[Full-disclosure] IPv6 security: New IETF I-Ds, slideware and videos for recent presentations, trainings, etc...

2012-05-22 Thread Fernando Gont 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Folks,

* We've published a new IETF I-D entitled "DHCPv6-Shield: Protecting
Against Rogue DHCPv6 Servers", which is meant to provide RA-Guard-like
protection against rogue DHCPv6 servers. The I-D is available at:

Other I-Ds (such as, draft-ietf-v6ops-ra-guard-implementation) about
IPv6 security have been revised Please check them out at:


* The slideware (and some videos!) of some of our recent presentations
about IPv6 security are now available online. You can find them at:


* We have also scheduled IPv6 hacking trainings in Paris (France) and
Ghent (Belgium). You can find more details at:



Interested in IPv6 security? -- Follow us on Twitter: @SI6Networks

Thanks,
- -- 
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint:  31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPvIk7AAoJEK4lDVUdTnSSe3sP/AxzLHwfKyC4Yg+6yCwfN98p
zIXgxbXKKLOplE2MlPZ/mzVbZvm9EfMUcBAHctH9/h09sMAP7Wjpe+UrR3z1nr+T
vTteU195yPEBZo4FojesGmn4PIkFqtaoQ+nfi665avzj0Up12ftErJ/E+Y7riDdg
izXzCz6EJObAmig10bNalAmWcUI8IQoGGsjIRxBEH3+p6Nn89wyOWbOMLBHEFU0b
LC2xF2phRHjRVVf6vw+elExDfE5nN6uCWIUjUDdMWE3TBsED1jI1AwRZffOUIFvo
aObEIvyjNi0jA2ayjeSTUfdUm/yG6P9fvvDbrZ1ttatY668fQfqWBlEpjr5r4SSi
lyBFvU5D3o2NFugv7g6Kg11WTdI3dNZvT2pzA4pyw02Lv1gK6WNhxoReq6dFSjsv
WDs/IpFKCF1X8k5SIL7hgpMy4yMcFbdE0TxAEQmnTFDUyn69cdxnnpolWXbHpu9U
ktH2m8Ikb/xYxJx3JeXmNcgtlzaDdDkwoHWQhWSwn0X41lcwvpc7GpvT/5qwBcHl
VYSLglE28fK7uLRHXqvqDlOVpWRJTIP2zJkSbxJpnTJj/Z5Wa+t2q94Lxw5y77yI
d8QJNKJ6rGWonUlQeNJUbKpP443cU2XsCcqg3UcdlTa7OdHpwZdtjfbAv0Mdfgyu
mO2c9MLUKZHoqng+lLcs
=mZ1H
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Accounts Security Vulnerability

2012-05-22 Thread Kyle Creyts 
Creating test accounts and reproducing this bug sounds like a
responsible thing to do.

On Sun, May 20, 2012 at 4:22 PM, Michael J. Gray  wrote:
> That was a bit ambiguous and I apologize for that. I meant that I had
> reproduced the issue several times, not created test accounts. I'm willing
> to bet it's not just a few accounts being affected.
>
> -Original Message-
> From: Jann Horn [mailto:jannh...@googlemail.com]
> Sent: Sunday, May 20, 2012 4:39 AM
> To: Michael J. Gray
> Cc: 'Thor (Hammer of God)'; 'Dan Kaminsky';
> full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Google Accounts Security Vulnerability
>
> On Sat, May 19, 2012 at 12:04:43PM -0700, Michael J. Gray wrote:
>> On why I don't want to provide my email address to Google:
>>
>> It's a different email address which I don't want associated with this
>> email address for various reasons. That is why I am not going to provide
> it.
>>
>> Your assumption that it's a simple piece of information and requires
>> no effort to give out is correct, but the impact of the association is
>> unwanted.
>
> Sounds reasonable.
>
>
>> The fact that Google can create a test account and reproduce the issue
>> (as I have now done several times) tells me that they want the account
>> information for some other purpose or that they're just being lazy.
>
> So, you now have a test account that doesn't reveal any secrets about you
> and which is affected... so you could surely give Google the name of that
> one?
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
Kyle Creyts

Information Assurance Professional
BSidesDetroit Organizer

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] FW: Curso online - Profesional pentesting - Promocion ( 25% de descuento )

2012-05-22 Thread Michele Orru 
LOL, when did I say ExploitPack is cool ?
Maybe in your dreams!

And btw, the Javascript agent you sent are not the one I analyzed.
This is the one: http://pastebin.com/7j1wfB2n
After you scroll down, skipping jquery, you see the BeEF code that you included.

You were just replacing the BeEF global variable calling it "bot",
and re-using large parts of BeEF.

Anyway, everyone knows you...you're like the second MustLive.
Your Metasploit clone, apart from shitty InfoSec articles, is a
complete failure and clone.

So get a life man!

Cheers
antisnatchor

On Sun, May 20, 2012 at 8:04 PM, Juan Sacco  wrote:
> Michele Orru.. Sorry to write you directly to the list.. But you did it
> too.. So.. please allow me to answer..
>
> Exploit Pack != Beef ... Just similar projects.. different approaches
>
> In fact you came to a webcast where I showed the code of Exploit Pack... I
> remember you saying that Exploit Pack is a cool project...
>
> Please check out our javascript agent...
> http://www.exploitpack.com/Gate/jsacco.js
> http://www.exploitpack.com/Gate/PLAINdoMagic.js
>
> I am not pointing you with a gun.. if you don not like Exploit Pack tools..
> just do not use our tools...
>
> In my personal opinion, beef is a good project, in fact I am a big fan of
> it. But it doesnt work like i want it, beef cannot handle more than 10
> bots.. almost all the times I run the ruby project it crashes.. also some
> modules doesnt work either.. the popup persistent is old and do not work on
> recent browsers.. among other things.. Also beef doesnt have any module for
> defense like clientside SQLi / XSS protection...
>
> SQLi: http://www.youtube.com/watch?v=kD2gI8giOQA
> XSS: http://www.youtube.com/watch?v=1rYy5SA9PPs&feature=relmfu
>
> Regards
> JSacco
>
> On Sun, May 20, 2012 at 7:40 AM, Michele Orru 
> wrote:
>>
>> An btw, his WebSecurity tool is a pure clone of BeEF.
>>
>> If you try it, and analyze the Javascript hook file, is the same thing.
>> He just change the global variable name from beef to bot, leaving
>> everything else :D including the BeEF version he used to copy from.
>>
>> LOL.
>>
>> On Sun, May 20, 2012 at 8:30 AM, BMF  wrote:
>> > Actually, this Juan Sacco assclown has been pissing me off too. I'm in
>> > some group with him on linkedin and getting his messages. I keep
>> > flagging them as spam. I wish I knew how to get him to stop emailing
>> > and messaging me.
>> >
>> > Juan: Knock it off, you disaffected deleterious douchenozzle.
>> >
>> > On Sat, May 19, 2012 at 10:44 AM, Charles Morris 
>> > wrote:
>> >>> I request your permission to test any and all of your facilities in
>> >>> any way I deem appropriate including (by not limited to) your personal
>> >>> machines, the machines of your coworkers and family, and any other 
>> >>> device I
>> >>> deem within scope of my testing.   Further, I request you to grant full,
>> >>> unlimited access and authorization for me to test these devices in any 
>> >>> way I
>> >>> see fit with full unadulterated impunity.
>> >>>
>> >>
>> >> stop flexing
>> >>
>> >> ___
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> --
>> /antisnatchor
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>



-- 
/antisnatchor

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/