Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
On Fri, 2006-05-26 at 10:22 +0100, Justin Mason wrote: (volume of accounts in thousands). However that's from 7 years ago :( There may be more recent figures but a quick google can't find 'em. Wikipedia has some good ones on the 'Bank' page: -- James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: https://www.bsrf.org.uk ~ http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Re: [General-discussion] Graph analysis of stolen credit cards
On Fri, 2006-05-26 at 12:49 +0100, James Eaton-Lee wrote: On Fri, 2006-05-26 at 10:22 +0100, Justin Mason wrote: (volume of accounts in thousands). However that's from 7 years ago :( There may be more recent figures but a quick google can't find 'em. Wikipedia has some good ones on the 'Bank' page: And the link, since I'm evidently twitchy about hitting 'send' today.. http://en.wikipedia.org/wiki/Bank#Bank_Size_Information I'm actually interested as to the source of the original data - since these are cards stolen by one carding forum, how representative are they of card theft globally.. - James. -- James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: https://www.bsrf.org.uk ~ http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] bypassing Windows Domain Group Policy Objects
On Thu, 2006-04-27 at 10:37 -0400, Michael Holstein wrote: Other possible solution, cripple gpupdate.exe (XP) or secedit.exe (2K) through permissions (eg: remove 'localsystem:execute'). Deleting them will just trigger WFP to replace. gpupdate and secedit are both just applications that interface with the Group Policy engine to make changes to the way in which they operate; the GPE is part of Winlogon, and uses a number of client side extensions to make changes in the file system, registry, etc. I very much doubt if denying access to them would prevent group policy from working. You could attempt to do something with some of the Client Side Extensions, such as scecli.dll, which is the dll which handles security settings, but I can't find anyone having done anything similar online; my guess is that the Group Policy Architecture was designed specifically to prevent this sort of thing from being easily do-able. It might be worthwhile seeing if anyone who spends a lot of time thinking about lots of this sort of thing within the context of Windows (such as some of the guys from rootkit.com) has any ideas if you're particularly interested. To be honest, if you really wanted to kill group policy, the easiest thing to do would probably be to just firewall the host in question in order to prevent any GPOs from being downloaded from the Domain Controller in the first place. I may be wrong however - anyone who knows otherwise, please feel free to enlighten me! How Core Group Policy Works http://technet2.microsoft.com/WindowsServer/en/Library/eb0042e3-699b-4c49-abcc-e3526dbecc0e1033.mspx has quite a good overview of how Group Policy functions. - James. -- James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: https://www.bsrf.org.uk ~ http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Phishing Alert: Inland Revenue Service
On Wed, 2005-12-14 at 14:08 -0600, womber wrote: Who is the Inland Revenue service? The Inland Revenue is what we've referred to our equivalent of the (american) IRS as since 1849, when it was formed as part of the Inland Revenue Board Act. (http://en.wikipedia.org/wiki/Inland_Revenue) In April it became HM Revenue and Customs (http://www.hmrc.gov.uk/menus/aboutmenu.htm), so techically it no longer exists. What if I already paid the Coastal Revenue service. Then, chances are, you were taken in by a phishing attack, because as far as I'm aware, no such organisation exists. :P - James. -- James (njan) Eaton-Lee | 10807960 Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: http://www.bsrf.org.uk - http://www.security-forums.com ca:https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-Disclosure] Return of the Phrack High Council
On Mon, 2005-11-28 at 14:43 +, dead troll wrote: Maybe he took the site down with his l33t h4x0r skillz, or one of his 'contacts' did lol Or it could be that there's a a single quote in the URL that Morning Wood posted, which the webserver doesn't appear to be sanitising (this would be why Michael Holstein has made a comment about SQL Injection) and is making the SQL server spit back an error... - James. On 11/28/05, Michael Holstein [EMAIL PROTECTED] wrote: http://www.snappoll.com/view_results.php?poll_id='50150 Database error: Invalid SQL: SELECT * FROM polls WHERE poll_id='50150 MySQL Error: 1064 (You have an error in your SQL syntax near ''50150' at line 1) Session halted. Sounds like a SQL injection test-site to me ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- James (njan) Eaton-Lee | 10807960 Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: http://www.bsrf.org.uk - http://www.security-forums.com ca:https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Return of the Phrack High Council
I don't really want to feed the trolls any more than we as a list already have, but for your benefit, n3td3v, and in the hope that either the list will have some of their concerns allayed or you'll realise where you're going wrong... On Fri, 2005-11-25 at 14:58 +, n3td3v wrote: Youre playing with fire. Fire that cannot be put out with words but only inflame the situation of which you are misinformed. Your opinion is noted, yet you dont have a right to gag my opinion just because you don't agree with it. He didn't try to, he asked you some questions. I have more right to be on a security list than random people like you who have never contributed security related information to the international security community, or have a mailing list of your own, and helped vendors behind the scenes to protect their security from script kids who wish to destroy it. Talking about inflaming the situation in one breath and telling someone you have more right to be here than they do in another doesn't help either - you should realise this. I have done all above listed and continue to do so. If anyone is trolling, its individuals such as yourself and infosecbofh who have expressed their hatred for me and my underground security group in public. Finally, is your web site very secure? Best go check Last first, making threats doesn't help either - again, you say two things in one breath - you proclaim yourself as a fantastic, righteous member of the community and also make veiled threats about other peoples computer systems. I think the majority of people on this list who have an unfavourable reaction to you have it for the following reasons: * You've never provided any concrete indication that you have any technical knowhow (I've never read a post of yours on a technical topic) * You (unlike most people who work in corporate security) are falling for the trao of hiding behind an alias rather than using your real name. * Your spelling, punctuation, and grammar (for someone who claims to work in corporate security and have years of experience) is terrible. * Your understanding of how corporate security actually works and how the security community structured are both fundamentally flawed. * You make grandiose allusions to things you know and conversations/relationships/organisations you're privy to, almost all of which are entirely unsubstantiated. * You have a website hosted on geocities which has content which is, at best, utterly laughable. * You are inconsistent and hypocritical (one example being the fact that you did indeed announce to the list that you were dead and going to change alias, and have since - as far as we can see - dropped that). The overwhelming impression that I get from you, coming from someone who has seen both sides of the security world, and as someone who does work, professionally, in information security with large organisations, is that you're pretentious, fake, and contrived. Frankly, based on your posts and your website, I get the distinct impression that you're about 15. I'm not trying to attack you in any way, but as someone who I feel is at least reasonably representative of a substantial proportion of the list, I think this is probably a fairly un-unique perspective. If you genuinely want to be taken seriously and really do want to participate, I'd suggest that you either amend your ways, answer some of our questions, or stop biting the trollfood. Chances are that if you are 'just some kid' someday, you may want to work in IT. It'd probably be in your interest in this case to distance yourself from 'n3td3v', find an alias (completely disassociated) to use (or, if you're brave enough, start using your real name), and heed some of the advice you've been (with varying degrees of kindness) given. Even if you don't have the inclination (or ability) to reply sensible, you might want to at least try and take some of this in! You're welcome to message me offlist if you're so inclined and have questions. - James. On 11/25/05, Cassidy Macfarlane [EMAIL PROTECTED] wrote: OK, OK, I ignored the troll earlier about Schneier, but please *don't* now start having a go at Phrack ffs. I thought that you had killed off the n3td3v 'personality'? I realise I am writing a personal opinion email with no new security info, But there was no point in you adding your 0.02p to this discussion. 'outdated'??? Have you read 'smashing the stack'? No? Thanks for playing. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- James (njan) Eaton-Lee | 10807960 Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: http://www.bsrf.org.uk - http://www.security-forums.com ca:https://www.cacert.org/index.php?id=3 smime.p7s Description: S/MIME cryptographic signature
Re: [Full-disclosure] Return of the Phrack High Council
On Fri, 2005-11-25 at 16:24 +, n3td3v wrote: snip Last first, making threats doesn't help either - again, you say two things in one breath - you proclaim yourself as a fantastic, righteous member of the community and also make veiled threats about other peoples computer systems. There was no threat. I asked if their web site was very secure. No remark on anyone compromising any computer systems related to the person. I never said that there was a 'threat', I said that it came across as a 'veiled threat'. Making ambiguous remarks about the security of someone's webserver after having what amounts to an argument with them and ending it with an imperative that they ensure it ('Best go check') certainly comes across as a veiled threat to me. The best mental check in situations like this is to ask whether or not if the conversation in question came up in court, a jury would conclude that the remark was indicative of a threat (or motive) or not, and I think here the clear answer is yes. You're free to disagree - as I pointed out, the intention of my message was either to ensure that the list [would] have some of their concerns allayed (through the answers to the questions I posed you) or to help you in [realising] where you're going wrong. I think the majority of people on this list who have an unfavourable reaction to you have it for the following reasons: I don't care why they unfavour... infact I forget about haters within seconds The overwhelming impression I get with regard to this (from the number of replies you make to people who are 'haters', and the veracity with which you try to hammer home your point and insult them) is that this is absolutely not the case. * You've never provided any concrete indication that you have any technical knowhow (I've never read a post of yours on a technical topic) I wasn't aware I had to prove myself As I'm sure you would have been quick to point out were I to tell you you did, you don't have to do anything. Again, my point in e-mailing you (and the list) was to try to bring some element of resolution to all of this. One recurring theme of virtually every e-mail that's been sent about you on this list is the complete lack of respect that (as far as I can see) everyone who's expressed an opinion has for you - given that I'm sure in some respect you'd rather have respect at least from those you had respect for onlist, I can't see how this is a bad thing for you. I'm sure you can counter with some remark about the respect you have from people who don't post to the list - but such a remark doesn't do anything other than save (well, actually, maintain) face for you, and as the point here is about *ameliorating* the opinion people have of you, maintaining the existing situation isn't much help if it's all you do. For my own selfish aims, I like life much better when everyone gets along (it makes me happy), so I'd rather we were all friends. Or at the least, kept our bitching to ourselves / conducted it in private channels. * You (unlike most people who work in corporate security) are falling for the trao of hiding behind an alias rather than using your real name. Theres common sense reasons for using an alias, it doesnt mean youre malicious. I never said it did - my basic point was that there tends to be a pattern amongst people who work in Information Security and have more contact with corporations of not hiding about silly aliases, because (in general) the impression that anyone working 'professionally' has is that it's unprofessional. Again, this is all about impression and I'm trying here to help you improve the impression others have of you, and I think this is a key point. Speaking personally, I have an alias (which you appear to have found already - unsurprising since it's in my signature and appears if you google for my name) which I've used for quite some time (and still use, as a nickname), but I make no attempt to hide my real name and haven't for quite some time. One important point about this is that aliases are to some extent disposable, and those who use them don't have a lot to risk in that they can wipe the alias afresh and start anew. Aside from those amongst us who just don't care what others think, a name is permanent, and any remarks you make (and impressions you form) under your real name have a long shelf life, especially on a mailing list like this. I know for a fact that this post (along with every other I've made to this and similar lists) will be kicked up when any employer I go to work for does an obligatory google of my name. This permanence factor (in my opinion) tends to make people listen to you more, since there's an unspoken assumption that anyone posting something under their real name is doing so understanding what I've just explained, rather than knowing that their comments don't really matter, aren't representative of them, etc. There is also the general correlation between
Re: [Full-disclosure] Database servers on XP and the curious flaw
On Wed, 2005-11-16 at 12:20 -0700, Dave King wrote: While it still may not be millions of people several products come bundled with the desktop edition of SQL Server 2000, and I'm sure many will come with SQL Server 2005 Express. As far as I can tell by reading the paper (but not testing it myself) these are probably vulnerable as well if the configuration allows the guest account access to the database. Microsoft SQL Server 2000 - By default, Microsoft SQL Server 2000 is not vulnerable. Like Oracle, SQL Server authenticates the client using the NTLM SSPI AcceptSecurityContext() function and the user is logged on as Guest, however, as SQL Server requires that a specific user be granted access, the remote user can log in – by default SQL Server doesn’t allow Guest access to the database server. If, for whatever reason, someone has granted either the Guest account or the built-in Guests group access to the SQL Server then a remote user without valid credentials will gain access. I may be wrong, but I'd assume that the way in which SQLDE authenticates is similar to MSSQL and therefore isn't affected by this... feel quite free to correct me, because I don't claim to be an expert on the DE version of SQL! :) This of course wouldn't be the case for databases bundled with insecure permissions (as vendors are apt to do), and that'd probably be what I'd worry about most in these situations. - James. Dave King http://www.thesecure.net To be honest I don't think we're talking millions of people. How many people at home run a fully fledged RDBMS on their XP systems? Very few I'd guess. Besides, Simple File Sharing is documented so MS are educating those willing to seek information. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Enough's enough...
On Mon, 2005-11-14 at 12:24 -0800, Bart Lansing wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Y'know...I usually take what you have to say with a grain of salt...and maybe a few grains of pain killer...and let it go, but enough already. If it wasn't for me you wouldn't have an internet to sent your packets on right now?? There have been a few individuals whose contributions to this list struck me as being of questionable worth, but you are the first I have felt the need to expend the trivial efforts to filter. Congratulations and goodbye. On a sort of side point, I've recently started using the highlight feature in evolution to apply colours to incoming mail where the 'sender' matches certain criteria - doing this lets me assign a pleasant (but obvious) colour to people I know and/or whose postings are interesting (respectively red and redorange), and a vile colour to those whose postings are silly/downright stupid (respectively forest green and lime green). Doing this, I've found, gives me a great indicator as to the qualities of a thread - a large amount of either colour clearly indicates the general tone of the thread (and a large amount of both tends to indicate a 'hot topic'). Suffice it to say that unless looking for a comedy moment in my afternoon, I tend to ignore those putrid green threads and head straight for a red. Particularly for high-volume lists like this one and security basics, I find that this method pays dividends! - James. On Sun, 13 Nov 2005 17:02:39 -0800 n3td3v [EMAIL PROTECTED] wrote: Yet another fuckwit basing their opinion on someone they don't know. If it wasn't for me you wouldn't have an internet to sent your packets on right now. You take people at face value instead of getting to know them first. Read my research paper on Hackers Today and you might learn something. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hackers Tomorrow
On Tue, 2005-11-15 at 10:38 -0500, Scott T. Cameron wrote: On Tue, Nov 15, 2005 at 09:24:50AM -0600, n3td3v n3td3v wrote: know need to give your name. I know it already youz all dont get how powerful i am. Who said British humour was dead? It's not dead, it's just resting. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Enough's enough...
On Mon, 2005-11-14 at 01:02 +, n3td3v wrote: Yet another fuckwit basing their opinion on someone they don't know. If it wasn't for me you wouldn't have an internet to sent your packets on right now. You take people at face value instead of getting to know them first. Oh no, guys! He's following through on his threats and taking the internet down, one page at a time! By tomorrow there'll be nothing left! The web site you are trying to access has exceeded its allocated data transfer. Visit our help area for more information. (http://www.geocities.com/n3td3v/home/hackerstoday.html) (Quick, to the batcave, Robin - better get your 'corporate backing' at yahoo to up your geocities bandwidth allowance!) Read my research paper on Hackers Today and you might learn something. I tried, but I can't - where would I buy a printed copy from? - James. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] RE: Full-Disclosure Digest, Vol 9, Issue 3
On Sat, 2005-11-05 at 14:49 -0800, Brian Dessent wrote: snip Don't security professionals know how to use email for god's sake? Hi! You must be new to the list - little tip, but keep it to yourself; Full Disclosure isn't entirely populated by security professionals ;) /flippancy - James. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Security, Hacking Social Engineering Presentation.
On Mon, 2005-10-31 at 10:48 -0600, Todd Towles wrote: Step 1 - Go to Google. Step 2 - Search for filetype:pdf Insert Subject Step 3 - Repeat Step 1 and Step 2 for all subjects needed. Step 4 - Remember to get quote sources for all work as a responsible researcher. Step 5 - http://www.guidoz.com/tryhere.jpg - and remember it. Or, use google scholar. (http://scholar.google.com/) - it's great for this sort of thing. - James. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Sent: Monday, October 31, 2005 10:30 AM To: Emmanuel Goldstein Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Security,Hacking Social Engineering Presentation. Problems with your post: A. Emmanuel Goldstein is already taken. Please don't use other people's handles. (http://en.wikipedia.org/wiki/Emmanuel_Goldstein) B. You cross-posted to crap loads of lists. This is really annoying. C. Why would we give you our presentations that we worked hard on just so you can plagarize to make your deadline? Perhaps you should have planned ahead to have the material put together by now. that is all. tim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/