RE: [Full-disclosure] Security contact info for Google (GMail)

[Christopher Carpenter]

http://www.google.com/intl/eo/contact/security.html

[EMAIL PROTECTED]
[EMAIL PROTECTED]

Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren
Bounds
Sent: Tuesday, April 04, 2006 4:17 PM
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Security contact info for Google (GMail)

Looking for security contact information at Google, more specifically
the GMail team.

OSVB appears to be down right now.

--

Thank you,
Darren Bounds

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Cisco Certifications

[Christopher Carpenter]

From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andrew Smith
Sent: Friday, February 17, 2006
2:14 PM
To: Kerry Thompson
Cc:
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure]
Cisco Certifications



 

Thanks for all the advice, I want the exam for more than the CV so I
think I will look in to purchasing some router equipment.

Are there any specific items of hardware I should look out for? I checked ebay
for "CCNA" in the hardware section and found one or two, but they
seem a tad over priced. 

Again, thanks a lot!
Andrew Smith.

 

Get a couple of Cisco 2501 routers to
practice with.  They’re EXTREMELY cheap (~$35 on Ebay), and if they have
16MB of RAM, they should handle IOS 12.1, IIRC.  For switch practice, you can
snag a Catalyst 1900.  Have fun.

 

Chris






___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Unofficial Microsoft patches help hackers, not security

[Christopher Carpenter]

 

 









From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Average
Sent: Wednesday, January 04, 2006
11:50 AM
To: Niek;
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure]
Unofficial Microsoft patches help hackers,not security



 



From my blog:





 





""[Unofficial patches are available, as is a leaked official
patch] [Unofficial patches are merely used by hackers as a tool to patch
machines they've compromised, to stop other hackers hacking the same machine,
although the machine is still accessable to the hacker.] [The consumer goes
along to Windows Update on Tuesday and doesn't think they need a patch, because
Microsoft tells them its not needed. Little does the consumer know their
machine was patched by a hacker, who now has control over their computer
network.]"" 





 





It means the unofficial patch is as harmful as the vulnerability and
exploit code its self.



snip--

 

While this might be the case with
binary-only patches, the patch released by Ilfak Guilfanov comes with the
source.  Review it and compile it yourself if you are concerned.

 

Chris



 






___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Administrivia: Requests for Moderation

[Christopher Carpenter]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Micheal
Espinola Jr
Sent: Thursday, December 15, 2005 10:16 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Administrivia: Requests for Moderation

Hows about instead of moderation, we try vote-kicking?
---

Yes, but with the ease of access to disposable e-mail accounts, would
that really work?  It might make it more difficult to be a troll, but
not much.  Or perhaps I don't grok what you mean.

Chris

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] IT security professionals in demand in 2006

[Christopher Carpenter]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wilder_jeff 
Wilder
Sent: Tuesday, December 06, 2005 12:41 PM
To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] IT security professionals in demand in 2006

I didnt know that they gave out scores?... have they started doing that?



-Jeff Wilder
CISSP,CCE,C/EH



-BEGIN GEEK CODE BLOCK-
  Version: 3.1
GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
G e* h--- r- y+++*
--END GEEK CODE BLOCK--





>From: "Buford T. Pisser" <[EMAIL PROTECTED]>
>To: full-disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] IT security professionals in demand in 2006
>Date: Tue, 06 Dec 2005 13:44:41 -0500
>MIME-Version: 1.0
>Received: from lists.grok.org.uk ([195.184.125.51]) by 
>bay0-mc7-f3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 6 
>Dec 2005 11:02:15 -0800
>Received: from lists.grok.org.uk (localhost [127.0.0.1])by 
>lists.grok.org.uk (Postfix) with ESMTP id BFFB8A13;Tue,  6 Dec 2005 
>19:00:50 + (GMT)
>Received: from vms044pub.verizon.net (vms044pub.verizon.net 
>[206.46.252.44])by lists.grok.org.uk (Postfix) with ESMTP id A9D0CBA0for 
>;Tue,  6 Dec 2005 18:44:54 + (GMT)
>Received: from [192.168.254.1] ([64.111.148.124])by vms044.mailsrvcs.net 
>(Sun Java System Messaging Server 6.2-4.02(built Sep9 2005)) with ESMTPA id 
><[EMAIL PROTECTED]> 
>[EMAIL PROTECTED]; Tue, 06 Dec 2005 12:44:43 -0600 (CST)
>X-Message-Info: JGTYoYF78jE+aOizAzTLL45gEFpM1aEsx0aWQEqmiWM=
>X-Original-To: full-disclosure@lists.grok.org.uk
>Delivered-To: full-disclosure@lists.grok.org.uk
>X-Accept-Language: en-us, en
>References: 
><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL 
>PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]>
>User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
>X-Mailman-Approved-At: Tue, 06 Dec 2005 19:00:37 +
>X-BeenThere: full-disclosure@lists.grok.org.uk
>X-Mailman-Version: 2.1.5
>Precedence: list
>List-Id: An unmoderated mailing list for the discussion of security 
>issues
>List-Unsubscribe: 
>, 
>
>List-Archive: 
>List-Post: 
>List-Help: 
>List-Subscribe: 
>, 
>
>Errors-To: [EMAIL PROTECTED]
>Return-Path: [EMAIL PROTECTED]
>X-OriginalArrivalTime: 06 Dec 2005 19:02:15.0871 (UTC) 
>FILETIME=[92BBBCF0:01C5FA97]
>
>I was already in the door and had been doing the work for years. Then the 
>"Company" decided that I needed the Cert to make myself saleable to 
>perspective customers. I went to Borders and picked up a copy of "CISSP For 
>Dummies". Cracked the book 2 nights before the test to take the practice 
>exams. Scored a 92 on the exam and put the book away. We were given 6 hours 
>to complete the exam. They handed the exams out at 9:15. We started the 
>test about 20 minutes later. At 11:45 I was sitting in the resort 
>restaurant with my two sons eating breakfast. I would not howerevr put down 
>the significance or value of the CISSP certification. With it I doubled my 
>salary within less than 4 months of having obtained it. My ex employer  
>paid for the  cert,  but refused to budge on the raise promises that were 
>made to get me to go for the cert. But then a gain, I did say ex-employer.
>
>Marvin R. Myers CISSP
>
>Scott Renna wrote:
>
>>The certs get you in the door
>>
>>Being crappy at your job and showcasing your shortcomings will show you 
>>out the door.
>>
>>sk wrote:
>>
>>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/


Ditto.  As of April 2004, they weren't publishing scores.  According to 
https://www.isc2.org/cgi-bin/content.cgi?page=814#retest:

"As a matter of (ISC)² policy and good testing practice, (ISC)² does not report 
numeric scores to passing candidates. Passing candidates are not issued numeric 
scores in order to (a) be in compliance with testing industry guidelines, and 
(b) to protect candidates from those who could misinterpret the meaning of the 
numeric scores (employers, for example).

The (ISC)² examinations are referred to as "high stakes examinations" and are 
constructed using a criteria-referenced test design. A criteria-referenced test 
is not intended to compare candidates' performance against that of other 
candidates but rather to compare a candidate's performance against an absolute 
set of criteria. For example, an employer may erroneously assume a candidate 
with a score of 850 is more competent than a candidate with a score of

RE: [Full-disclosure] Support_388945a0 account in Win XP/2003

[Christopher Carpenter]

Or more appropriately for the Windows security model, DISABLE the
account.  That way you're not messing with default permissions, and the
account (and its associated SID) are there if you need them in the
future.

Or not.

Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aditya
Deshmukh
Sent: Thursday, December 01, 2005 10:09 PM
To: 'Raoul Nakhmanson-Kulish'
Cc: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Support_388945a0 account in Win XP/2003

> 
> > That is a "help and support account" that you should disable.
> > Also set very long random password and forget it.
> I prefer simply delete it. Good choice?
> 
> But I heard a rumours that this account can be activated remotely 
> without user's aware decision and used for Remote Assistance (e.g. 
> capturing a screen and even controlling input).

I would not know about this unless I test it out, but from the top 
of my mind : you have to start the service for something like this

Deleting it might cause problems "help and support" 
just deny the account all kinds of privs and it would no longer matter. 



Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Hacking Boot camps!

[Christopher Carpenter]

Yeah, and if you didn't register V-X after like 90 days, it formatted
your hard drive.

Imagine if an application tried that today.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MH
Sent: Wednesday, November 30, 2005 11:53 PM
To: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Hacking Boot camps!

Pfft..

RENEGADE all the way :>

WWIV was great for modding too.  Vision-X, yep.. I remember a lot of the

'ansi cool-kids' (or whatever...) running that.

-MH

On Wed, 30 Nov 2005, Christopher Carpenter wrote:

> 
> Don't forget WWIV and Vision-X. :)
>
>
> WildCAT BBS Anyone  :)
>
> I remember playing tradewars and calling who knows where to get new
text
> files :)
>
> Used Tone-loC a lot more back then :)
>
> JP
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Hacking Boot camps!

[Christopher Carpenter]

Don't forget WWIV and Vision-X. :)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Josh
Perrymon
Sent: Wednesday, November 30, 2005 11:59 AM
To: xyberpix; wilder_jeff Wilder
Cc: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] Hacking Boot camps!

WildCAT BBS Anyone  :)

I remember playing tradewars and calling who knows where to get new text
files :)

Used Tone-loC a lot more back then :)

JP

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of xyberpix
Sent: Tuesday, November 29, 2005 5:52 PM
To: wilder_jeff Wilder
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Hacking Boot camps!

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Wow!!

Now I feel really dated!
That was good fun to play with though ;-)

xyberpix

On 23 Nov 2005, at 05:57, wilder_jeff Wilder wrote:

>
> Speaking of script kiddie stuff... bbs's and the like...
>
> anyone remember VCL?.. virus creation labratory?
>
>
> -Jeff Wilder
> CISSP,CCE,C/EH
>
>
>
> -BEGIN GEEK CODE BLOCK-
>  Version: 3.1
>   GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
>   V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
>   G e* h--- r- y+++*
> --END GEEK CODE BLOCK--
>
>
>
>
>
>> From: ReK2GNULinux <[EMAIL PROTECTED]>
>> To: "Ivan ." <[EMAIL PROTECTED]>
>> CC: full-disclosure@lists.grok.org.uk
>> Subject: Re: [Full-disclosure] Hacking Boot camps!
>> Date: Tue, 22 Nov 2005 20:14:05 -0500
>> MIME-Version: 1.0
>> Received: from lists.grok.org.uk ([195.184.125.51]) by mc10- 
>> f28.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 22 Nov  
>> 2005 17:14:58 -0800
>> Received: from lists.grok.org.uk (localhost [127.0.0.1])by  
>> lists.grok.org.uk (Postfix) with ESMTP id 11F78FC2;Wed, 23 Nov  
>> 2005 01:14:26 + (GMT)
>> Received: from stargate.binaryfreedom.info(207-172-223-37.c3-0.wob- 
>> ubr3.sbo-wob.ma.cable.rcn.com[207.172.223.37])by lists.grok.org.uk  
>> (Postfix) with ESMTP id B2903EA3for > [EMAIL PROTECTED]>;Wed, 23 Nov 2005 01:14:16 + (GMT)
>> Received: from localhost (localhost [127.0.0.1])by  
>> stargate.binaryfreedom.info (Postfix) with ESMTP id  
>> 2C0475419D;Tue, 22 Nov 2005 19:52:00 -0500 (EST)
>> Received: from stargate.binaryfreedom.info ([127.0.0.1])by  
>> localhost (stargate.binaryfreedom.info [127.0.0.1]) (amavisd- 
>> new,port 10024)with ESMTP id 25639-01; Tue, 22 Nov 2005 19:51:50  
>> -0500 (EST)
>> Received: from [127.0.0.1] (209-6-98-146.c3-0.wob-ubr3.sbo- 
>> wob.ma.cable.rcn.com[209.6.98.146])by stargate.binaryfreedom.info  
>> (Postfix) with ESMTP id BF00C54034;Tue, 22 Nov 2005 19:51:50 -0500  
>> (EST)
>> X-Message-Info: JGTYoYF78jGmv6T0JK0gGy+lZZ4AeY+/bvh5CXzmlN8=
>> X-Original-To: full-disclosure@lists.grok.org.uk
>> Delivered-To: full-disclosure@lists.grok.org.uk
>> User-Agent: Thunderbird 1.5 (Windows/20051025)
>> References:  
>> <[EMAIL PROTECTED]

>> > 
>> <[EMAIL PROTECTED]><6450e99d

>> [EMAIL PROTECTED]>
>> X-Virus-Scanned: by amavisd-new at stargate.binaryfreedom.info
>> X-BeenThere: full-disclosure@lists.grok.org.uk
>> X-Mailman-Version: 2.1.5
>> Precedence: list
>> List-Id: An unmoderated mailing list for the discussion of  
>> security issues
>> List-Unsubscribe: > disclosure>, > subject=unsubscribe>
>> List-Archive: 
>> List-Post: 
>> List-Help: > subject=help>
>> List-Subscribe: > disclosure>, > subject=subscribe>
>> Errors-To: [EMAIL PROTECTED]
>> Return-Path: [EMAIL PROTECTED]
>> X-OriginalArrivalTime: 23 Nov 2005 01:15:02.0075 (UTC) FILETIME= 
>> [543F20B0:01C5EFCB]
>>
>>
>>
>>
>>
>>
>>
>>
>> I agree that is how we did it 10 + years a go there were no  
>> courses, no
>> books, just BBS's with docs and ezines.
>>
>> and still the best way of doing it.
>>
>>
>>
>> Chris Fernandez
>>
>>
>>
>>
>>
>>
>>
>> Ivan . wrote:
>>
>>
>> nicely said.
>>
>> Set up your own lab at home, using vmware or alike and hack, crack  
>> all you like.
>>
>> On 11/22/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote:
>>
>>
>>
>> In my opinion all of the so called "hacking training" out there is
>> horrible and nothing more than a money grab.  Look at the SANS
>> courseware, it is out of date and shit. The best training is to read,
>> google, and play on your own.
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>> ___
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.c

RE: [Full-disclosure] Hacking Boot camps!

[Christopher Carpenter]

Some versions required a password to install.  The password was
"ChibaCity".

:)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
wilder_jeff Wilder
Sent: Tuesday, November 22, 2005 10:58 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Hacking Boot camps!


Speaking of script kiddie stuff... bbs's and the like...

anyone remember VCL?.. virus creation labratory?


-Jeff Wilder
CISSP,CCE,C/EH



-BEGIN GEEK CODE BLOCK-
  Version: 3.1
GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
G e* h--- r- y+++*
--END GEEK CODE BLOCK--





>From: ReK2GNULinux <[EMAIL PROTECTED]>
>To: "Ivan ." <[EMAIL PROTECTED]>
>CC: full-disclosure@lists.grok.org.uk
>Subject: Re: [Full-disclosure] Hacking Boot camps!
>Date: Tue, 22 Nov 2005 20:14:05 -0500
>MIME-Version: 1.0
>Received: from lists.grok.org.uk ([195.184.125.51]) by
mc10-f28.hotmail.com 
>with Microsoft SMTPSVC(6.0.3790.211); Tue, 22 Nov 2005 17:14:58 -0800
>Received: from lists.grok.org.uk (localhost [127.0.0.1])by 
>lists.grok.org.uk (Postfix) with ESMTP id 11F78FC2;Wed, 23 Nov 2005 
>01:14:26 + (GMT)
>Received: from 
>stargate.binaryfreedom.info(207-172-223-37.c3-0.wob-ubr3.sbo-wob.ma.cab
le.rcn.com[207.172.223.37])by 
>lists.grok.org.uk (Postfix) with ESMTP id B2903EA3for 
>;Wed, 23 Nov 2005 01:14:16 +
(GMT)
>Received: from localhost (localhost [127.0.0.1])by 
>stargate.binaryfreedom.info (Postfix) with ESMTP id 2C0475419D;Tue, 22
Nov 
>2005 19:52:00 -0500 (EST)
>Received: from stargate.binaryfreedom.info ([127.0.0.1])by localhost 
>(stargate.binaryfreedom.info [127.0.0.1]) (amavisd-new,port 10024)with 
>ESMTP id 25639-01; Tue, 22 Nov 2005 19:51:50 -0500 (EST)
>Received: from [127.0.0.1] 
>(209-6-98-146.c3-0.wob-ubr3.sbo-wob.ma.cable.rcn.com[209.6.98.146])by 
>stargate.binaryfreedom.info (Postfix) with ESMTP id BF00C54034;Tue, 22
Nov 
>2005 19:51:50 -0500 (EST)
>X-Message-Info: JGTYoYF78jGmv6T0JK0gGy+lZZ4AeY+/bvh5CXzmlN8=
>X-Original-To: full-disclosure@lists.grok.org.uk
>Delivered-To: full-disclosure@lists.grok.org.uk
>User-Agent: Thunderbird 1.5 (Windows/20051025)
>References: 
><[EMAIL PROTECTED]>
<[EMAIL PROTECTED]><6450e99d051
[EMAIL PROTECTED]>
>X-Virus-Scanned: by amavisd-new at stargate.binaryfreedom.info
>X-BeenThere: full-disclosure@lists.grok.org.uk
>X-Mailman-Version: 2.1.5
>Precedence: list
>List-Id: An unmoderated mailing list for the discussion of security 
>issues
>List-Unsubscribe: 
>, 
>
>List-Archive: 
>List-Post: 
>List-Help:

>List-Subscribe: 
>, 
>
>Errors-To: [EMAIL PROTECTED]
>Return-Path: [EMAIL PROTECTED]
>X-OriginalArrivalTime: 23 Nov 2005 01:15:02.0075 (UTC) 
>FILETIME=[543F20B0:01C5EFCB]
>
>
>
>
>
>
>
>
>I agree that is how we did it 10 + years a go there were no courses, no
>books, just BBS's with docs and ezines.
>
>and still the best way of doing it.
>
>
>
>Chris Fernandez
>
>
>
>
>
>
>
>Ivan . wrote:
>
>
>nicely said.
>
>Set up your own lab at home, using vmware or alike and hack, crack all
you 
>like.
>
>On 11/22/05, InfoSecBOFH <[EMAIL PROTECTED]> wrote:
>
>
>
>In my opinion all of the so called "hacking training" out there is
>horrible and nothing more than a money grab.  Look at the SANS
>courseware, it is out of date and shit. The best training is to read,
>google, and play on your own.
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
>
>
>--
>  ---
>| I WON'T TRADE HUMANISM FOR PATRIOTISM |
>  ---
>dias que se acuesta uno sin aprender algo es un dia malgastado
>Microsoft is not the answer, Microsoft is the question, the answer is
no.
>gtalk: [EMAIL PROTECTED]
>jabber: [EMAIL PROTECTED]
>
>
>


>___
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/


___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosu

RE: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit Info

[Christopher Carpenter]

Hi Jason, Paul:

While Jason's point may _currently_ be valid in reference to
programmers, legislation like Sarbanes-Oxley is reiterating individual
accountability for auditors and executives.  We may see a trickle-down
effect to lower level management and/or project managers if other
corporations infringe on personal liberties or "pull a Sony."

Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jason
Coombs
Sent: Tuesday, November 22, 2005 12:13 PM
To: Paul Schmehl
Cc: [EMAIL PROTECTED]; bugtraq@securityfocus.com;
full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit
Info

Paul Schmehl wrote:
> So, all those corporate execs walked out of the court house in
handcuffs 
> weren't really going to jail?

There's a huge difference between a financial crime committed by an 
individual and a crime committed by a corporation.

Let me know if the distinction confuses you and we'll discuss this more 
privately. You are aware that not every action of a person employed by a

corporation is considered an action of the individual, right?

No individual programmer who writes spyware will ever be prosecuted for 
doing his or her job on behalf of a corporation. No exec who instructs 
said programmer to author said spyware will ever have personal criminal 
liability for giving said instruction.

If you don't like the world you live in, change it or get out.

Regards,

Jason Coombs
[EMAIL PROTECTED]
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Google Base

[Christopher Carpenter]

I think you misunderstood me.  Google (the search engine) indexes
information and (usually) doesn't discriminate when it comes to the type
of information.  That's why, with the appropriate syntax, it's not
difficult to find credit card numbers, password files, and vulnerable
applications.

Google Base (the database engine) has a different ToS, and it appears
that uploaded content will be monitored/filtered/whatever.  So while you
can find hacking-related material with the search engine, Google won't
host it for you on Google Base.

Cheers.

C
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael
Holstein
Sent: Friday, November 18, 2005 9:53 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Google Base

> Except anything broadly defined as "hacking-related" is forbidden by
the
> Google Base ToS:

Uh huh .. then why does searching for password files work so well on
Google?

A set of rainbow tables isn't "hacking related" per se .. it's just a 
list paired values that has legitimate research purposed (eg: hash 
collisions).

~Mike.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Google Base

[Christopher Carpenter]

Except anything broadly defined as "hacking-related" is forbidden by the
Google Base ToS:

"Posting is not permitted for the promotion of hacking or cracking. For
example, items must not provide instructions or equipment to illegally
access or tamper with software, servers, or websites."

From: http://base.google.com/base/base_policies.html

Chris

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Petko
Petkov
Sent: Friday, November 18, 2005 3:29 AM
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: [Full-disclosure] Google Base

OK, I need to start this subject since nobody else has discussed
anything yet on the mailing list. Do you guys know about Google Base?:
Google our big hacker friend that helps us to find malicious scripts and
open proxies just like that. Well, Google has a new service: Google
Base. And there are many cool stuff that you can do with it.

First of all I would like to mention that Google Base is sort of
database where you can put whatever information you want: you can blog,
you can post your advisories there, you can write awesome worms that
upload and read commands from there, you can even use it as the biggest
rainbow table in the world that can crack any hash in less than a
second. check it out: http://base.google.com

I was playing around with goggle base and I must say I am quite
impressed and in the same time scared to death. Goggle base is the most
amazing thing I have seen for a while and it can be used for many
different things.

Now here is a list that I built for you how to use goggle base for your
own good:

* Brute forcer - massive storage for mare mortals.
* Keep your exploits
* Keep your code fragments
* Keep your advisories and security notes
* Log there :)
* Write a book (Goggle Book) :)
* You can write even a Game Book.
* Write a game and store its data on goggle base
* Use it to hold your secret hacker tools (with encryption) :) just
joking
* Make a goggle base forum
* Make a security list

If you have more ideas how to use and abuse goggle base service, just
contribute to the thread. Of course we all have to be responsible. This
is the reason why I believe that this early notice about goggle base
power is fair enough.

Cheers
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] Meeting Room Names

[Christopher Carpenter]

One of my favorite movies, ever.  And you owe me a keyboard, because I
just shot Coke out of my nose. :)

C

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of bkfsec
Sent: Wednesday, November 09, 2005 8:33 AM
To: Native.Code
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Meeting Room Names

Native.Code wrote:

> Something not related to vulnerabilities you guys are requested to 
> suggest names for our meeting rooms. We don't want to call them with 
> sad names like Room A, Board Room etc. but something interesting.
>  
> We work in IT security area like you. A room with which name will you 
> like to have your meeting in?
>
>  
>
Well, if we're talking ideal... I'd like to see someone implement the 
names of the Hells references in Big Trouble in Little China...

"We'll meet in the Hell of Hanging Bodies today."  "OK, or check into a 
psycho ward, whichever comes first."

  -bkfsec



___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

RE: [Full-disclosure] http://molecularmultimedia.com/

[Christopher Carpenter]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, October 04, 2005 10:52 AM
To: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] http://molecularmultimedia.com/

http://molecularmultimedia.com/x.chm

x.chm contains money.exe (needs to be added to virusscanners)

I don't have time to analyze the file, but it is attached here in a zip
file. Password to extract is 'money'. Anyone want to run some analysis?




>From VirusTotal.com:

Antivirus   Version Update  Result
AntiVir 6.32.0.610.04.2005  no virus found
Avast   4.6.695.0   09.30.2005  no virus found
AVG 718 10.04.2005  no virus found
Avira   6.32.0.610.04.2005  no virus found
BitDefender 7.2 10.04.2005
BehavesLike:Trojan.FirewallBypass
CAT-QuickHeal   8.0010.04.2005  (Suspicious) - DNAScan
ClamAV  devel-20050917  10.04.2005  no virus found
DrWeb   4.32b   10.02.2005  no virus found
eTrust-Iris 7.1.194.0   10.04.2005  no virus found
eTrust-Vet  11.9.1.010.04.2005  no virus found
Fortinet2.48.0.010.04.2005  BDoor.BAC-bdr
F-Prot  3.16c   10.04.2005  no virus found
Ikarus  0.2.59.010.04.2005  no virus found
Kaspersky   4.0.2.2410.04.2005
Trojan-Proxy.Win32.Agent.gx
McAfee  459610.04.2005  BackDoor-BAC.dr
NOD32v2 1.1241  10.04.2005  no virus found
Norman  5.70.10 10.04.2005  no virus found
Panda   8.02.00 10.04.2005  no virus found
Sophos  3.98.0  10.04.2005  no virus found
Symantec8.0 10.04.2005  Backdoor.Haxdoor.F
TheHacker   5.8.2.117   10.03.2005  no virus found
VBA32   3.10.4  10.04.2005  Trojan-Proxy.Win32.Agent.gx

>From the Norman Sandbox:

Norman Scanner Engine 5.83.  7
Sandbox 05.83, dated 27/08-2005

Your message ID (for later reference): 20051005-004

money.exe : Not detected by sandbox (Signature: NO_VIRUS)  [ General
information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [EMAIL PROTECTED] -
REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 8605 bytes.

 [ Changes to filesystem ]
* Creates file sksdll.dll.
* Creates file sksdrvr2.sys.

 [ Changes to registry ]
* Creates key "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\sksdll".
* Sets value "DllName"="sksdll.dll" in key
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\sksdll".
* Sets value "Startup"="sksdll" in key
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\sksdll".
* Sets value "Impersonate"=" " in key
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\sksdll".
* Sets value "Asynchronous"=" " in key
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\sksdll".
* Sets value "MaxWait"=" " in key "HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\sksdll".
* Creates key "HKLM\System\CurrentControlSet\Services\sksdrvr2".
* Sets value "ImagePath"="sksdrvr2.sys" in key
"HKLM\System\CurrentControlSet\Services\sksdrvr2".
* Sets value "DisplayName"="USB sksDRVR2" in key
"HKLM\System\CurrentControlSet\Services\sksdrvr2".

 [ Process/window information ]
* Creates service "sksdrvr2 (USB sksDRVR2)" as "sksdrvr2.sys".


(C) 2004 Norman ASA. All Rights Reserved.
The material presented is distributed by Norman ASA as an information
source only.

Sent by [EMAIL PROTECTED] to sandbox.
Received 5.Oct 2005 at 00.03 - processed 5.Oct 2005 at 00.03.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/