Re: [Full-disclosure] New open source Security Framework
1337 and then 31337 for exec cmd..yea.. but have not seen more paid... On 6 October 2011 19:01, Dan Dart dand...@googlemail.com wrote: tl;dr past popcorn, but when I saw $2, I lol'd. Weren't Google giving $1337 at some point? And didn't it go up to like $50,000 for a terrible remote root exploit? Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
Just some updates... seems there is a fire blazing maybe soon.. VPN Providers Mull Fraudster Database In Wake of Lulzec Fiasco http://feed.torrentfreak.com/~r/Torrentfreak/~3/4MWSrug7DKA/ nasty.. On 5 October 2011 22:17, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 17:25:20 +0900, Robert Kim App and Facebook Marketing said: Guys... i can't stand sites like Attrition it's all based on total heresay and feed off mob stupidity. AND it ruins perfectly good reputations. OK, I'll bite. What percent of Attrition listings are of sites that didn;t actually get hacked? (Serious question there - I've never actually done a check of their accuracy. Anybody got numbers to back up Robert's claim?) And I'm not sure that an Attrition listing is sufficient to ruin a good reputation. Heck, Sony won a Pwnie Award and it didn't do squat to their stock price. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Context IS Advisory - Apache Reverse Proxy Bypass Vulnerability
===ADVISORY== Systems Affected:Apache httpd Severity:High Category:Proxy Bypass Author: Context Information Security Ltd Reported to vendor: 16th November 2011 Advisory Issued: 5th October 2011 Reference: CVE-2011-3368 ===ADVISORY== Description --- Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Analysis If the Apache configuration file is configured as follows (as previously recommended by Apache): RewriteRule ^(.*) http://internalserver$1 [P] And not with a trailing slash: RewriteRule ^(.*) http://internalserver/$1 [P] Then a request can be made to the proxy server to alter the URL using the user authentication URI syntax, such as: GET @InternalNotAccessibleServer/console HTTP/1.0 Causing the proxy to rewrite the URL to: http://internalserver@InternalNotAccessibleServer/console And provide access to the internal server which is not externally accessible. For an in-depth analysis of this security issue read Context’s blog at: http://www.contextis.com/research/blog/reverseproxybypass/ Technologies Affected - Apache httpd 1.3 all versions Apache httpd 2.x all versions Vendor Response --- Apache have released a patch for this issue but recommend configuration files are reviewed. Patch available from: http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/ Disclosure Timeline --- 16th November 2011 – Vendor Notification 5th October 2011 – Patch Released by Apache Credits Michael Jordon and David Robinson of Context Information Security Ltd About Context Information Security -- Context Information Security is an independent security consultancy specialising in both technical security and information assurance services. The company was founded in 1998. Its client base has grown steadily over the years, thanks in large part to personal recommendations from existing clients who value us as business partners. We believe our success is based on the value our clients place on our product-agnostic, holistic approach; the way we work closely with them to develop a tailored service; and to the independence, integrity and technical skills of our consultants. The company’s client base now includes some of the most prestigious blue chip companies in the world, as well as government organisations. The best security experts need to bring a broad portfolio of skills to the job, so Context has always sought to recruit staff with extensive business experience as well as technical expertise. Our aim is to provide effective and practical solutions, advice and support: when we report back to clients we always communicate our findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report. Web:www.contextis.com Email: disclos...@contextis.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
As you might know, or not know, Exploit Pack is working without any foundation, company, governement and money-giving guy. There is no professionnal coder, programmer that is paid to develop this program. I have tried to ensure that the name of the exploit author is seen in all the software.It was my bad pasting the license there, but hey! Im human give me a break you troll. The next time would be better if you post it in the right place, GitHub. And in fact youre trying to blame here. Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. The freedom to run the program, for any purpose (freedom 0). The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this. The freedom to redistribute copies so you can help your neighbor (freedom 2). The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this. Let me ask you why you are spending so much time annoying this GPL software? I hope next time get a patch of code from you and no nonsense again. Like I said to lroot. The same goes for YOU. If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:36 PM, xD 0x41 sec...@gmail.com wrote: wow i was not going to comment on that pack and have not yet looked but, thats plain nasty... to remove a simple credit line, i mean it is not full of greetz etc :s and replace... totally pathetic. On 5 October 2011 20:32, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- _ Insecurity Research - Security auditing and testing software Web: http://www.insecurityresearch.com Insect Pro 2.5 was released stay tunned ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Full-Disclosure - sick of your nonsense
Dude, I think many people including myself are sick of your nonsense on top of trying to provoke fights on full-disc. This list is not for chatting and 90% of what you've written is subpar. Please keep the nonsense to yourself. You will now be added to the n3td3v e-mail black list. Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hey.. I already gave you an answer about this. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** As other people told you stop doing chatting here. This is not a forum. JSacco On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 sec...@gmail.com wrote: Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ GPL V3 - they had to encumber it to set it free? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia -
Re: [Full-disclosure] New open source Security Framework
Hey, Wanna Join? and contribute to a with a GPL Project? Welcome aboard!!! ( Please do me a favor and read the license first ) Wanna keep talking about your personal opinion? Please.. As it was told stop doing it here, this is not a chatroom. We have a forum and a mailing list for that. It would be nice to see you there... Believe me. I invite you all to the new forum! :-) http://exploitpack.com Cheers! On Wed, Oct 5, 2011 at 8:55 PM, xD 0x41 sec...@gmail.com wrote: Juan, I have not created any opinion (yet) but, is it rally fair, to give people who code, 2 frigging dollars, for sometimes what would be 0day , or is it nice, to remove the REAL auithors name, and add your own. Thats the only grips i see, without having to look at it yet. The whole look of it, without 'using' it tho, looks alot like canvas ;p but, thats not bad thing and, i personally, dont mind that, coz canvas, is not open and, this one is, wich would be great to bring that feel into it.. so, your reading tomuch into things, when i mean giving credit to author, i dont mean putting in his email/greetings and notes, i mean, simply one line to give credit, so people who are using the pack, could atleastfeel sure with some coders,that the code will be very nice, and not painful to read or , modify even to make it nicer.. that is why i like to always makesure authors get some credit, however it may be, it only needbe a nick/name, but you are using theyre things, but on your people who your paying, i guess you should maybe put in place then rules that, all exploits paid for, would not recieve credits, other than, part of devteam or part of exploit-pack codepack. It aint hard to keep people happy. Whilst still producing quality, or, non quality. i will run your pack, using ONE well know exploit, and if that fails, i will have results here, compared to backbox scan or, another vuln scan, then, i will comment further. How does that sound? Ok. I will do my research, but, i aint angry at you, nor the product, altho i dislike Insect, this one, seems to have some good features. So yea, ill take an open look, i only think, if code is NOT paid for, then you should put authors name or handle in there somwhere, maybe even something for paid exploits... people do appreciate a 'thanks to' sometimes... especially you it seems. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by
Re: [Full-disclosure] New open source Security Framework
ro...@fibertel.com : I know you don't have any experience with open source projects, but this is not the right way. Next time you should try doing it well. Go to GitHub and write the change your own. The community will moderate it and then you will see your proposal applied. To be clear. The license on the script you mention is the license for all the software not only for the script. Oki Dokie? 1. This is not a chatting room 2. This is not Exploit Pack Dev list Having that in mind: If you feel like you have to really make another nonsense question after you read all the thread. Then and just then. Send a email to Exploit Pack Dev list. Please check: http://exploitpack.com/faq And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having question about GPL v3 I already make a change on the git repository for you root ro...@fibertel.com.ar and your friend xD 0x41 sec...@gmail.com, hope next time you expend two cent for this project. https://github.com/exploitpack/trunk/blob/master/https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/exploits/code/EasyFTPServer1.7.11.py #You should have received a copy of the GNU General Public License along with this program. #If not, see http://www.gnu.org/licenses/ # Script Author: [Coder Name] # Thanks for let us use this script on Exploit Pack JSacco On Thu, Oct 6, 2011 at 12:34 AM, root ro...@fibertel.com.ar wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
ro...@fibertel.com : I know you don't have any experience with open source projects, but this is not the right way. Next time you should try doing it well. Go to GitHub and write the change your own. The community will moderate it and then you will see your proposal applied. To be clear. The license on the script you mention is the license for all the software not only for the script. Oki Dokie? 1. This is not a chatting room 2. This is not Exploit Pack Dev list Having that in mind: If you feel like you have to really make another nonsense question after you read all the thread. Then and just then. Send a email to Exploit Pack Dev list. Please check: http://exploitpack.com/faq And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having question about GPL v3 I already make a change on the git repository for you root ro...@fibertel.com.ar and your friend xD 0x41 sec...@gmail.com, hope next time you expend two cent for this project. https://github.com/exploitpack/trunk/blob/master/ #You should have received a copy of the GNU General Public License along with this program. #If not, see http://www.gnu.org/licenses/ # Script Author: [Coder Name] # Thanks for let us use this script on Exploit Pack JSacco On Thu, 06 Oct 2011 00:34:00 -0300, root wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it under the terms of the +#GNU General Public License as published by the Free Software Foundation, either version 3 +#or any later version. +# +#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; +#without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +#PURPOSE. See the GNU General Public License for more details. +# +#You should have received a copy of the GNU General Public License along with this program. +#If not, see http://www.gnu.org/licenses/ Ys why not? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Net SAPO flaws and vulnerabities
There is several flaws in the SAPO internet service in portugal that allow certain tasks to be made. . Unautorized internet access . Obtain sapo username and password . Obtain subscriber phone number . Obtain name, address, tax number, etc . Activate aditional sapo services REMOTE ADMINISTRATION . Target a specific device . Block sites (antivirus for example) . Read user info via DHCP (mac, pc name) . DNS Hijack . Open internet to anyone via fake WAN Since i dedicate a few days on this one i will not disclose in detail (software + technics used). More info via mail or phone. Hacxx ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] vTiger CRM 5.2.x = Remote Code Execution Vulnerability
and where in vTiger is this manipulatable from?
On Wed, Oct 5, 2011 at 11:02 AM, YGN Ethical Hacker Group li...@yehg.netwrote:
vTiger CRM 5.2.x = Remote Code Execution Vulnerability
1. OVERVIEW
The vTiger CRM 5.2.1 and lower versions are vulnerable to Remote Code
Execution. No fixed version has been released as of 2011-10-05.
2. BACKGROUND
vtiger CRM is a free, full-featured, 100% Open Source CRM software
ideal for small and medium businesses, with low-cost product support
available to production users that need reliable support. vtiger CRM
is a widely used product with thousands of users in dozens of
countries. It has a vibrant community of users driving the product
forward, and contributing to it's development. Over 2 million copies
of vtiger CRM have been downloaded so far. It was launched as a fork
of version 1.0 of the SugarCRM project launched on December 31st,
2004.
3. VULNERABILITY DESCRIPTION
vTiger uses the vulnerable version of phpmailer class file located at
/cron/class.phpmailer.php .
4. VERSIONS AFFECTED
Tested on 5.2.1
5. PROOF-OF-CONCEPT/EXPLOIT
File: /cron/class.phpmailer.php
[code]
391:function SendmailSend($header, $body) {
392:if ($this-Sender != )
393: $sendmail = sprintf(%s -oi -f %s -t, $this-Sendmail,
$this-Sender);
394:else
395: $sendmail = sprintf(%s -oi -t, $this-Sendmail);
[/code]
6. SOLUTION
The vendor hasn't attempted to incorporate the latest version of
phpMailer class in their vTigerCRM as of version 5.2.1.
The flawed code portion can be patched with:
393: $sendmail = sprintf(%s -oi -f %s -t,
escapeshellcmd($this-Sendmail), escapeshellarg($this-Sender));
395: $sendmail = sprintf(%s -oi -t, escapeshellcmd($this-Sendmail));
7. VENDOR
vTiger Development Team
http://www.vtiger.com/
8. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
9. DISCLOSURE TIME-LINE
2010-12-08: notified vendor
2011-10-05: no fixed version released yet
2011-10-05: vulnerability disclosed
10. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_rce
Wiki VtigerCRM: https://secure.wikimedia.org/wikipedia/en/wiki/Vtiger_CRM
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215
#yehg [2011-10-05]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 0day Full disclosure: American Express
http://qnrq.se/full-disclosure-american-express/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Bolud! no jodes con un Porteño fino! Aya se callen or desaparecen . [[ Juan Sacco ]] @ [[ 06/10/2011 02:16 ]]-- Hey.. I already gave you an answer about this. AGAIN. For the last time. I respect the author's name of all the exploits added to Exploit Pack, like you suggest in a terrible and way.. Insulting and posting like 10 mail to the this list. I will add a # Thank you [AUTHOR NAME ] for let us use your public script in the top of all new exploit added to Exploit Pack Framework. ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** As other people told you stop doing chatting here. This is not a forum. JSacco On Wed, Oct 5, 2011 at 8:57 PM, xD 0x41 sec...@gmail.com mailto:sec...@gmail.com wrote: Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information erm, sorry this dont count, it should be IN the code, not, after running it :P thats bs mate, and i wont agree with your crap, until you see my point really. It is, something you write, compared to running thwe GUI.. xd On 6 October 2011 10:47, Juan Sacco juansa...@gmail.com mailto:juansa...@gmail.com wrote: Hey, Its really a shame that you didn't even take like 2 minutes to watch the source code of Exploit Pack before create an opinion. This can't be a copy of CANVAS. Canvas is made on Python. Exploit Pack JAVA. See the diference? Also, please take a look at the interface design, both are really different. Show me where Exploit Pack is similar to Canvas! I think you spent too much time looking for Waldo :-D We respect the exploit author and that is why I add them at the first line of the XML file You should run the program before creating this crappy post with your nonsense opinions ( Harassing the free work of others, you wrote lke 5 - 6 insulting posts in like.. 2 minutes?.. Dude go find a girl, come on ) Take a look if you want: ?xml version=1.0 encoding=UTF-8? Module Exploit NameXML=Free Float FTP Server CodeName=FreeFloatFTPServer.py Platform=windows Service=ftp Type=remote RemotePort=21 LocalPort= ShellcodeAvailable=R ShellPort= SpecialArgs= /Exploit Information Author=Blake Date=August 23 2011 Vulnerability=N/A Free Float FTP Server USER Command Remote Buffer Overflow Exploit when parsing the command 'USR', which leads to a stack based overflow. Also Free Float FTP Server allow remote anonymous login by default exploiting these issues could allow an attacker to compromise the application, access or modify data. /Information JSacco On Wed, Oct 5, 2011 at 8:16 PM, xD 0x41 sec...@gmail.com mailto:sec...@gmail.com wrote: Heya jeff, The author is clearly not smart. He is copying other codes, this is a plain rip off of canvas...hehe... and same with his insect pro... he stole metasplit for tht one, then he wants repect, when we see him removing simplly one line wich would atleast say a ty and, show [ppl who writes, is maybe sometimes stabler than other authors, it would be better to have this in, not out.. he should be able to see thats how it works with exploit code/pocs in general... sometimes, if i see php code from one person, i will tend to look, but if it was from an unknown person, i prolly wouldnt. But this (open sauce) project, i will download and waste 5minutes on. Then illm go back to Backbox and BT5 and things wich work :) hehe (this guy is really mad about his app... and i mean, dang mad angry! I will buy some tissues and send to him, that is my donation for his app) :)) xd On 6 October 2011 08:59, Jeffrey Walton noloa...@gmail.com mailto:noloa...@gmail.com wrote: On Wed, Oct 5, 2011 at 5:32 AM, root ro...@fibertel.com.ar mailto:ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com mailto:szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com
Re: [Full-disclosure] New open source Security Framework
Telling people to move their criticisms off of the (unmoderated) public forum and into the private forum that you control (and can freely censor as you see fit) is ridiculous. Now, if you really did as root said and just grabbed peoples' code from various public outlets and put it into your GPL product... *you really can't do that*. First off, the copyright of the code does not belong to you. You have to get permission or a separate license, *in writing*, *from the original author of the code*. If they don't give it to you, you have to do without or have someone cleanroom it for you (if you rewrite it yourself, your clone is arguably contaminated by your previous exposure). And they have to specifically authorize you to redistribute with the GPL license. If *they've* distributed with GPL, you should be fine; if they've distributed with nearly *any other license at all*, you have to get permission to redistribute since most other licenses impose additional restrictions which are specifically forbidden by the GPL. And if you're AT ALL unclear on what the redistribution license for their code is, the safe choice is simply to not redistribute. Just because someone puts their code out in public doesn't mean you're allowed to put their code out in public as well. As to your claim that Exploit Pack is working without any foundation, company, governement and money-giving guy, -- number one, you probably mean 'Venture Capitalist when you say money-giving guy. Number two, you seem to be either the PR for or the head of the company that makes INSECT Pro, correct? If INSECT Pro is your product and Exploit Pack is your *open source * product, especially given the proximity of both tools in their field (information security or whatever you want to call it), I would call this claim quite a stretch, at best. You are providing some measure of similar support for both products; how are you working to eliminate the conflict of interest of pulling something from Exploit Pack into INSECT? Maybe I'm not well-versed enough in your products, but I still do not believe it is possible for you (personally!) to claim Exploit Pack as a personal pet project when it's that close to the one you sell for money. On Wed, Oct 5, 2011 at 9:06 PM, Juan Sacco juansa...@gmail.com wrote: ro...@fibertel.com : I know you don't have any experience with open source projects, but this is not the right way. Next time you should try doing it well. Go to GitHub and write the change your own. The community will moderate it and then you will see your proposal applied. To be clear. The license on the script you mention is the license for all the software not only for the script. Oki Dokie? 1. This is not a chatting room 2. This is not Exploit Pack Dev list Having that in mind: If you feel like you have to really make another nonsense question after you read all the thread. Then and just then. Send a email to Exploit Pack Dev list. Please check: http://exploitpack.com/faq And: http://www.gnu.org/licenses/gpl-3.0.html if you continue having question about GPL v3 I already make a change on the git repository for you root ro...@fibertel.com.ar and your friend xD 0x41 sec...@gmail.com, hope next time you expend two cent for this project. https://github.com/exploitpack/trunk/blob/master/https://github.com/exploitpack/trunk/blob/master/Exploit%20Pack/exploits/code/EasyFTPServer1.7.11.py #You should have received a copy of the GNU General Public License along with this program. #If not, see http://www.gnu.org/licenses/ # Script Author: [Coder Name] # Thanks for let us use this script on Exploit Pack JSacco On Thu, Oct 6, 2011 at 12:34 AM, root ro...@fibertel.com.ar wrote: Juan, You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. Software business steal code all the time, but they don't release the software for everybody to see! Next time instead of a few laughs at a list, you may get sued and lose real money, you fool. Please learn how licensing works and just then republish all your code. On 10/05/2011 06:25 PM, Juan Sacco wrote: If you want the right to demand certain things from the program, then go BUY a program and do not harass people who are writing software for free, or go and help the developers by writing the functionality yourself. Juan Sacco On Wed, Oct 5, 2011 at 6:32 AM, root ro...@fibertel.com.ar wrote: - * @author Stefan Zeiger (szei...@novocode.com) - printWritten by Blake - Information Author=Blake Date=August 23 2011 Vulnerability=N/A +#Exploit Pack - Security Framework for Exploit Developers +#Copyright 2011 Juan Sacco http://exploitpack.com +# +#This program is free software: you can redistribute it and/or modify it
Re: [Full-disclosure] 0day Full disclosure: American Express
That's NOT GOOD! :P ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
On 06/10/11 08:55, John Doe wrote: http://qnrq.se/full-disclosure-american-express/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ American Express admins looks really worried by security At least they thought about the remote possibility of google indexing the admin panel, so they disabled it at https://www.americanexpress.com/robots.txt smart move :-) signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
Zitat von Carlos Alberto Lopez Perez clo...@igalia.com: American Express admins looks really worried by security At least they thought about the remote possibility of google indexing the admin panel, so they disabled it at https://www.americanexpress.com/robots.txt smart move :-) because RewriteCond is hardcore stuff _ ups, it's an ibm httpd server. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full-Disclosure - sick of your nonsense
faggot... On Wed, Oct 5, 2011 at 8:31 PM, Sam Goody trashm...@hush.com wrote: Dude, I think many people including myself are sick of your nonsense on top of trying to provoke fights on full-disc. This list is not for chatting and 90% of what you've written is subpar. Please keep the nonsense to yourself. You will now be added to the n3td3v e-mail black list. Cheers! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Marcio Barbado, Jr. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
Hey Andreas, read the following article its fresh and new ... http://www.vulnerability-lab.com/dev/ This is 4 real ^^ Am 06.10.2011 12:18, schrieb Andreas: Zitat von Carlos Alberto Lopez Perez clo...@igalia.com: American Express admins looks really worried by security At least they thought about the remote possibility of google indexing the admin panel, so they disabled it at https://www.americanexpress.com/robots.txt smart move :-) because RewriteCond is hardcore stuff _ ups, it's an ibm httpd server. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
ack Am 06.10.2011 14:38, schrieb resea...@vulnerability-lab.com: Hey Andreas, read the following article its fresh and new ... http://www.vulnerability-lab.com/dev/ This is 4 real ^^ Am 06.10.2011 12:18, schrieb Andreas: Zitat von Carlos Alberto Lopez Perez clo...@igalia.com: American Express admins looks really worried by security At least they thought about the remote possibility of google indexing the admin panel, so they disabled it at https://www.americanexpress.com/robots.txt smart move :-) because RewriteCond is hardcore stuff _ ups, it's an ibm httpd server. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: ad...@vulnerability-lab.com or supp...@vulnerability-lab.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. pgpaRIdfRsNlC.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said: Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. Please note that one of the biggest complaints about the GPL is that it is pretty much impossible to legally combine GPL code with code that has a non-GPL-compatible license (which includes most proprietary code). So you need to be careful about the origins and licensing on each and every line of code that you include from other sources. pgpF3exFtRiNv.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
I'd expect someone with the brain size of a pea would at least rename variables in the code he claimed as his... Someone with more sense would probably write such a 50-liner from scratch... On Thu, Oct 6, 2011 at 4:01 PM, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
Yeah, cause those robots always, always, always obey the robots file... :-) -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Carlos Alberto Lopez Perez Sent: Thursday, October 06, 2011 2:54 AM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] 0day Full disclosure: American Express On 06/10/11 08:55, John Doe wrote: http://qnrq.se/full-disclosure-american-express/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ American Express admins looks really worried by security At least they thought about the remote possibility of google indexing the admin panel, so they disabled it at https://www.americanexpress.com/robots.txt smart move :-) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
risking n3td3v fate, sorry for offtopic. the nigger said [1] (no offense intended to black people): American people understand that not everybody's been following the rules, he said. These days, a lot of folks doing the right thing are not rewarded. A lot of folks who are not doing the right thing are rewarded. [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
No offense intended??? How you expect to refer to the President of the United States as a nigger and NOT offend people? You crossed WAY over the line on that one, joro. WAY over. t -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure- boun...@lists.grok.org.uk] On Behalf Of Georgi Guninski Sent: Thursday, October 06, 2011 10:22 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules risking n3td3v fate, sorry for offtopic. the nigger said [1] (no offense intended to black people): American people understand that not everybody's been following the rules, he said. These days, a lot of folks doing the right thing are not rewarded. A lot of folks who are not doing the right thing are rewarded. [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
What the hell... No. Just no. On Oct 6, 2011 12:22 PM, Georgi Guninski gunin...@guninski.com wrote: risking n3td3v fate, sorry for offtopic. the nigger said [1] (no offense intended to black people): American people understand that not everybody's been following the rules, he said. These days, a lot of folks doing the right thing are not rewarded. A lot of folks who are not doing the right thing are rewarded. [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/10/2011 18:21, Georgi Guninski wrote: risking n3td3v fate, sorry for offtopic. the nigger said [1] (no offense intended to black people): American people understand that not everybody's been following the rules, he said. These days, a lot of folks doing the right thing are not rewarded. A lot of folks who are not doing the right thing are rewarded. [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html So what you complaining about? The fact that you follow the rules and the statement that you quoted is correct, that what he said is obvious to those with an IQ in double figures and need not be uttered or that the pres of the USA is not a redneck? I hope you are not a racist and this was a poor attempt at humour for the world sucks because of those who want to persecute others for not being the same colour, sex or facing the same way when they pray. Dave -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBTo3wibIvn8UFHWSmAQKZ7wgAtLx6Qx7sTeibyR8g0/oYhoMrbDMSuM9Y DXmrZmqk/+mMyDgPMC/HjHQuaxloIp7zelFFSyuJ19rA3TNCdlYdH1bWbAkcHJMy MdfkoAm+JGzBFROHC/AYZO9IxhFjD/TGybCJgL42Qj3+AY7uG6bzMAicV9EnpUNp QxPHmsrfMKMcIfZvHs0NThQKEbWsAKxQXOf3GznJ/qDFElho7qTWA38QWqAQcBwN 8eHgP+ornMPP0RPVelrXr5z/QNKXMnM2kykx56RO9GpAhYQ9JOriDjQVR9/nE54c 0R4TL50tcibZxVEktF1Sv976E9PSg2KBMj/L5NnbL9vdNgpMzUp4Ww== =ukU+ -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On 10/05/2011 09:16 PM, Juan Sacco wrote: ** Also, I created a mailing list to discuss this kind of things, report bugs and much more ( But sorry, NO INSULTING is allowed there ) ** Insults to you person are a very useful form of disclosure. People needs to know that you are insane. MITRE already reserved a block of CVEs for bugs in your stupid brain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
eek.. risking n3td3v fate, sorry for offtopic. I think you came close buddy, but noway do you come close to that n3td3v dood...Although, you are usually one of the people i look to on this list for some guidance, ie, you, thor, halfdog,madirish,and many other older/better trained to this, and that one did let me down, but no way would i scrap you for a n3td3v :) cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... not to the extent of gangs etc setup who are attacking other people for race...color,etc.. well, not yet. stay cool buddy xd On 7 October 2011 04:21, Georgi Guninski gunin...@guninski.com wrote: risking n3td3v fate, sorry for offtopic. the nigger said [1] (no offense intended to black people): American people understand that not everybody's been following the rules, he said. These days, a lot of folks doing the right thing are not rewarded. A lot of folks who are not doing the right thing are rewarded. [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html -- joro ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 0day Full disclosure: American Express
Hello, I have had almost exactly the same thing here, with anz.com , and this is now ended but almost as bad as that! They were being scammed, and spam mails were actually makin it to the inbox and were half decent, so i tried, mutiple times to put in a 'contact form' wich kept resetting when id submit, and make some error page... Then same bank but a different branch, i was able to ring, and explain, then they offered to ring another bank, total different one but also being targetted for scam and , as always the famous CCard. It was frustrating as hell..and sofar, did not get any thanks, yet have noticed the crap drop off completely now. i guess is sad and, a huge reason about why i love this topic... it is very frustrating. You were vigilant, I applaud this, because thats the only way with some places, and you would expect these places, ie, anz, to have some abuse-only mails, well at that time, they didnt, and i have not seen it with a quick browse...but i imagine they changed nothing, I hope they fixed the form it was only browser based bug,but still, it took me a cpl days,but yes they did get scammed,and many many numbers were then released onto even irc nets...i saw this and was abit saddened, sometimes security can be a harsh place to work or, try to help even. cheers, xd R.I.P Steve Jobs Innovative/Ingenius mind, Thankyou for the old Apple Box, thats how i became addicted to tech, will be sadly missed. On 6 October 2011 17:55, John Doe forwardedtorealem...@gmail.com wrote: http://qnrq.se/full-disclosure-american-express/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
eh... lol, i am living in australia, and know exactly how things work. I think you are maybe sending the email without reading the posters email... I have not said anything about USA, only au. for someone who is meant to be mature, you dont seem to act it,... but, your throwing abuse at the wrong guy. And yes, i know exactly how gangs work,. and, have actually spent 4yrs behind bars :) thx k. bye xd On 7 October 2011 06:09, Sam Goody trashm...@hush.com wrote: You should really jump off a bridge. You always talk out of your ass including this one. How do you know there isn't racism in AU? How you ever been there? Do you know any history about the racism that the native Indians have experienced? Do you know about all other cultures that have had to endure racist laws in the AU? You have got no clue you piece of shit. Why don't you fucking get your head out of your ass. And what do you know about gangs? Are you now a gang expert? So gangs now inspire racism? Do you even know what racism means? You're a fucking failure you American piece of Shit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
Do you know any history about the racism that the native Indians have experienced? haha yes yes they would be named Aboriginals, in USA , the Indians were somewhat persecuted :) get YOUR head out of YOUR arse idiot. xd On 7 October 2011 06:09, Sam Goody trashm...@hush.com wrote: You should really jump off a bridge. You always talk out of your ass including this one. How do you know there isn't racism in AU? How you ever been there? Do you know any history about the racism that the native Indians have experienced? Do you know about all other cultures that have had to endure racist laws in the AU? You have got no clue you piece of shit. Why don't you fucking get your head out of your ass. And what do you know about gangs? Are you now a gang expert? So gangs now inspire racism? Do you even know what racism means? You're a fucking failure you American piece of Shit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
“, the Indians were somewhat persecuted :) “ By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. hehe i really dont know, and really, dont care... it is always some new and different views, so i just know from my school classes, indians were indeed hunted, and they also, fought back.. abit like aboriginals here.. but, this guy i think was high on ice or sumthin before he even spoke to me, he assumes i am now a racist :s I was saying, this country here in .au , is prolly the least one i could think of, as we have maybe 5 races alone in my street, maybe more, how could you fight your neighbor... abit like some countries ;) (iran/iraq , serbia/bosnia)...just gotup one day because told to, and took up arms, literally, against theyre neighbors... Thats happening now, and it is still called genocide.. That is life'... I aint young enough to join the army and make any difference. anyhow, i aint really into this race talk, and, dont want nothin todo with it, am no racist, simply not brought up to think badly of other people... this could happen, anywhere.. cheers xd On 7 October 2011 06:19, Csirt, Star s...@delta.com wrote: ** ** ** “, the Indians were somewhat persecuted :) “ ** ** By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. ** ** ** ** ** ** -- *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *xD 0x41 *Sent:* Thursday, October 06, 2011 3:14 PM *To:* Sam Goody *Cc:* **full-disclosure@lists.grok.org.uk** *Subject:* Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure ** ** Do you know any history about the racism that the native Indians have experienced? haha yes yes they would be named Aboriginals, in USA , the Indians were somewhat persecuted :) get YOUR head out of YOUR arse idiot. xd On 7 October 2011 06:09, Sam Goody trashm...@hush.com wrote: You should really jump off a bridge. You always talk out of your ass including this one. How do you know there isn't racism in AU? How you ever been there? Do you know any history about the racism that the native Indians have experienced? Do you know about all other cultures that have had to endure racist laws in the AU? You have got no clue you piece of shit. Why don't you fucking get your head out of your ass. And what do you know about gangs? Are you now a gang expert? So gangs now inspire racism? Do you even know what racism means? You're a fucking failure you American piece of Shit. ** ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
, the Indians were somewhat persecuted :) By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the native threat for the white settlers. From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of xD 0x41 Sent: Thursday, October 06, 2011 3:14 PM To: Sam Goody Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure Do you know any history about the racism that the native Indians have experienced? haha yes yes they would be named Aboriginals, in USA , the Indians were somewhat persecuted :) get YOUR head out of YOUR arse idiot. xd On 7 October 2011 06:09, Sam Goody trashm...@hush.commailto:trashm...@hush.com wrote: You should really jump off a bridge. You always talk out of your ass including this one. How do you know there isn't racism in AU? How you ever been there? Do you know any history about the racism that the native Indians have experienced? Do you know about all other cultures that have had to endure racist laws in the AU? You have got no clue you piece of shit. Why don't you fucking get your head out of your ass. And what do you know about gangs? Are you now a gang expert? So gangs now inspire racism? Do you even know what racism means? You're a fucking failure you American piece of Shit. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Hi Valdis, it is more complex than i thought... I do support open src, and am going to try and help the exploit pack, so, i hope that the maker is reading all of this and making some adjustments perhaps... alot of them actually. I did not think it was as complex as it has shown to be, but it indeed is. I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. Being .py script based code, it really has potential but the author has to get the GPL/lisencing in order and, make Insect pro and this product cleared up,asin to where your exploit code goes, will it stay there, or will it be added to his paid app... he could even be doing this, to get cheap exploits, to indeed put into the paid app... it is another possiblility, but, i do see he is putting in the hours, asin trying to make some changes to this app so it does work... so, for now, it is in public. cheers. xd On 7 October 2011 01:09, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said: Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. Please note that one of the biggest complaints about the GPL is that it is pretty much impossible to legally combine GPL code with code that has a non-GPL-compatible license (which includes most proprietary code). So you need to be careful about the origins and licensing on each and every line of code that you include from other sources. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hashdays, Lucerne?
As swiss I'm almost obliged :) see you there ;) - Original message - Hey, who all is going to Hashdays at the end of the month? I'm wondering what kind of attendance we'll see from the FD crowd... t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. pgpWEC9QH8Eur.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Fri, 07 Oct 2011 06:36:51 +1100, xD 0x41 said: I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. One of the good things about the GPL (as opposed to the BSD license), is that you *can't* take GPL code private - if he's adding it to the proprietary app and shipping the result under a non-GPL license, he's in violation of the GPL and could end up in court. A lot of embedded hardware people have gotten into trouble that way. The *vast* majority have cleaned up their act and complied with the GPL requirements by either removing the GPL code or releasing source as required by the GPL. A few have been silly enough to let it get to court, and have universally been handed their butts by the judge. http://www.gpl-violations.org/ pgpwPGLW3rssx.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
i guess some, but we dont see ourselfs as a different to them. They were simply here first. Thats how they like to be seen, nowdays.. I am not going to even go into racism in usa, but Indians, blacks and all people would take exception to what YOU said, about 'niggers'. So stop shifting the blame,... i was tryin to b nice to you, re something VERY stupid and racist, wich YOU said, so dont pull me into it buds, you said the word, not me. We dont even use 'niggers' here so, your in a way different country, todo with racism, we dont like it, nor allow it, want an example? AFL league here, our code of football (rather rough but still..football) and highly paid people... if one of them is caught on or off mic, saying the 'abo' word, in a nasty way to another player, that could mean end of theyre season, and at the VERY least, a HUGE amount of fine, and atleast 6weeks out of game.. wich is the norm. It is not out of control here, and, i think aboriginals would agree. I know many, and they like to be seen as white, or, just aussies. Nothing more. You should NEVER pick on someones color George, and this is what YOU did, not me. xd On 7 October 2011 06:56, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Well, I guess then people nowdays should be keeping more watch on ANYTHING they release into public... It is just going to get more complex i assume, with adding more lisences, as creative commons has kindly done.. however i do like theyre lisence, as it actually covers a .txt file, or even a .c file... wich is mainly why i have used it once in past for some code, so I could then keep an eye on it, but never have looked atall, at GPL. Anyhow, thx Valdi for shedding more light on things. On 7 October 2011 07:03, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 06:36:51 +1100, xD 0x41 said: I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. One of the good things about the GPL (as opposed to the BSD license), is that you *can't* take GPL code private - if he's adding it to the proprietary app and shipping the result under a non-GPL license, he's in violation of the GPL and could end up in court. A lot of embedded hardware people have gotten into trouble that way. The *vast* majority have cleaned up their act and complied with the GPL requirements by either removing the GPL code or releasing source as required by the GPL. A few have been silly enough to let it get to court, and have universally been handed their butts by the judge. http://www.gpl-violations.org/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
hehe, and, whats that todo with racist, do you even realise many of those things, are actually asked for by leaders of communities, I am asuming your pointing at one of .australian notes, you should really be ashamed..really, take a look at who you are if your american, and you can truly say, your not racists, you always seem to have a view on it, and always a comment on it, thats probably why somany world-leaders have called usa a big-mouth and bully somuch... sorry but, racism, usa takes the lead there... i mean, half of your country still has arachaic laws, in missippi even, gawd.. i wont go into it, you should be ashamed, atleast some countries are trying to make inroads to theyre past failures, not, keep it alive.. fire burning bright. I used to loveee usa, and still kinda do, but, i really dislike the way it has handled many diplomatic things, and, this is not a place to be discussing it, maybe, amuse me on irc otherwise please, dont include me on USA politics and racism... It is by far the worst topic usa could be involved in. You are copmparing a tiny country, to a country of mutiple millions...and some, and you still havent clearly, learnt from persecutions against the many , for example, atm right now, Afghanistan...wasting peoples time/money and other countrys, for something wich is a fail and, you know it. Dont involve me in your pathetic race riots and online crp, i dont want anything todo with it. have a nice day. xd On 7 October 2011 07:04, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Oct 6, 2011 at 3:19 PM, Csirt, Star s...@delta.com wrote: “, the Indians were somewhat persecuted :) “ By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. At least the US did not put his picture on paper money (like another who attempted genocide). Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
umm.. idid not start this thread, nor many of the ones your actually replying to... have you even noticed this. fool. On 7 October 2011 07:04, Antony widmal antony.wid...@gmail.com wrote: Thing is, you bring shit, stupidity, troll on this mailing list. Most people here would agree. How about you start another shit/off-topic thread about Israel vs Palestinian this time ? Could be a fucking great topic on a IT sec mailing list. On Thu, Oct 6, 2011 at 3:53 PM, xD 0x41 sec...@gmail.com wrote: Oh, the brilliant one with nothing to offer... again. This list is getting worse, with or w/out me.. it only needs u and n3td3v and is perfect. yung. I make, i think, abit more than the avg McDonalds manager... so , you can dreamup your sick fantasies but, unfortunately the truth is truth. ciao bella. xd On 7 October 2011 06:44, Antony widmal antony.wid...@gmail.com wrote: Didn't know you could flip burgers and use your smartphone while working at Mc-Donald. On Thu, Oct 6, 2011 at 3:24 PM, xD 0x41 sec...@gmail.com wrote: “, the Indians were somewhat persecuted :) “ By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. hehe i really dont know, and really, dont care... it is always some new and different views, so i just know from my school classes, indians were indeed hunted, and they also, fought back.. abit like aboriginals here.. but, this guy i think was high on ice or sumthin before he even spoke to me, he assumes i am now a racist :s I was saying, this country here in .au , is prolly the least one i could think of, as we have maybe 5 races alone in my street, maybe more, how could you fight your neighbor... abit like some countries ;) (iran/iraq , serbia/bosnia)...just gotup one day because told to, and took up arms, literally, against theyre neighbors... Thats happening now, and it is still called genocide.. That is life'... I aint young enough to join the army and make any difference. anyhow, i aint really into this race talk, and, dont want nothin todo with it, am no racist, simply not brought up to think badly of other people... this could happen, anywhere.. cheers xd On 7 October 2011 06:19, Csirt, Star s...@delta.com wrote: ** ** ** “, the Indians were somewhat persecuted :) “ ** ** By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. ** ** ** ** ** ** -- *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *xD 0x41 *Sent:* Thursday, October 06, 2011 3:14 PM *To:* Sam Goody *Cc:* **full-disclosure@lists.grok.org.uk** *Subject:* Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure ** ** Do you know any history about the racism that the native Indians have experienced? haha yes yes they would be named Aboriginals, in USA , the Indians were somewhat persecuted :) get YOUR head out of YOUR arse idiot. xd On 7 October 2011 06:09, Sam Goody trashm...@hush.com wrote: You should really jump off a bridge. You always talk out of your ass including this one. How do you know there isn't racism in AU? How you ever been there? Do you know any history about the racism that the native Indians have experienced? Do you know about all other cultures that have had to endure racist laws in the AU? You have got no clue you piece of shit. Why don't you fucking get your head out of your ass. And what do you know about gangs? Are you now a gang expert? So gangs now inspire racism? Do you even know what racism means? You're a fucking failure you American piece of Shit. ** ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
Yes ofcourse, we have gangs here roaming wild, attacking eachother because of color... yep! you sure know your stuff! On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.net wrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
And as for wikipedia, i dont think you would FIT all of USA's racism crap into it, so it is seperated, i think i would find atleast 100 wiki: on Usa*racism, try it, then show the REAL stats. Anyhow, this is not my shit, so, stop looking to me, i did not start this thread, nor give a crap about it, and, you clearly do not understand australian laws, nor, have lived here, or you would know that, we are far from racists, and, our past mistakes, have atleast been 'apologised' for, diplomatically, wich is mainly, what the natives here wanted, the aboriginals. Have a nice day to you also. xd On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.net wrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
whos trolling who ? screw you, and this stupid thread. On 7 October 2011 07:48, Benjamin Krueger benja...@seattlefenix.net wrote: http://en.wikipedia.org/wiki/Straw_man On Oct 6, 2011, at 1:46 PM, xD 0x41 wrote: Yes ofcourse, we have gangs here roaming wild, attacking eachother because of color... yep! you sure know your stuff! On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.netwrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
http://en.wikipedia.org/wiki/Straw_man On Oct 6, 2011, at 1:46 PM, xD 0x41 wrote: Yes ofcourse, we have gangs here roaming wild, attacking eachother because of color... yep! you sure know your stuff! On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.net wrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
http://www.nizkor.org/features/fallacies/red-herring.html On Oct 6, 2011, at 1:48 PM, xD 0x41 wrote: And as for wikipedia, i dont think you would FIT all of USA's racism crap into it, so it is seperated, i think i would find atleast 100 wiki: on Usa*racism, try it, then show the REAL stats. Anyhow, this is not my shit, so, stop looking to me, i did not start this thread, nor give a crap about it, and, you clearly do not understand australian laws, nor, have lived here, or you would know that, we are far from racists, and, our past mistakes, have atleast been 'apologised' for, diplomatically, wich is mainly, what the natives here wanted, the aboriginals. Have a nice day to you also. xd On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.net wrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
http://www.nizkor.org/features/fallacies/personal-attack.html On Oct 6, 2011, at 1:52 PM, xD 0x41 wrote: whos trolling who ? screw you, and this stupid thread. On 7 October 2011 07:48, Benjamin Krueger benja...@seattlefenix.net wrote: http://en.wikipedia.org/wiki/Straw_man On Oct 6, 2011, at 1:46 PM, xD 0x41 wrote: Yes ofcourse, we have gangs here roaming wild, attacking eachother because of color... yep! you sure know your stuff! On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.net wrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
*yawns* is 7am here dude quit with it, racism is just bad for anyone. so stop it, please, this is my final post to this thread, it is useless, abit like you. wether george, or anyone made any errors, that is still not FD! Show me some exploit, and i will respect. For showing me nonsense trolling, you get nothing benj. later. On 7 October 2011 07:55, Benjamin Krueger benja...@seattlefenix.net wrote: http://www.nizkor.org/features/fallacies/red-herring.html On Oct 6, 2011, at 1:48 PM, xD 0x41 wrote: And as for wikipedia, i dont think you would FIT all of USA's racism crap into it, so it is seperated, i think i would find atleast 100 wiki: on Usa*racism, try it, then show the REAL stats. Anyhow, this is not my shit, so, stop looking to me, i did not start this thread, nor give a crap about it, and, you clearly do not understand australian laws, nor, have lived here, or you would know that, we are far from racists, and, our past mistakes, have atleast been 'apologised' for, diplomatically, wich is mainly, what the natives here wanted, the aboriginals. Have a nice day to you also. xd On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.netwrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
As i said , take a look into the REAL world you fatt arse =) Obviously, some fatty who only has links, and news on tv, and, not even listening to that properly, coz trying to watch his irc screen. trawling... anyhow, later.thx for prooving, exactly what i said, and, welcome to reality, there is no click-on-the-link here. On 7 October 2011 07:55, Benjamin Krueger benja...@seattlefenix.net wrote: http://www.nizkor.org/features/fallacies/personal-attack.html On Oct 6, 2011, at 1:52 PM, xD 0x41 wrote: whos trolling who ? screw you, and this stupid thread. On 7 October 2011 07:48, Benjamin Krueger benja...@seattlefenix.netwrote: http://en.wikipedia.org/wiki/Straw_man On Oct 6, 2011, at 1:46 PM, xD 0x41 wrote: Yes ofcourse, we have gangs here roaming wild, attacking eachother because of color... yep! you sure know your stuff! On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.netwrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
hrm On 7 October 2011 06:31, andrew.wallace andrew.wall...@rocketmail.comwrote: On Thu, Oct 6, 2011 at 6:21 PM, Georgi Guninski gunin...@guninski.com wrote: risking n3td3v fate, sorry for offtopic. the nigger said [1] (no offense intended to black people): American people understand that not everybody's been following the rules, he said. These days, a lot of folks doing the right thing are not rewarded. A lot of folks who are not doing the right thing are rewarded. [1] http://www.cbsnews.com/8301-503544_162-20116707-503544.html This list is for national security advisors and analysts to do their work on the threats, we do not appreciate your racist slurs. The list is run by the British security industry in partnership with Secunia, please do not abuse the list twice. --- Andrew Wallace Independent consultant www.n3td3v.org.uk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
Apology accepted. On Oct 6, 2011, at 2:06 PM, xD 0x41 wrote: As i said , take a look into the REAL world you fatt arse =) Obviously, some fatty who only has links, and news on tv, and, not even listening to that properly, coz trying to watch his irc screen. trawling... anyhow, later.thx for prooving, exactly what i said, and, welcome to reality, there is no click-on-the-link here. On 7 October 2011 07:55, Benjamin Krueger benja...@seattlefenix.net wrote: http://www.nizkor.org/features/fallacies/personal-attack.html On Oct 6, 2011, at 1:52 PM, xD 0x41 wrote: whos trolling who ? screw you, and this stupid thread. On 7 October 2011 07:48, Benjamin Krueger benja...@seattlefenix.net wrote: http://en.wikipedia.org/wiki/Straw_man On Oct 6, 2011, at 1:46 PM, xD 0x41 wrote: Yes ofcourse, we have gangs here roaming wild, attacking eachother because of color... yep! you sure know your stuff! On 7 October 2011 07:07, Benjamin Krueger benja...@seattlefenix.net wrote: Racism in Australia is so notable, it has its own Wikipedia article. Unfortunately the article does not touch on recent Australian racism, particularly amongst government officials, against African refugees and immigrants. http://en.wikipedia.org/wiki/Racism_in_Australia On Oct 6, 2011, at 12:56 PM, valdis.kletni...@vt.edu wrote: On Fri, 07 Oct 2011 05:53:05 +1100, xD 0x41 said: cheers.. just gotta b careful nowdays, specially if your in .au where, there is basically no racism... I suspect some of the aboriginals would take exception to that statement. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Thu, Oct 6, 2011 at 3:36 PM, xD 0x41 sec...@gmail.com wrote: Hi Valdis, it is more complex than i thought... I do support open src, and am going to try and help the exploit pack, so, i hope that the maker is reading all of this and making some adjustments perhaps... alot of them actually. I did not think it was as complex as it has shown to be, but it indeed is. GPL V3 is encumbered. Software released under it should not be considered 'free' because of the entanglements. Its why Apple is stuck at GCC 4.2 (and the reason they bought LLVM). Its the reason OpenBSD and other projects don't want use GPL V3. Its simply not free software under GPL V3. I am still abit worried though, of the actual NON free prouct, and then, what if you add to that, and he adds it to his paid-fopr app, or worse, doesnt even put it into the exploit-pack but, rather puts it into ONLY the paid product. Being .py script based code, it really has potential but the author has to get the GPL/lisencing in order and, make Insect pro and this product cleared up,asin to where your exploit code goes, will it stay there, or will it be added to his paid app... he could even be doing this, to get cheap exploits, to indeed put into the paid app... it is another possiblility, but, i do see he is putting in the hours, asin trying to make some changes to this app so it does work... so, for now, it is in public. Perhaps an Apache or BSD style license would be a more appropriate choice. http://www.gnu.org/licenses/ http://www.gnu.org/licenses/license-list.html Jeff On 7 October 2011 01:09, valdis.kletni...@vt.edu wrote: On Wed, 05 Oct 2011 19:04:24 -0300, Juan Sacco said: Exploit Pack is licensed GPL let me copy paste the 4 freedoms. I hope to do it well this time. Please note that one of the biggest complaints about the GPL is that it is pretty much impossible to legally combine GPL code with code that has a non-GPL-compatible license (which includes most proprietary code). So you need to be careful about the origins and licensing on each and every line of code that you include from other sources. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
Hrm very good point there. It is obviously monitored, but really, would the mnitors, even get involved in things... i dont know if that is just part of how to stay under, but could be. I do not know how mi5/6 works but, i have heard rumors, that he is wsome form of undercover something... wich is kinda cool with me.I would prefer to know that, or even think that, than think he is a bad guy and, just being an arse because he can be... i would love some independant input from people who are working as operatives, as Valdis said,it is good to see these peoples input, especially on some topics like ITsec and exploits/pocs and anything wondeful in this area. I know i am fine with that but, amazing to howmany actual results point at n3td3v as this... i certainly wont be using crazycoders.com/.us for any posts for n3td3v,but sertainly other peoples blogs, are full of him/he ? Anyhow.. enough for me, cappucino time. cheers, xd On 7 October 2011 08:59, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 14:25:18 PDT, andrew.wallace said: MI6 operative - I didn't know you delt in conspiracy. My web page clearly states independent. Which is exactly what it *would* say if you were an undercover operative. http://www.google.com/search?q=n3td3v+mi5 http://www.google.com/search?q=n3td3v+mi6 http://www.google.com/search?q=andrew+wallace+mi5 http://www.google.com/search?q=andrew+wallace+mi6 Certainly a lot of history there. In any case, whether or not you're an MI6 operative, if the list *is* for national security advisors, isn't it silly for you to try to shut it down because of your anti-disclosure stance? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure
But you're certainly growing it. Retard. On Thu, Oct 6, 2011 at 10:45 PM, xD 0x41 sec...@gmail.com wrote: umm.. idid not start this thread, nor many of the ones your actually replying to... have you even noticed this. fool. On 7 October 2011 07:04, Antony widmal antony.wid...@gmail.com wrote: Thing is, you bring shit, stupidity, troll on this mailing list. Most people here would agree. How about you start another shit/off-topic thread about Israel vs Palestinian this time ? Could be a fucking great topic on a IT sec mailing list. On Thu, Oct 6, 2011 at 3:53 PM, xD 0x41 sec...@gmail.com wrote: Oh, the brilliant one with nothing to offer... again. This list is getting worse, with or w/out me.. it only needs u and n3td3v and is perfect. yung. I make, i think, abit more than the avg McDonalds manager... so , you can dreamup your sick fantasies but, unfortunately the truth is truth. ciao bella. xd On 7 October 2011 06:44, Antony widmal antony.wid...@gmail.com wrote: Didn't know you could flip burgers and use your smartphone while working at Mc-Donald. On Thu, Oct 6, 2011 at 3:24 PM, xD 0x41 sec...@gmail.com wrote: “, the Indians were somewhat persecuted :) “ By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. hehe i really dont know, and really, dont care... it is always some new and different views, so i just know from my school classes, indians were indeed hunted, and they also, fought back.. abit like aboriginals here.. but, this guy i think was high on ice or sumthin before he even spoke to me, he assumes i am now a racist :s I was saying, this country here in .au , is prolly the least one i could think of, as we have maybe 5 races alone in my street, maybe more, how could you fight your neighbor... abit like some countries ;) (iran/iraq , serbia/bosnia)...just gotup one day because told to, and took up arms, literally, against theyre neighbors... Thats happening now, and it is still called genocide.. That is life'... I aint young enough to join the army and make any difference. anyhow, i aint really into this race talk, and, dont want nothin todo with it, am no racist, simply not brought up to think badly of other people... this could happen, anywhere.. cheers xd On 7 October 2011 06:19, Csirt, Star s...@delta.com wrote: ** ** ** “, the Indians were somewhat persecuted :) “ ** ** By that I take it you mean, systematic genocide? Where I grew up the school mascot (high school) was Benjamin Logan, an in(?)-famous Indian killer who not only murdered Indians, he wiped out entire villages massacring men, women and children in most of the villages in the area to eliminate the “native threat” for the white settlers. ** ** ** ** ** ** -- *From:* full-disclosure-boun...@lists.grok.org.uk [mailto: full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *xD 0x41 *Sent:* Thursday, October 06, 2011 3:14 PM *To:* Sam Goody *Cc:* **full-disclosure@lists.grok.org.uk** *Subject:* Re: [Full-disclosure] OT Nigger - georgi+guninski+nigger+full-disclosure ** ** Do you know any history about the racism that the native Indians have experienced? haha yes yes they would be named Aboriginals, in USA , the Indians were somewhat persecuted :) get YOUR head out of YOUR arse idiot. xd On 7 October 2011 06:09, Sam Goody trashm...@hush.com wrote: You should really jump off a bridge. You always talk out of your ass including this one. How do you know there isn't racism in AU? How you ever been there? Do you know any history about the racism that the native Indians have experienced? Do you know about all other cultures that have had to endure racist laws in the AU? You have got no clue you piece of shit. Why don't you fucking get your head out of your ass. And what do you know about gangs? Are you now a gang expert? So gangs now inspire racism? Do you even know what racism means? You're a fucking failure you American piece of Shit. ** ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
Re: putting things in the public domain: Daniel J. Bernstein and Lawrence Rosen (of Creative Commons fame, I believe) seem to disagree with you on that: http://cr.yp.to/publicdomain.html Plus, pretty much the only 'license' djb uses is public domain, so qmail, djbdns, etc. are all public domain. Incidentally, SQLite (*not* written by djb) is *also* public domain, and very widely used, too. As for being sued for public domain code... I would say it is hard to sue an owner that does not exist (which is what public domain seems to do). Plus, they would probably have to prove malice or something. (I personally still wouldn't do it though!) On Oct 6, 2011 7:02 AM, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
MSNBC labels AP ‘inherently racist’ for accurate translation of Obama speech http://investmentwatchblog.com/msnbc-labels-ap-inherently-racist-for-accurate-translation-of-obama-speech/ some 1% on the list *Chicago Traders Respond To Protesters With Signs Reading ‘We Are The 1%’http://thinkprogress.org/economy/2011/10/05/336590/chicago-protests-we-are-1-percent/| * The Occupy Wall Street movement spread to Chicago this week, where protesters have gathered outside the Chicago Board of Trade, the world’s oldest options and futures trading center. Like the protesters in New York and other cities around the country, the group gathered to protest our nation’s growing income inequalityhttp://thinkprogress.org/politics/2011/05/04/163476/us-unequal-uganda-pakistan/, as the top 1 percent of Americans continue to see their incomes rise rapidlyhttp://thinkprogress.org/politics/2011/04/18/159261/tax-disparity-chart/and their tax rates fall. The Chicago traders, confronted by the protesters’ “We are the 99 percent http://wearethe99percent.tumblr.com/” message, crafted their own not-so-subtle reply, hanging signs in eighth-floor windows that said, “We are the 1%http://chicagoist.com/2011/10/05/board_of_trade_has_a_message_for_oc.php “: On Fri, Oct 7, 2011 at 9:13 AM, xD 0x41 sec...@gmail.com wrote: Hrm very good point there. It is obviously monitored, but really, would the mnitors, even get involved in things... i dont know if that is just part of how to stay under, but could be. I do not know how mi5/6 works but, i have heard rumors, that he is wsome form of undercover something... wich is kinda cool with me.I would prefer to know that, or even think that, than think he is a bad guy and, just being an arse because he can be... i would love some independant input from people who are working as operatives, as Valdis said,it is good to see these peoples input, especially on some topics like ITsec and exploits/pocs and anything wondeful in this area. I know i am fine with that but, amazing to howmany actual results point at n3td3v as this... i certainly wont be using crazycoders.com/.us for any posts for n3td3v,but sertainly other peoples blogs, are full of him/he ? Anyhow.. enough for me, cappucino time. cheers, xd On 7 October 2011 08:59, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 14:25:18 PDT, andrew.wallace said: MI6 operative - I didn't know you delt in conspiracy. My web page clearly states independent. Which is exactly what it *would* say if you were an undercover operative. http://www.google.com/search?q=n3td3v+mi5 http://www.google.com/search?q=n3td3v+mi6 http://www.google.com/search?q=andrew+wallace+mi5 http://www.google.com/search?q=andrew+wallace+mi6 Certainly a lot of history there. In any case, whether or not you're an MI6 operative, if the list *is* for national security advisors, isn't it silly for you to try to shut it down because of your anti-disclosure stance? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Tue, Oct 4, 2011 at 9:05 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). Good point. Bush, Cheney, and other top administration officials were indicted in Spain on alleged war crimes. That the administration defend its position on torture, I would view it as a tacit admission (and drop the 'alleged'). When do you think justice will be served upon them? Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [OT] the nigger said: American people understand that not everybody's been following the rules
Racists posts like the one that started this thread give me the safe feeling that we are winning the good fight. On Thu, Oct 6, 2011 at 6:25 PM, Ivan . ivan...@gmail.com wrote: MSNBC labels AP ‘inherently racist’ for accurate translation of Obama speech http://investmentwatchblog.com/msnbc-labels-ap-inherently-racist-for-accurate-translation-of-obama-speech/ some 1% on the list *Chicago Traders Respond To Protesters With Signs Reading ‘We Are The 1%’http://thinkprogress.org/economy/2011/10/05/336590/chicago-protests-we-are-1-percent/| * The Occupy Wall Street movement spread to Chicago this week, where protesters have gathered outside the Chicago Board of Trade, the world’s oldest options and futures trading center. Like the protesters in New York and other cities around the country, the group gathered to protest our nation’s growing income inequalityhttp://thinkprogress.org/politics/2011/05/04/163476/us-unequal-uganda-pakistan/, as the top 1 percent of Americans continue to see their incomes rise rapidlyhttp://thinkprogress.org/politics/2011/04/18/159261/tax-disparity-chart/and their tax rates fall. The Chicago traders, confronted by the protesters’ “We are the 99 percent http://wearethe99percent.tumblr.com/” message, crafted their own not-so-subtle reply, hanging signs in eighth-floor windows that said, “We are the 1%http://chicagoist.com/2011/10/05/board_of_trade_has_a_message_for_oc.php “: On Fri, Oct 7, 2011 at 9:13 AM, xD 0x41 sec...@gmail.com wrote: Hrm very good point there. It is obviously monitored, but really, would the mnitors, even get involved in things... i dont know if that is just part of how to stay under, but could be. I do not know how mi5/6 works but, i have heard rumors, that he is wsome form of undercover something... wich is kinda cool with me.I would prefer to know that, or even think that, than think he is a bad guy and, just being an arse because he can be... i would love some independant input from people who are working as operatives, as Valdis said,it is good to see these peoples input, especially on some topics like ITsec and exploits/pocs and anything wondeful in this area. I know i am fine with that but, amazing to howmany actual results point at n3td3v as this... i certainly wont be using crazycoders.com/.us for any posts for n3td3v,but sertainly other peoples blogs, are full of him/he ? Anyhow.. enough for me, cappucino time. cheers, xd On 7 October 2011 08:59, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 14:25:18 PDT, andrew.wallace said: MI6 operative - I didn't know you delt in conspiracy. My web page clearly states independent. Which is exactly what it *would* say if you were an undercover operative. http://www.google.com/search?q=n3td3v+mi5 http://www.google.com/search?q=n3td3v+mi6 http://www.google.com/search?q=andrew+wallace+mi5 http://www.google.com/search?q=andrew+wallace+mi6 Certainly a lot of history there. In any case, whether or not you're an MI6 operative, if the list *is* for national security advisors, isn't it silly for you to try to shut it down because of your anti-disclosure stance? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On Tue, Oct 4, 2011 at 10:19 PM, xD 0x41 sec...@gmail.com wrote: This is ONCE you are actually in front, of the judge...remember, it may take some breaking of civil liberty, for this to happen... or i maybe wrong. cheers Yep. Though some are probably not nice people, the Guantanamo Bay detainees were denied US Constitutional Rights (so said the US Supreme Court, 3 times). The folks who perverted our highest laws and precepts were not brought up on charges, or even censored. Sparta had it right: put the politicians on trial for their [alleged] crimes when their term is up. Who are the real terrorist against our [US] democracy? Jeff On 5 October 2011 15:10, Laurelai laure...@oneechan.org wrote: On 10/4/2011 6:50 PM, adam wrote: That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. I'm curious as to what you think would cause contempt to be a criminal offense, especially in that example. Secondly, without the appropriate warrant - they couldn't legally take anything. If they disregarded that truth and did so anyway, they'd open themselves up to a pretty big lawsuit for violating that individual's civil rights as well as due process. Not to mention, anything found would likely end up being inadmissible because it was obtained illegally. On Tue, Oct 4, 2011 at 10:39 PM, Laurelai laure...@oneechan.org wrote: On 10/4/2011 6:35 PM, adam wrote: (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). You do realize that (at least in the US) - contempt is not a criminal offense, don't you? On Tue, Oct 4, 2011 at 8:05 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). That actually depends on the situation, contempt can be criminal. And frankly if you refuse a court order for information like that, the LE officers will just seize it by gunpoint legally, then arrest you. http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/crm00754.htm And they can hold you indefinitely until you comply, or use your lack of compliance as reasonable suspicion to get that warrant, oh and lets not forget that they are declaring kids cyber terrorists and then the patriot act takes effect in cases of suspicion of terrorism, when that happens you don't have any rights anymore. Realistically we should stop calling them rights since they aren't really rights, they are privileges that can be revoked at government convenience. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VPN providers and any providers in general...
On 10/4/2011 10:10 PM, Jeffrey Walton wrote: On Tue, Oct 4, 2011 at 9:05 PM, valdis.kletni...@vt.edu wrote: On Tue, 04 Oct 2011 03:15:02 EDT, Jeffrey Walton said: On Tue, Oct 4, 2011 at 3:06 AM, Ferenc Kovacs tyr...@gmail.com wrote: As I mentioned before it is hard to expect that a VPN provider will risk his company for your $11.52/month, and maybe they would try it for some lesser case, but what Lulsec did was grant, so I'm not surprised that they bent. Alleged Yes. So? In most jurisdictions, alledged and probable cause is sufficient to get a court to sign off on a subpoena and/or warrants. Dear Judge: On Aug 23, a hacker using the handle JustFellOutOfTree did violate Section N, Clause X.Y of the criminal code by hacking into BigStore.com. The connection was traced back to the provider VPNs-R-Us. We would like a court order requesting VPNs-R-Us to provide any and all information they may have regarding this user. That will usually do it (after bulked up to about 3 pages with legalese and dotting the t's and crossing the i's). The next morning, the manager at VPNs-R-Us gets to his office, and finds two guys with guns and a signed piece of paper. At which point one of two things will happen: 1) the guy rolls and gives up all the info. 2) the guy calls his lawyer and makes sure that he gives up all the required info, and not one byte more. (Option 3 - the guy heads downtown on a contempt of court charge - happens so rarely that it's basically a hypothetical). Good point. Bush, Cheney, and other top administration officials were indicted in Spain on alleged war crimes. That the administration defend its position on torture, I would view it as a tacit admission (and drop the 'alleged'). When do you think justice will be served upon them? Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Yes do *taunt* the 99% that's a good plan /sarcasm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Thu, Oct 6, 2011 at 6:35 PM, Zach C. fxc...@gmail.com wrote: Re: putting things in the public domain: Daniel J. Bernstein and Lawrence Rosen (of Creative Commons fame, I believe) seem to disagree with you on that: http://cr.yp.to/publicdomain.html Plus, pretty much the only 'license' djb uses is public domain, so qmail, djbdns, etc. are all public domain. Incidentally, SQLite (*not* written by djb) is *also* public domain, and very widely used, too. Crypto++ is also public domain. As for being sued for public domain code... I would say it is hard to sue an owner that does not exist (which is what public domain seems to do). Plus, they would probably have to prove malice or something. I would not put anything past the lawyers. Jeff On Oct 6, 2011 7:02 AM, valdis.kletni...@vt.edu wrote: On Thu, 06 Oct 2011 00:34:00 -0300, root said: You don't have the faintest idea of how licencing works. You cannot slap a GPL v3 license to any software you see, much less erase the author's names. If you find a code in the internet without any license, you pretty much can't touch it, and must re-implement it completely. In particular, if code was written in a country that's a signatory to the Berne conventions, it's usually somewhere between very difficult and impossible to actually place a software work in the public domain - at least under US law, even putting an explicit This work is hereby placed in the public domain quite likely does *NOT* suffice - the only two clear ways to public domain in the US are expiration of the lifetime of the author plus 75 years copyright, and works for hire by a US federal government employee as part of his duties (so, for instance, NASA photographs are public domain - but photos of NASA activities taken by non-NASA photographers probably aren't). Also, smart programmers *don't* release their code into the public domain - that means that anybody can do anything with it. And that includes stealing it, using it to make tons of money, and then suing you if they discover a bug. The original reason for the BSD and X11 licenses was because you can't stick a hold harmless clause on something you public-domain. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New open source Security Framework
On Thu, Oct 6, 2011 at 5:34 AM, root ro...@fibertel.com.ar wrote: do not harass people who are writing software for free Oh, that's rich. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
