen bzw. Transport
Überwachung
Alten- und Krankenpflege - z.B. zur Überwachung Ältere Personen die
sich schnell Verlaufen
Leasinggesellschaften - z.B. zur Kontrolle und Überwachung Ihrer
Leasing Produkte
Taxiunternehmen - z.B. zur Koordinierung in der Taxizentrale / zur
Sicherung der Fahrer
Fahrschulen - z.B. zur Fahrtroutenanalyse und zu Trainingszwecken
Behörden - z.B. zur Überwachung von Personen und Fahrzeugen

(Copy of the Vendor Homepage:
http://www.hess-security.de/das_control_center.html)


Abstract:
=
The Vulnerability-Lab Team discovered multiple Web Vulnerabilities on
the gps tracking system of (EES) European Security Services.


Report-Timeline:

2011-03-02:Vendor Notification
2011-04-08:Vendor Response/Feedback
2011-**-**:Vendor Fix/Patch
2011-09-28:Public or Non-Public Disclosure


Status:

Published


Affected Products:
==
European Security Services GPS v1.0


Exploitation-Technique:
===
Remote


Severity:
=
Critical


Details:

1.1
An Integer Overflow vulnerability is detected on the gps tracking system
of (EES) European Security Services.
The calender application module allows an attacker to crash the
applikation service via integer overflow bug.

Vulnerable Module(s):
[+] Calender

--- Exception Logs ---
System.Overflow:
Arithmetic operation resulted in an overflow.
at Microsoft.VisualBasic.CompilerServices.IntegerType.FromString(String
Value)
at findMe.showData.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)




1.2
Multiple persistent input validation vulnerabilities are detected on the
gps tracking system of (EES) European Security Services.
The vulnerability allows an local low privileged user account to
inject/implement malicious persistent script codes on application

side.
Successful exploitation of the vulnerability can result in session
hijacking or content request manipulation.

Vulnerable Module(s): (Persistent)
[+] Userdata Form allows
[+] Group Administration & Track ID
[+] User Password CSRF + Reset


1.2.1
Another vulnerability is located on the session handling of the gps
tracking system of (EES) European Security Services.
The passwords got transfered in plain via session cookie. Successful
exploitation can result in session hijacking without high
required user inter action.

Vulnerable Module(s):
[+] Session Handling


1.3
Attacker can bypass the auth of the login form. The vulnerability allows
remote attackers to access the
admin control panel without authorization.

Vulnerable Module(s):
[+] Login


Proof of Concept:
=
1.1

Reference(s):

File(s):   showdata.aspx
Param(

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread GloW - XD
never did... was only for one buttcheek kid that i was alittle pissed and
thinking things wich, prolly were wrong at the time...
I am adult enough to apologise for what happened back then, and hopefully it
is just, cool.
:)
cheers, your loved by many, you just have many trollers to :sp
take care ,
xd


On 28 September 2011 14:32, Laurelai Storm  wrote:

> Im suprised, someone on the internet who *doesn't * hate me :p
> On Sep 27, 2011 11:29 PM, "GloW - XD"  wrote:
> > Hello Laurelai ,
> > Oh i agree it is still a terrible precedent to be set.. I dont even know
> > where, legally, i stand anymore...
> > It is rather disturbing, nomatter WHO it was laurela.
> > I am all for the hatred against the VPN provs, and this is not just
> > happening here, and i made a BIG statement about this, and privacy, in my
> > channel on efnet, first as i saw it.
> >
> > Then saw a torrentfreak feed,of someone who was an owner of a huge
> torrent
> > site, was handed to authorities, not by the hoster, no... but by the
> > frigging payment handler, ie paypal or alertpay most likely.
> >
> > This is not good, it makes a grey could now over what is 'anon' and what
> > isnt. and thats a bad thing for us all.
> > To much fraud is causing this, thats plain and simple.Abusing places like
> > Sony, and, major banks, only make the authorities turn to politics, whom
> in
> > turn can bully with federal and state laws of ANY country, i think this
> is
> > the dangerous part wich is affecting lulzsec members or whoever was apart
> of
> > it, and, i mean efnet is no recruiting grounds for decent hkrs.
> > Simple as that, you know it, maybe thru word of mouth ok, but not alone
> by
> > being in channels but that network, is one federal hideout now..and, that
> is
> > every channel, if it is not being spied (yea they have a module
> > m_spychannel.c or similar, wich, they actually had without realising,
> asked
> > a friend, to code for them.
> > This was rejected by me/her,but i believe they have the module running
> now.
> > So, what was to stop them adding theyre own hidden spy mode to it :s look
> at
> > what they did to my old channel #haqnet, they introduced drinemon and a
> > bunch of other things, when it could have been simply worked out with
> > words.. but anyhow, i will not brood on the past, i hope this is mutual
> > Laurelai, I have nothing bad to say about you, and in turn, expect the
> same.
> > Respect for respect dear.
> > I do agree with you about the situation and, as you can see, am not
> holding
> > 9undisclosed) crappy things wich happened along time ago, over one
> idiotic
> > kid, on efnet, whom now i know you do not associate with. So, i want
> that,
> > to be laid rest now.. please.
> > And, we can only hope that the greater common sense will prevail and
> > hopefully, places will be forced to proove anonymity in some way, wether
> > that be by showing people email interaction with requester's of peoples
> > info, or anything simple even, wich would be then a standard for VPN, I
> do
> > not use them but, if i bought anonymous vpn, id expect exactly
> that,without
> > political interaction and grey areas about who and what is now legal and
> not
> > legal on the internet, on chatrooms, and on even websites.
> > ok, thats plenty, cheers!
> > xd
> >
> >
> > On 28 September 2011 13:41, Laurelai  wrote:
> >
> >> On 9/27/2011 10:10 PM, sandeep k wrote:
> >>
> >> Lolz members was really insane ,i m not why to use that crapy hma.
> >> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs"  wrote:
> >> > yeah, and usually the same goes for calling others "kids" ;)
> >> >
> >> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD  wrote:
> >> >> #pure-elite , rofl... yes indeed :P
> >> >> hehe... nice story tho...funny about the elite channel thing... why
> do
> >> ppl
> >> >> tag themselves as elite? usually when they are not...
> >> >> ohwell, thats efnut :s (irc sucks)
> >> >> xd
> >> >>
> >> >>
> >> >> On 27 September 2011 19:03, Darren Martyn
> >> >>  wrote:
> >> >>>
> >> >>> Hope this sends correctly, new email client and all... But seeing as
> it
> >> is
> >> >>> an international investigation many people have been bending over
> >> backwards
> >> >>> to assist LEO on this. HMA and perfect privacy were the VPN's of
> choice
> >> for
> >> >>> them it would appear, oh, and he was part of the #pure-elite channel
> on
> >> that
> >> >>> IRC server, and hence, considered by LEO and others as "Part of
> >> LulzSec".
> >> >>>
> >> >>> TL;DR, this is nothing new.
> >> >>>
> >> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
> laure...@oneechan.org
> >> >
> >> >>> wrote:
> >> 
> >>  And the guy wasnt even a part of lulzsec
> >> 
> >>  On Sep 26, 2011 10:37 PM, "Jeffrey Walton" 
> >> wrote:
> >>  > On Mon, Sep 26, 2011 at 8:47 PM, Ivan . 
> wrote:
> >>  >>
> >>  >>
> >>
> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
> >>  > Though HMA claims they 

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread Laurelai Storm
Im suprised, someone on the internet who *doesn't * hate me :p
On Sep 27, 2011 11:29 PM, "GloW - XD"  wrote:
> Hello Laurelai ,
> Oh i agree it is still a terrible precedent to be set.. I dont even know
> where, legally, i stand anymore...
> It is rather disturbing, nomatter WHO it was laurela.
> I am all for the hatred against the VPN provs, and this is not just
> happening here, and i made a BIG statement about this, and privacy, in my
> channel on efnet, first as i saw it.
>
> Then saw a torrentfreak feed,of someone who was an owner of a huge torrent
> site, was handed to authorities, not by the hoster, no... but by the
> frigging payment handler, ie paypal or alertpay most likely.
>
> This is not good, it makes a grey could now over what is 'anon' and what
> isnt. and thats a bad thing for us all.
> To much fraud is causing this, thats plain and simple.Abusing places like
> Sony, and, major banks, only make the authorities turn to politics, whom
in
> turn can bully with federal and state laws of ANY country, i think this is
> the dangerous part wich is affecting lulzsec members or whoever was apart
of
> it, and, i mean efnet is no recruiting grounds for decent hkrs.
> Simple as that, you know it, maybe thru word of mouth ok, but not alone by
> being in channels but that network, is one federal hideout now..and, that
is
> every channel, if it is not being spied (yea they have a module
> m_spychannel.c or similar, wich, they actually had without realising,
asked
> a friend, to code for them.
> This was rejected by me/her,but i believe they have the module running
now.
> So, what was to stop them adding theyre own hidden spy mode to it :s look
at
> what they did to my old channel #haqnet, they introduced drinemon and a
> bunch of other things, when it could have been simply worked out with
> words.. but anyhow, i will not brood on the past, i hope this is mutual
> Laurelai, I have nothing bad to say about you, and in turn, expect the
same.
> Respect for respect dear.
> I do agree with you about the situation and, as you can see, am not
holding
> 9undisclosed) crappy things wich happened along time ago, over one idiotic
> kid, on efnet, whom now i know you do not associate with. So, i want that,
> to be laid rest now.. please.
> And, we can only hope that the greater common sense will prevail and
> hopefully, places will be forced to proove anonymity in some way, wether
> that be by showing people email interaction with requester's of peoples
> info, or anything simple even, wich would be then a standard for VPN, I do
> not use them but, if i bought anonymous vpn, id expect exactly
that,without
> political interaction and grey areas about who and what is now legal and
not
> legal on the internet, on chatrooms, and on even websites.
> ok, thats plenty, cheers!
> xd
>
>
> On 28 September 2011 13:41, Laurelai  wrote:
>
>> On 9/27/2011 10:10 PM, sandeep k wrote:
>>
>> Lolz members was really insane ,i m not why to use that crapy hma.
>> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs"  wrote:
>> > yeah, and usually the same goes for calling others "kids" ;)
>> >
>> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD  wrote:
>> >> #pure-elite , rofl... yes indeed :P
>> >> hehe... nice story tho...funny about the elite channel thing... why do
>> ppl
>> >> tag themselves as elite? usually when they are not...
>> >> ohwell, thats efnut :s (irc sucks)
>> >> xd
>> >>
>> >>
>> >> On 27 September 2011 19:03, Darren Martyn
>> >>  wrote:
>> >>>
>> >>> Hope this sends correctly, new email client and all... But seeing as
it
>> is
>> >>> an international investigation many people have been bending over
>> backwards
>> >>> to assist LEO on this. HMA and perfect privacy were the VPN's of
choice
>> for
>> >>> them it would appear, oh, and he was part of the #pure-elite channel
on
>> that
>> >>> IRC server, and hence, considered by LEO and others as "Part of
>> LulzSec".
>> >>>
>> >>> TL;DR, this is nothing new.
>> >>>
>> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm <
laure...@oneechan.org
>> >
>> >>> wrote:
>> 
>>  And the guy wasnt even a part of lulzsec
>> 
>>  On Sep 26, 2011 10:37 PM, "Jeffrey Walton" 
>> wrote:
>>  > On Mon, Sep 26, 2011 at 8:47 PM, Ivan .  wrote:
>>  >>
>>  >>
>>
http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>>  > Though HMA claims they complied with a court order, it looks as if
>>  > they facilitated a law enforcement request. The US and the FBI
have
>> no
>>  > jurisdiction in the UK.
>>  >
>>  > Jeff
>>  >
>>  > ___
>>  > Full-Disclosure - We believe in it.
>>  > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>  > Hosted and sponsored by Secunia - http://secunia.com/
>> 
>>  ___
>>  Full-Disclosure - We believe in it.
>>  Charter: http://lists.grok.org.uk/fu

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread GloW - XD
Hello Laurelai ,
Oh i agree it is still a terrible precedent to be set.. I dont even know
where, legally, i stand anymore...
It is rather disturbing, nomatter WHO it was laurela.
I am all for the hatred against the VPN provs, and this is not just
happening here, and i made a BIG statement about this, and privacy, in my
channel on efnet, first as i saw it.

Then saw a torrentfreak feed,of someone who was an owner of a huge torrent
site, was handed to authorities, not by the hoster, no... but by the
frigging payment handler, ie paypal or alertpay most likely.

This is not good, it makes a grey could now over what is 'anon' and what
isnt. and thats a bad thing for us all.
To much fraud is causing this, thats plain and simple.Abusing places like
Sony, and, major banks, only make the authorities turn to politics, whom in
turn can bully with federal and state laws of ANY country, i think this is
the dangerous part wich is affecting lulzsec members or whoever was apart of
it, and, i mean efnet is no recruiting grounds for decent hkrs.
Simple as that, you know it, maybe thru word of mouth ok, but not alone by
being in channels but that network, is one federal hideout now..and, that is
every channel, if it is not being spied (yea they have  a module
m_spychannel.c or similar, wich, they actually had without realising, asked
a friend, to code for them.
This was rejected by me/her,but i believe they have the module running now.
So, what was to stop them adding theyre own hidden spy mode to it :s look at
what they did to my old channel #haqnet, they introduced drinemon and a
bunch of other things, when it could have been simply worked out with
words.. but anyhow, i will not brood on the past, i hope this is mutual
Laurelai, I have nothing bad to say about you, and in turn, expect the same.
Respect for respect dear.
I do agree with you about the situation and, as you can see, am not holding
9undisclosed) crappy things wich happened along time ago, over one idiotic
kid, on efnet, whom now i know you do not associate with. So, i want that,
to be laid rest now.. please.
And, we can only hope that the greater common sense will prevail and
hopefully, places will be forced to proove anonymity in some way, wether
that be by showing people email interaction with requester's of peoples
info, or anything simple even, wich would be then a standard for VPN, I do
not use them but, if i bought anonymous vpn, id expect exactly that,without
political interaction and grey areas about who and what is now legal and not
legal on the internet, on chatrooms, and on even websites.
ok, thats plenty, cheers!
xd


On 28 September 2011 13:41, Laurelai  wrote:

>  On 9/27/2011 10:10 PM, sandeep k wrote:
>
> Lolz members was really insane ,i m not why to use that crapy hma.
> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs"  wrote:
> > yeah, and usually the same goes for calling others "kids" ;)
> >
> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD  wrote:
> >> #pure-elite , rofl... yes indeed :P
> >> hehe... nice story tho...funny about the elite channel thing... why do
> ppl
> >> tag themselves as elite? usually when they are not...
> >> ohwell, thats efnut :s (irc sucks)
> >> xd
> >>
> >>
> >> On 27 September 2011 19:03, Darren Martyn
> >>  wrote:
> >>>
> >>> Hope this sends correctly, new email client and all... But seeing as it
> is
> >>> an international investigation many people have been bending over
> backwards
> >>> to assist LEO on this. HMA and perfect privacy were the VPN's of choice
> for
> >>> them it would appear, oh, and he was part of the #pure-elite channel on
> that
> >>> IRC server, and hence, considered by LEO and others as "Part of
> LulzSec".
> >>>
> >>> TL;DR, this is nothing new.
> >>>
> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm  >
> >>> wrote:
> 
>  And the guy wasnt even a part of lulzsec
> 
>  On Sep 26, 2011 10:37 PM, "Jeffrey Walton" 
> wrote:
>  > On Mon, Sep 26, 2011 at 8:47 PM, Ivan .  wrote:
>  >>
>  >>
> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>  > Though HMA claims they complied with a court order, it looks as if
>  > they facilitated a law enforcement request. The US and the FBI have
> no
>  > jurisdiction in the UK.
>  >
>  > Jeff
>  >
>  > ___
>  > Full-Disclosure - We believe in it.
>  > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  > Hosted and sponsored by Secunia - http://secunia.com/
> 
>  ___
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
> >>>
> >>>
> >>> ___
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread Laurelai
On 9/27/2011 10:10 PM, sandeep k wrote:
>
> Lolz members was really insane ,i m not why to use that crapy hma.
>
> On Sep 27, 2011 8:36 PM, "Ferenc Kovacs"  > wrote:
> > yeah, and usually the same goes for calling others "kids" ;)
> >
> > On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD  > wrote:
> >> #pure-elite , rofl... yes indeed :P
> >> hehe... nice story tho...funny about the elite channel thing... why
> do ppl
> >> tag themselves as elite? usually when they are not...
> >> ohwell, thats efnut :s (irc sucks)
> >> xd
> >>
> >>
> >> On 27 September 2011 19:03, Darren Martyn
> >>  > wrote:
> >>>
> >>> Hope this sends correctly, new email client and all... But seeing
> as it is
> >>> an international investigation many people have been bending over
> backwards
> >>> to assist LEO on this. HMA and perfect privacy were the VPN's of
> choice for
> >>> them it would appear, oh, and he was part of the #pure-elite
> channel on that
> >>> IRC server, and hence, considered by LEO and others as "Part of
> LulzSec".
> >>>
> >>> TL;DR, this is nothing new.
> >>>
> >>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm
> mailto:laure...@oneechan.org>>
> >>> wrote:
> 
>  And the guy wasnt even a part of lulzsec
> 
>  On Sep 26, 2011 10:37 PM, "Jeffrey Walton"  > wrote:
>  > On Mon, Sep 26, 2011 at 8:47 PM, Ivan .  > wrote:
>  >>
>  >>
> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>  > Though HMA claims they complied with a court order, it looks as if
>  > they facilitated a law enforcement request. The US and the FBI
> have no
>  > jurisdiction in the UK.
>  >
>  > Jeff
>  >
>  > ___
>  > Full-Disclosure - We believe in it.
>  > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  > Hosted and sponsored by Secunia - http://secunia.com/
> 
>  ___
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
> >>>
> >>>
> >>> ___
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> >
> > --
> > Ferenc Kovács
> > @Tyr43l - http://tyrael.hu
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>From my understanding they used the channel as a possible recruitment
ground, though only 6 people were officially a part of lulzsec , i find
it disturbing that law enforcement considers being in an irc channel
tantamount to being a part of lulzsec.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread sandeep k
Lolz members was really insane ,i m not why to use that crapy hma.
On Sep 27, 2011 8:36 PM, "Ferenc Kovacs"  wrote:
> yeah, and usually the same goes for calling others "kids" ;)
>
> On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD  wrote:
>> #pure-elite , rofl... yes indeed :P
>> hehe... nice story tho...funny about the elite channel thing... why do
ppl
>> tag themselves as elite? usually when they are not...
>> ohwell, thats efnut :s (irc sucks)
>> xd
>>
>>
>> On 27 September 2011 19:03, Darren Martyn
>>  wrote:
>>>
>>> Hope this sends correctly, new email client and all... But seeing as it
is
>>> an international investigation many people have been bending over
backwards
>>> to assist LEO on this. HMA and perfect privacy were the VPN's of choice
for
>>> them it would appear, oh, and he was part of the #pure-elite channel on
that
>>> IRC server, and hence, considered by LEO and others as "Part of
LulzSec".
>>>
>>> TL;DR, this is nothing new.
>>>
>>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm 
>>> wrote:

 And the guy wasnt even a part of lulzsec

 On Sep 26, 2011 10:37 PM, "Jeffrey Walton"  wrote:
 > On Mon, Sep 26, 2011 at 8:47 PM, Ivan .  wrote:
 >>
 >>
http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
 > Though HMA claims they complied with a court order, it looks as if
 > they facilitated a law enforcement request. The US and the FBI have
no
 > jurisdiction in the UK.
 >
 > Jeff
 >
 > ___
 > Full-Disclosure - We believe in it.
 > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 > Hosted and sponsored by Secunia - http://secunia.com/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> Ferenc Kovács
> @Tyr43l - http://tyrael.hu
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread Ferenc Kovacs
yeah, and usually the same goes for calling others "kids" ;)

On Tue, Sep 27, 2011 at 10:30 PM, GloW - XD  wrote:
> #pure-elite , rofl... yes indeed :P
> hehe... nice story tho...funny about the elite channel thing... why do ppl
> tag themselves as elite? usually when they are not...
> ohwell, thats efnut :s (irc sucks)
> xd
>
>
> On 27 September 2011 19:03, Darren Martyn
>  wrote:
>>
>> Hope this sends correctly, new email client and all... But seeing as it is
>> an international investigation many people have been bending over backwards
>> to assist LEO on this. HMA and perfect privacy were the VPN's of choice for
>> them it would appear, oh, and he was part of the #pure-elite channel on that
>> IRC server, and hence, considered by LEO and others as "Part of LulzSec".
>>
>> TL;DR, this is nothing new.
>>
>> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm 
>> wrote:
>>>
>>> And the guy wasnt even a part of lulzsec
>>>
>>> On Sep 26, 2011 10:37 PM, "Jeffrey Walton"  wrote:
>>> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan .  wrote:
>>> >>
>>> >> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>>> > Though HMA claims they complied with a court order, it looks as if
>>> > they facilitated a law enforcement request. The US and the FBI have no
>>> > jurisdiction in the UK.
>>> >
>>> > Jeff
>>> >
>>> > ___
>>> > Full-Disclosure - We believe in it.
>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread GloW - XD
#pure-elite , rofl... yes indeed :P
hehe... nice story tho...funny about the elite channel thing... why do ppl
tag themselves as elite? usually when they are not...
ohwell, thats efnut :s (irc sucks)
xd


On 27 September 2011 19:03, Darren Martyn  wrote:

> Hope this sends correctly, new email client and all... But seeing as it is
> an international investigation many people have been bending over backwards
> to assist LEO on this. HMA and perfect privacy were the VPN's of choice for
> them it would appear, oh, and he was part of the #pure-elite channel on that
> IRC server, and hence, considered by LEO and others as "Part of LulzSec".
>
> TL;DR, this is nothing new.
>
> On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm wrote:
>
>> And the guy wasnt even a part of lulzsec
>> On Sep 26, 2011 10:37 PM, "Jeffrey Walton"  wrote:
>> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan .  wrote:
>> >>
>> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
>> > Though HMA claims they complied with a court order, it looks as if
>> > they facilitated a law enforcement request. The US and the FBI have no
>> > jurisdiction in the UK.
>> >
>> > Jeff
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [SECURITY] [DSA 2311-1] openjdk-6 security update

2011-09-27 Thread Florian Weimer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2311-1   secur...@debian.org
http://www.debian.org/security/Florian Weimer
September 27, 2011 http://www.debian.org/security/faq
- -

Package: openjdk-6
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 
CVE-2011-0868 CVE-2011-0869 CVE-2011-0871
Debian Bug : 629852

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java SE platform.  The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2011-0862
Integer overflow errors in the JPEG and font parser allow
untrusted code (including applets) to elevate its privileges.

CVE-2011-0864
Hotspot, the just-in-time compiler in OpenJDK, mishandled
certain byte code instructions, allowing untrusted code
(including applets) to crash the virtual machine.

CVE-2011-0865
A race condition in signed object deserialization could
allow untrusted code to modify signed content, apparently
leaving its signature intact.

CVE-2011-0867
Untrusted code (including applets) could access information
about network interfaces which was not intended to be public.
(Note that the interface MAC address is still available to
untrusted code.)

CVE-2011-0868
A float-to-long conversion could overflow, , allowing
untrusted code (including applets) to crash the virtual
machine.

CVE-2011-0869
Untrusted code (including applets) could intercept HTTP
requests by reconfiguring proxy settings through a SOAP
connection.

CVE-2011-0871
Untrusted code (including applets) could elevate its
privileges through the Swing MediaTracker code.

In addition, this update removes support for the Zero/Shark and Cacao
Hotspot variants from the i386 and amd64 due to stability issues.
These Hotspot variants are included in the openjdk-6-jre-zero and
icedtea-6-jre-cacao packages, and these packages must be removed
during this update.

For the oldstable distribution (lenny), these problems will be fixed
in a separate DSA for technical reasons.

For the stable distribution (squeeze), these problems have been fixed
in version 6b18-1.8.9-0.1~squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid(, these problems have been fixed in version 6b18-1.8.9-0.1.

We recommend that you upgrade your OpenJDK packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJOgi6wAAoJEL97/wQC1SS+tVMH/jqNKwe9WMsTptRPR4OGue/F
uXY9ThI/eFs4YZ9Ah9tON2b76LhLtxr7s01yrFRZJQNxev1YYYSdJHDzF+b1CD+v
/AqzRPYoPQbXCIgDoBBM0+fHh56cpZybPoSRkL5gTIkeKNxukTWNwJRRu5hieO/5
F0Sp6sqWrPGKkkb2FjuGozOwEwzzMqIVh+nnQ1xFk2M+zKAynokHkbxrJ4fIUA9y
OtXLGrjQkwzkJ+t7ubQ1YAkrOY4tI2znpmOFJmEIsKaXi+Mi8MDVBdT6W1D9PJmp
PgwMqq9ic4eH8z+n8gp+YPkqFnEf3r00HAbx2lLEGRjfyvaYrPn//2jVt5bArNM=
=h3JV
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Twitter URL spoofing still exploitable

2011-09-27 Thread Pablo Ximenes
Aparently twitter is back to normal, t.co isn't showing in place of
every URL anymore.

This was indeed temporary while they were fixing things as mentioned.

Att,

Pablo Ximenes
http://ximen.es/
http://twitter.com/pabloximenes




2011/9/27 Benji :
> If you hover over the t.co links the alt= tag holds the real url.
>
> On Tue, Sep 27, 2011 at 4:11 PM, dave bl  wrote:
>>
>> On 28 September 2011 01:00, Mario Vilas  wrote:
>> > On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky  wrote:
>> >>>
>> >>> Ok, now nobody can spoof a URL, but how come a user will tell good
>> >>> URLs and bad ones apart? Oh boy!
>> >>>
>> >>
>> >> Wherever did you get the idea that users can do this?
>> >
>> > Jokes apart, I do find it annoying that URLs aren't expanded
>> > automatically
>> > anymore. But I don't expect this situation to be permanent.
>>
>> Agreed.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Twitter URL spoofing still exploitable

2011-09-27 Thread Benji
If you hover over the t.co links the alt= tag holds the real url.

On Tue, Sep 27, 2011 at 4:11 PM, dave bl  wrote:

> On 28 September 2011 01:00, Mario Vilas  wrote:
> > On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky  wrote:
> >>>
> >>> Ok, now nobody can spoof a URL, but how come a user will tell good
> >>> URLs and bad ones apart? Oh boy!
> >>>
> >>
> >> Wherever did you get the idea that users can do this?
> >
> > Jokes apart, I do find it annoying that URLs aren't expanded
> automatically
> > anymore. But I don't expect this situation to be permanent.
>
> Agreed.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Twitter URL spoofing still exploitable

2011-09-27 Thread dave bl
On 28 September 2011 01:00, Mario Vilas  wrote:
> On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky  wrote:
>>>
>>> Ok, now nobody can spoof a URL, but how come a user will tell good
>>> URLs and bad ones apart? Oh boy!
>>>
>>
>> Wherever did you get the idea that users can do this?
>
> Jokes apart, I do find it annoying that URLs aren't expanded automatically
> anymore. But I don't expect this situation to be permanent.

Agreed.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Re: [Full-disclosure] Twitter URL spoofing still exploitable

2011-09-27 Thread Mario Vilas
On Tue, Sep 27, 2011 at 3:26 PM, Dan Kaminsky  wrote:

> Ok, now nobody can spoof a URL, but how come a user will tell good
>> URLs and bad ones apart? Oh boy!
>>
>>
> Wherever did you get the idea that users can do this?
>

Jokes apart, I do find it annoying that URLs aren't expanded automatically
anymore. But I don't expect this situation to be permanent.

-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Twitter URL spoofing still exploitable

2011-09-27 Thread Dan Kaminsky
>
> Ok, now nobody can spoof a URL, but how come a user will tell good
> URLs and bad ones apart? Oh boy!
>
>
Wherever did you get the idea that users can do this?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] VPN provider helped track down alleged LulzSec member

2011-09-27 Thread Darren Martyn
Hope this sends correctly, new email client and all... But seeing as it is
an international investigation many people have been bending over backwards
to assist LEO on this. HMA and perfect privacy were the VPN's of choice for
them it would appear, oh, and he was part of the #pure-elite channel on that
IRC server, and hence, considered by LEO and others as "Part of LulzSec".

TL;DR, this is nothing new.

On Tue, Sep 27, 2011 at 6:53 AM, Laurelai Storm wrote:

> And the guy wasnt even a part of lulzsec
> On Sep 26, 2011 10:37 PM, "Jeffrey Walton"  wrote:
> > On Mon, Sep 26, 2011 at 8:47 PM, Ivan .  wrote:
> >>
> http://www.h-online.com/security/news/item/VPN-provider-helped-track-down-alleged-LulzSec-member-1349666.html
> > Though HMA claims they complied with a court order, it looks as if
> > they facilitated a law enforcement request. The US and the FBI have no
> > jurisdiction in the UK.
> >
> > Jeff
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Twitter URL spoofing still exploitable

2011-09-27 Thread Darren Martyn
So their patching method merely introduced another exploitation method?
Reminds me of some of Oracles patches...

On Tue, Sep 27, 2011 at 3:18 AM, Pablo Ximenes  wrote:

> Some of you might consider this blog post of value: http://ximen.es/?p=534
>
> Thanks,
>
> Pablo Ximenes
> http://ximen.es/
> http://twitter.com/pabloximenes
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Privilege escalation on Windows using Binary Planting

2011-09-27 Thread Gary Slavin
the trick is to find one that is writable while logged in as a less priveleged 
user and then overwrite the executable. Anti virus executables are typically a 
good place to start :)

tasklist /fi "USERNAME eq NT AUTHORITY\SYSTEM”
Image Name   PID Session Name Session#Mem Usage
= ==   
System Idle Process0 Console 0 28 K
System 4 Console 0236 K
smss.exe 704 Console 0388 K
csrss.exe752 Console 0  4,032 K
winlogon.exe 776 Console 0  2,904 K
services.exe 820 Console 0  4,612 K
lsass.exe832 Console 0  1,724 K
ati2evxx.exe 980 Console 0  2,676 K
svchost.exe 1020 Console 0  5,948 K
svchost.exe 1200 Console 0 23,100 K
DLService.exe   1484 Console 0  7,856 K
spoolsv.exe 1848 Console 0  6,992 K
schedul2.exe2028 Console 0  2,036 K
inetinfo.exe 228 Console 0 10,484 K
mnmsrvc.exe  364 Console 0  3,436 K
rundll32.exe 352 Console 0  3,168 K
SAVAdminService.exe  356 Console 0  2,548 K
ManagementAgentNT.exe580 Console 0  4,624 K
ALsvc.exe748 Console 0944 K
RouterNT.exe1004 Console 0  4,884 K
vsAOD.Exe   1868 Console 0  4,224 K
C:\Documents and Settings\pentest>


From: Steve Syfuhs [st...@syfuhs.net]
Sent: 26 September 2011 19:09
To: Madhur Ahuja; security-bas...@securityfocus.com; 
full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Privilege escalation on Windows using Binary 
Planting

Well yeah, if the system that's designed to protect you isn't functioning, then 
you aren't protected and all sorts of bad things can happen.

When services starts up, the root service executable looks through a registry 
key to find all the services that should be run. It then executes the value in 
the key relative to each service based on which account is specified.  There is 
no signature checking or anything funky like that going on. If the path stored 
in the registry entry is a valid executable, it will get executed.

It is up to the installer to make sure that the service cannot be replaced. 
This is done by storing it in Program Files, or one of the other recommended 
locations, which only administrators can access by default. If the executable 
is stored in another location, it is still up to the installer to set up proper 
file permissions. Further, only an administrator should be able to start or 
stop the service.

All of this is up to the installer, and the service itself to handle.

If a service or installer deviates from the prescribed design set out by 
Microsoft, is it really Windows' fault that it happened? Not really. So, yes 
you could escalate privilege through this method, but really the failure is by 
the developer of the service, or by the developer of the installer.

-Original Message-
From: listbou...@securityfocus.com [mailto:listbou...@securityfocus.com] On 
Behalf Of Madhur Ahuja
Sent: Sunday, September 25, 2011 2:31 PM
To: security-bas...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Privilege escalation on Windows using Binary Planting

Imagine a situation where I have a Windows system with the restricted user 
access and want to get the Administrator access.

There are many services in Windows which run with SYSTEM account.

If there exists even one such service whose executable is not protected by 
Windows File Protection, isn't it possible to execute malicious code (such as 
gaining Administrator access) simply by replacing the service executable with 
malicious one and then restarting the service.

As a restricted user, what's stopping me to do this ?

Is there any integrity check performed by services.msc or service itself before 
executing with SYSTEM account ?

Madhur

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Securing Apache Web Server with thawte Digital Certificate In this guide we 
examine the importance of Apache-SSL and who needs an SSL certificate.  We look 
at how SSL works, how it benefits your company and how your custom

Re: [Full-disclosure] Privilege escalation on Windows using Binary Planting

2011-09-27 Thread Steve Syfuhs
Well yeah, if the system that's designed to protect you isn't functioning, then 
you aren't protected and all sorts of bad things can happen.

When services starts up, the root service executable looks through a registry 
key to find all the services that should be run. It then executes the value in 
the key relative to each service based on which account is specified.  There is 
no signature checking or anything funky like that going on. If the path stored 
in the registry entry is a valid executable, it will get executed.

It is up to the installer to make sure that the service cannot be replaced. 
This is done by storing it in Program Files, or one of the other recommended 
locations, which only administrators can access by default. If the executable 
is stored in another location, it is still up to the installer to set up proper 
file permissions. Further, only an administrator should be able to start or 
stop the service.

All of this is up to the installer, and the service itself to handle.

If a service or installer deviates from the prescribed design set out by 
Microsoft, is it really Windows' fault that it happened? Not really. So, yes 
you could escalate privilege through this method, but really the failure is by 
the developer of the service, or by the developer of the installer.

-Original Message-
From: listbou...@securityfocus.com [mailto:listbou...@securityfocus.com] On 
Behalf Of Madhur Ahuja
Sent: Sunday, September 25, 2011 2:31 PM
To: security-bas...@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Privilege escalation on Windows using Binary Planting

Imagine a situation where I have a Windows system with the restricted user 
access and want to get the Administrator access.

There are many services in Windows which run with SYSTEM account.

If there exists even one such service whose executable is not protected by 
Windows File Protection, isn't it possible to execute malicious code (such as 
gaining Administrator access) simply by replacing the service executable with 
malicious one and then restarting the service.

As a restricted user, what's stopping me to do this ?

Is there any integrity check performed by services.msc or service itself before 
executing with SYSTEM account ?

Madhur

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Securing Apache Web Server with thawte Digital Certificate In this guide we 
examine the importance of Apache-SSL and who needs an SSL certificate.  We look 
at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a 
thawte Digital Certificate on your Apache web server. Throughout, best 
practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] Secunia Research: Novell GroupWise Internet Agent HTTP Interface Buffer Overflow

2011-09-27 Thread Secunia Research
== 

 Secunia Research 27/09/2011

 - Novell GroupWise Internet Agent HTTP Interface Buffer Overflow -

== 
Table of Contents

Affected Software1
Severity.2
Vendor's Description of Software.3
Description of Vulnerability.4
Solution.5
Time Table...6
Credits..7
References...8
About Secunia9
Verification10

== 
1) Affected Software 

* Novell GroupWise 8.0.2 HP2

NOTE: Other versions may also be affected.

== 
2) Severity 

Rating: Moderately critical
Impact: Denial of Service
System Compromise
Where:  Local Network

== 
3) Vendor's Description of Software 

"Novell GroupWise 8 gives you a wide range of collaborative tools to 
create a truly plugged in work environment.".

Product Link:
http://www.novell.com/products/groupwise/

== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Novell GroupWise,
which can be exploited by malicious users to cause a DoS (Denial of 
Service) and potentially compromise a vulnerable system.

The vulnerability is caused by a boundary error in GroupWise Internet 
Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when 
handling requests for certain .css resources. This can be exploited to 
cause a limited stack-based buffer overflow via a specially crafted, 
overly long request.

== 
5) Solution 

Update to version 8.02 Hot Patch 3.

== 
6) Time Table 

10/03/2011 - Vendor notified.
10/03/2011 - Vendor response.
19/05/2011 - Vendor provides status update.
01/06/2011 - Vendor provides status update.
30/06/2011 - Vendor provides status update.
12/08/2011 - Vendor provides status update.
24/08/2011 - Vendor provides status update.
26/09/2011 - Vendor provides status update.
27/09/2011 - Public disclosure.

== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2011-0334 for the vulnerability.

== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2011-67/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

==

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[Full-disclosure] Secunia Research: Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability

2011-09-27 Thread Secunia Research
== 

 Secunia Research 27/09/2011

  - Novell GroupWise Internet Agent "TZNAME" Parsing Vulnerability -

== 
Table of Contents

Affected Software1
Severity.2
Vendor's Description of Software.3
Description of Vulnerability.4
Solution.5
Time Table...6
Credits..7
References...8
About Secunia9
Verification10

== 
1) Affected Software 

* Novell GroupWise 8.0.2 HP2

NOTE: Other versions may also be affected.

== 
2) Severity 

Rating: Highly critical
Impact: System compromise
Where:  Remote

== 
3) Vendor's Description of Software 

"Novell GroupWise 8 gives you a wide range of collaborative tools to 
create a truly plugged in work environment.".

Product Link:
http://www.novell.com/products/groupwise/

== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Novell GroupWise,
which can be exploited by malicious people to compromise a vulnerable 
system.

The vulnerability is caused by an integer truncation error in 
NgwiCalVTimeZoneBody::ParseSelf() within g1.dll when GroupWise 
Internet Agent parses "TZNAME" variables in VCALENDAR data. This can 
be exploited to cause a heap-based buffer overflow via a specially 
crafted e-mail containing an overly long "TZNAME" property value.

Successful exploitation may allow execution of arbitrary code.

== 
5) Solution 

Update to version 8.02 Hot Patch 3.

== 
6) Time Table 

04/03/2011 - Vendor notified.
04/03/2011 - Vendor response.
19/05/2011 - Vendor provides status update.
01/06/2011 - Vendor provides status update.
30/06/2011 - Vendor provides status update.
12/08/2011 - Vendor provides status update.
24/08/2011 - Vendor provides status update.
26/09/2011 - Vendor provides status update.
27/09/2011 - Public disclosure.

== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2011-0333 for the vulnerability.

== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2011-66/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

==

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/