[Full-disclosure] Using Ajax for better and more convincing scams
Interesting use of Ajax/ Web 2.x by scammers hxxp://scanner.malwarealarm.com/5/scan.php Please replace hxxp by http It detected around 18 infections of Windows Malware on my GNU/ Linux machine for the following and more malware listed in this file: http://scanner.malwarealarm.com/5/fileslist.js And reported the following http://scanner.malwarealarm.com/5/images/popup.gif It was very helpful to offer the following remedies as well http://scanner.malwarealarm.com/5/images/Activex.gif It also detected around 15 open ports, hmmm, throughout my career I never came across that much BS. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] UK ISP threatens security researcher
- Dr. Neal Krawetz, PhD [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED BS- All I can utter after reading your post is, It's so simple to be wise. Just think of something stupid to say and the opposite should have been said. Ummm... the above applies to me as well. Sorry, hope you wont mind, we all act funny sometimes. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] XSS and SQL Injection in Election Commision of India website (now fixed)
Election Commission of India website had XSS and SQL injection vulnerabilities. The vulnerabilities were reported on 2nd of March to ECI and on 4th March to CERT-IN, for the following URL: http://search.eci.gov.in/maps/eci_se2007/detailResult.asp The above script is used to display detailed results of a given constituency. On 9th March 2007 Election Commission of India Fixed (disabled parts of) their website to avoid XSS and SQL injection vulnerabilities after intervention of CERT-IN. Still a bit of usually harmless data insertion is possible. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Keylogger
Gah... What did he say, he finished learning how to program yesterday... - Jeb Osama [EMAIL PROTECTED] wrote: Yesterday I finished programming a keylogger How nice :) , and have decided to sell it online for a small price. How very nice :) I have posted here because I believe people would be interested in a hacking tool such as this - keyloggers are the easiest and quickest way to obtain an email password. Here are its features: Cant wait! - Undetectable by ALL antivirus products in use today . Isnt any new one? Or maybe you do morphine. (and UPX?) - Remains on victim's computer permanently (adds to startup). My stuff usually lasts no more than 2 days :( - Bypasses Windows Firewall. Ha - Sends logs via email to your chosen email account. stupid smtp! - Logs include computer information, current window name, and of course logged keystrokes. stupid GetForegroundWindow, GetAsyncKeyState! - Logs are sent hourly. stupid Timer - Displays fake error message to user. This one beats me.. how do you do it? My pricing plans are: - $11 = Keylogger. - $16 = Keylogger + Source code. - +$5 to either for access to all future updates. What about bug fixes? I only accept paypal/credit card. Base? Buying this product is simple - simply fill in the template below and email it to me at the below address (replace [at] with @): richard.williams140 [at] googlemail.com wasnt that supposed to be [EMAIL PROTECTED] or were you trying to obfuscate it? -- Jeb -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fallacies on Truths in Caller ID scam
Getting back to some very small points here... - J. Oquendo [EMAIL PROTECTED] wrote: So with let's say a vendor getting back to me on a problem I have, let the company be Dell for this example. Dell has their outsourced vendor from Ralwapindi India or somewhere in the vicinity call me, my caller ID shows 1800GO2DELL, in this scenario either way you want to cut it, Dell is circumventing the Truth in Caller ID Act. Correction: Rawalpindi is not in India. If the call is from Dell, then does it matter, if the office is in India or Rawalpindi. 1800GO2DELL represents dell. Please read before you speak: http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.05126: And in that case www.talkety.com is doing something similar from Germany (?). And you can misuse their service to have fun making prank calls to people from their own numbers. Just something for though... ahem.. -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Orkut Phishing Attack
Old bug in old bottle This is an often discussed bug in FD - Pranay Kanwar [EMAIL PROTECTED] wrote: orkut is an on line community that connects people through a network of trusted friends. The login url looks like this https://www.orkut.com/GLogin.aspx?done=http://www.orkut.com/ After successfully logging in the user is redirected to http://www.orkut.com The url in the done argument can be changed to redirect to arbitrary website. for example https://www.orkut.com/GLogin.aspx?done=http://www.metaeye.org after logging in the user will be directed to metaeye.org -- Sincerely Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft product vs Microsoft patch
Ahhh well maybe we are forgetting the actual **for_real_men** technique for patching vulnerabilities and problems that can only be applied to GNU/ Linux like systems. The diff files (aka patch files), applied directly to the source code, can you match their efficiency in terms of bandwidth. Sincerely Ajay Pal Singh Atwal - Valdis Kletnieks [EMAIL PROTECTED] wrote: On Thu, 24 Aug 2006 20:14:03 BST, n3td3v said: I believe for their operating system and their web browser Microsoft patches take up half or all the original size of the Microsoft product. So? What's that actually *prove*? I don't have the resources to carry out this study on my own, and I know some folks do have those resources to release such information to the security community. We need this information to be published professionally so its suitable for media outlet consumption. No, you don't. Part of the problem is that the size of the patch is *highly* dependent on the details of the packaging system. If you want to go *that* route, you shouldn't hope to *ever* get Linux accepted. Let's take a look at how Redhat/Fedora package kernel patches: The original Fedora Core 5 kernel for a single-processor 686: -rw-r--r--1 263 263 14070190 Mar 14 23:23 kernel-2.6.15-1.2054_FC5.i686.rpm Updates so far: -rw-r--r--1 2220 2220 15433301 Jul 15 00:13 kernel-2.6.17-1.2157_FC5.i686.rpm -rw-r--r--1 2220 2220 15442084 Aug 10 14:22 kernel-2.6.17-1.2174_FC5.i686.rpm Oh my *GOD*, the patches are twice the size of the original. And it's even worse over on RHEL 4, where they've shipped: kernel-2.6.9-5.EL kernel-2.6.9-5.0.5.EL kernel-2.6.9-11.EL kernel-2.6.9-34.EL kernel-2.6.9-34.0.2.EL kernel-2.6.9-42.EL Plus others I've possibly missed. Size of patches is 5x the size of the original. Why? Because the RPM format includes a replacement of *all* the files in the package (so that it's easily slipstreamed and install the latest and greatest). IBM AIX's installp format only ships updated files - but this ends up making updates a lot more challenging (it's possible to need as many as *4* or even more separate installp files to install a particular patchlevel of a product). Trying to count the size of the patch also runs astray when you have a patch that changes an API (for instance, adding a parameter to a function call). Most of the time, this ends up meaning that software tools like 'make' will recompile most of the package, even if only 1/5 of the recompiled files *really* need it. And trying to trim down the list by hand to find that 1/5 is *dangerous*, because if you miss one, you *will* have problems. Given the relatively cheap nature of both bandwidth and disk, most software developers end up erring on the side of caution. The metric you *want* to measure is what percentage of patches are themselves defective and require patching. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] LOL HY
- darren kirby [EMAIL PROTECTED] wrote: +1 The signal/noise ratio here has really gotten unbearable in the last few months. We can deal with most undesired mail from repeat posters with a filter, but the crapfloods need to be dealt with in a more drastic fashion. -d -- darren kirby :: Part of the problem since 1976 Sounds like **drastic** search for WMD has begun Mr President, with **drastic** efforts to deter childish activities. Hmmm... Ajay Pal Singh Atwal ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Are consumers being misled by phishing?
Here is one phishing site for paypal http://www.yourfreespace.net/users/payal/webscr_cmd=_login-run.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
